0
|
1 /*
|
|
2 * CDDL HEADER START
|
|
3 *
|
|
4 * The contents of this file are subject to the terms of the
|
|
5 * Common Development and Distribution License, Version 1.0 only
|
|
6 * (the "License"). You may not use this file except in compliance
|
|
7 * with the License.
|
|
8 *
|
|
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
|
10 * or http://www.opensolaris.org/os/licensing.
|
|
11 * See the License for the specific language governing permissions
|
|
12 * and limitations under the License.
|
|
13 *
|
|
14 * When distributing Covered Code, include this CDDL HEADER in each
|
|
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
|
16 * If applicable, add the following below this CDDL HEADER, with the
|
|
17 * fields enclosed by brackets "[]" replaced with your own identifying
|
|
18 * information: Portions Copyright [yyyy] [name of copyright owner]
|
|
19 *
|
|
20 * CDDL HEADER END
|
|
21 */
|
|
22 /*
|
|
23 * ident "@(#)HelpData.java 1.3 05/06/24 SMI"
|
|
24 *
|
|
25 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
|
|
26 * Use is subject to license terms.
|
|
27 */
|
|
28
|
|
29 import java.util.ListResourceBundle;
|
|
30
|
|
31 // On-line spot help. Defined as strings of a "contents" object.
|
|
32
|
|
33 public class HelpData extends ListResourceBundle {
|
|
34 public Object [][] getContents() {
|
|
35 return contents;
|
|
36 }
|
|
37
|
|
38 static final Object [][] contents = {
|
|
39
|
|
40 //
|
|
41 // Main Login Panel
|
|
42 //
|
|
43
|
|
44 {"MainLoginPanel",
|
|
45 // Not currently available in GUI
|
|
46 "This window enables you to log in and use the SEAM Administration"
|
|
47 +"Tool. The default information that initially fills in the fields"
|
|
48 +" is read from the system's /etc/krb5/krb5.conf file (except"
|
|
49 +" for the principal name)."},
|
|
50
|
|
51
|
|
52 {"LoginName",
|
|
53 "The principal name to log in with (without realm included)."
|
|
54 +"In order to use the SEAM Administration Tool, your principal"
|
|
55 +" must have the appropriate privileges specified in the master"
|
|
56 +" KDC's kadm5.acl"
|
|
57 +" file.\n"
|
|
58 +" \n"
|
|
59 +"The default principal name consists of your user name with the"
|
|
60 +" 'admin' instance appended. For example, 'jdb/admin'."},
|
|
61
|
|
62
|
|
63 {"LoginPass",
|
|
64 "The password for the principal."},
|
|
65
|
|
66
|
|
67 {"LoginRealm",
|
|
68 "The Kerberos realm, which is similar to a DNS domain."
|
|
69 +"In most cases, the realm name is your domain name, and it should"
|
|
70 +" be upper-case. For example, 'MTN.ACME.COM'.\n"
|
|
71 +" \n"
|
|
72 +"Each realm has one master KDC and may include slave"
|
|
73 +" KDCs that contain read-only copies of the master."
|
|
74 +"The default realm is read from the system's"
|
|
75 +" /etc/krb5/krb5.conf file."},
|
|
76
|
|
77
|
|
78 {"LoginServer",
|
|
79 "The master KDC where the Kerberos administration server, kadmind,"
|
|
80 +" is running and where the KDC (Key Distribution Center) is located."
|
|
81 +"You must provide a fully-qualified host name for the master KDC.\n"
|
|
82 +" \n"
|
|
83 +"The default admin server is read from the"
|
|
84 +" system's /etc/krb5/krb5.conf file."},
|
|
85
|
|
86
|
|
87 {"LoginOK",
|
|
88 "Checks the information"
|
|
89 +" in this window, and if valid, logs you into the tool."},
|
|
90
|
|
91
|
|
92 {"LoginStartOver",
|
|
93 "Resets all fields in this window to their initial"
|
|
94 +" settings (when the tool was started)."},
|
|
95
|
|
96
|
|
97 //
|
|
98 // Panel Tabs
|
|
99 //
|
|
100
|
|
101
|
|
102 {"PrincipalTab",
|
|
103 "Sends you to the list of principals. If you are currently"
|
|
104 +" working on a principal or policy and you've made"
|
|
105 +" changes, you'll be prompted to cancel or save"
|
|
106 +" the changes before being sent to Principal List panel."},
|
|
107
|
|
108
|
|
109 {"PolicyTab",
|
|
110 "Sends you to the list of policies. If you are currently working on a"
|
|
111 +" principal or policy and you've made changes, you'll be prompted to"
|
|
112 +" cancel or save the changes before being sent to Policy"
|
|
113 +" List panel."},
|
|
114
|
|
115
|
|
116
|
|
117 //
|
|
118 // Principal List Panel
|
|
119 //
|
|
120
|
|
121
|
|
122 {"PrinListPanel",
|
|
123 // Not currently available in GUI
|
|
124 "This panel enables you to select a principal from the list to modify,"
|
|
125 +" delete, and duplicate. You can also create a new principal.\n"
|
|
126 +" \n"
|
|
127 +" principal is an entity to which tickets may be assigned, generally"
|
|
128 +" of the form <primary>/<instance>@<REALM>. For example,"
|
|
129 +" jdb/admin@MTN.ACME.COM.\n"
|
|
130 +" \n"
|
|
131 +" display a specific principal or"
|
|
132 +" sublist of principals, enter a filter string in the Filter Pattern"
|
|
133 +" field and press"
|
|
134 +" return.\n"
|
|
135 +" \n"
|
|
136 +"To perform an operation on a principal, select it from the list and"
|
|
137 +" click the appropriate button. To create a new principal, click"
|
|
138 +" Create New."},
|
|
139
|
|
140
|
|
141 {"PrList",
|
|
142 "Displays all the available principals in the specified realm.\n"
|
|
143 +" \n"
|
|
144 +"To select a principal, click on its name in the list;"
|
|
145 +" double-clicking on a principal is equivalent to selecting"
|
|
146 +" the principal and clicking Modify."},
|
|
147
|
|
148
|
|
149 {"PrNoList",
|
|
150 "This list panel is blank when you don't have list privileges"
|
|
151 +" or you've chosen not to show lists."},
|
|
152
|
|
153
|
|
154 {"PrListPattern",
|
|
155 "Enables you to apply a filter on the available principals to"
|
|
156 +" display a particular principal or sublist of principals."
|
|
157 +"The filter string you enter may consist of one or more"
|
|
158 +" characters. And, because the filter mechanism is case"
|
|
159 +" sensitive, you need to use the appropriate upper-case and"
|
|
160 +" lower-case letters for the filter.\n"
|
|
161 +" \n"
|
|
162 +"For example, entering 'user' for the filter would match"
|
|
163 +" and display principals such as 'enguser', 'user1',"
|
|
164 +" and 'useradmin'.\n"
|
|
165 +" '\n"
|
|
166 +"To display a particular principal or sublist of"
|
|
167 +" principals, enter a filter string and press return.\n"
|
|
168 +" \n"
|
|
169 +"To display the entire list of principals, click Clear"
|
|
170 +" Filter(or clear the Filter Pattern field and press return)."},
|
|
171
|
|
172
|
|
173 {"PrNameNoList",
|
|
174 "When the principal list is not displayed,"
|
|
175 +" you must enter principal names in this field to perform"
|
|
176 +" operations on them. Entering a name is equivalent to selecting"
|
|
177 +" an item from the principal list in normal operation.\n"
|
|
178 +" \n"
|
|
179 +"To clear the principal entry, click Clear Name (or clear the"
|
|
180 +" Name field and press return)."},
|
|
181
|
|
182
|
|
183 {"PrListClear",
|
|
184 "Clears the filter and displays the full list of available",
|
|
185 " principals."},
|
|
186
|
|
187
|
|
188 {"PrNoListClear",
|
|
189 "Clears the Name field."},
|
|
190
|
|
191
|
|
192 {"PrListModify",
|
|
193 "Opens a series of panels that enable you to modify the selected"
|
|
194 +" principal, such as the principal's password, expiry date,"
|
|
195 +" and policy."},
|
|
196
|
|
197
|
|
198 {"PrListAdd",
|
|
199 "Opens a series of panels that enable you to create a new principal."
|
|
200 +" The panels will have some of the fields already filled in with"
|
|
201 +" default values, which you can set up by choosing Properties from"
|
|
202 +" the Edit menu.\n"
|
|
203 +" \n"
|
|
204 +"The Duplicate button performs the same function; however,"
|
|
205 +" instead of the fields filled in with default values, the fields"
|
|
206 +" are filled in with the same values as the selected principal."},
|
|
207
|
|
208
|
|
209 {"PrListDelete",
|
|
210 "Deletes the selected principal from the Kerberos realm. The deleted"
|
|
211 +" principal can no longer be assigned Kerberos tickets."},
|
|
212
|
|
213
|
|
214 {"PrListDuplicate",
|
|
215 "Opens a series of panels that enable you to duplicate the selected"
|
|
216 +" principal. The panels will have the fields already filled in"
|
|
217 +" with the same values as the selected principal,"
|
|
218 +" except for the principal's name and password."
|
|
219 +"You can use this button to quickly create a new principal using "
|
|
220 +" another principal as a template.\n"
|
|
221 +" \n"
|
|
222 +"The Create New button performs the same function; however,"
|
|
223 +" instead of"
|
|
224 +" the fields filled in with the same values as the selected"
|
|
225 +" principal, the fields are filled in with default values."},
|
|
226
|
|
227
|
|
228
|
|
229 //
|
|
230 // Principal Basics Panel
|
|
231 //
|
|
232
|
|
233
|
|
234 {"PrincipalBasicsPanel",
|
|
235 // Not currently available in GUI
|
|
236 "This panel enables you to specify the basic attributes for a"
|
|
237 +" principal."},
|
|
238
|
|
239
|
|
240 {"PrName",
|
|
241 "The name of the principal (the <primary>/<instance> part of a"
|
|
242 +" fully-qualified principal name). A principal is a unique identity"
|
|
243 +" to which the KDC can assign tickets.\n"
|
|
244 +" \n"
|
|
245 +"If you are modifying a principal,"
|
|
246 +" you cannot edit a principal's name.\n"
|
|
247 +" \n"
|
|
248 +"For service (or host) principal names, the <primary> part must be"
|
|
249 +" the name of a service, such as 'host' for telnet and rsh"
|
|
250 +" services,'ftp', or 'nfs'."
|
|
251 +"The < instance > part must be the name of the system"
|
|
252 +" that requires Kerberos authentication for that service."
|
|
253 +"For example, 'host/denver.mtn.acme.com'.\n"
|
|
254 +" \n"
|
|
255 +"For user principal names, the < primary > part must be"
|
|
256 +" the name of the"
|
|
257 +" user."
|
|
258 +"The < instance > part is optional, but it can be a term used to"
|
|
259 +" describe the intended use for the principals, such as 'admin', or"
|
|
260 +" it can be the name of a system, which enables you to create"
|
|
261 +" different"
|
|
262 +" principals for the same user on a per-system basis."
|
|
263 +" For example, 'jdb/admin', 'jdb/denver@acme.com', or 'jdb'."},
|
|
264
|
|
265
|
|
266 {"PrComments",
|
|
267 "Comments related to the principal (for example,"
|
|
268 +" 'Temporary Account')."},
|
|
269
|
|
270
|
|
271 {"PrPolicy",
|
|
272 "A menu of available policies for the principal."},
|
|
273
|
|
274
|
|
275 {"PrPassword",
|
|
276 "The password for the principal."},
|
|
277
|
|
278
|
|
279 {"PrBasicRandomPw",
|
|
280 "Creates a random password for the principal and copies it into"
|
|
281 +" the Password field."},
|
|
282
|
|
283
|
|
284 {"PrinBasLastPrincipalChange",
|
|
285 "The date on which information for the principal was"
|
|
286 +" last modified."},
|
|
287
|
|
288
|
|
289 {"PrinBasLastChangedBy",
|
|
290 "The name of the principal who last modified the account for this"
|
|
291 +" principal."},
|
|
292
|
|
293 {"EncList",
|
|
294 "The encryption types that the principal's keys will be created with."
|
|
295 +" Use a white space to separate encryption types."
|
|
296 +" Leave blank if the default set of encryption types is desired."
|
|
297 +" Refer to krb5.conf for the available encryption types supported."
|
|
298 +" The default set of dialog choices can be over-ridden by defining"
|
|
299 +" supported_enctypes with the desired list of encryption types in"
|
|
300 +" the realm's section of krb5.conf."
|
|
301 +" \n"
|
|
302 +"Changing encryption types is only applicable when creating a"
|
|
303 +" principal or when changing a password. So a password must be"
|
|
304 +" accompanied with any encryption type changes."},
|
|
305
|
|
306 {"PrExpiry",
|
|
307 "The date and time on which the principal's account expires. When the"
|
|
308 +" account expires, the principal can no longer"
|
|
309 +" get a ticket-granting ticket (TGT) and may not be able to log in.\n"
|
|
310 +" \n"
|
|
311 +"To set up the account with no expiration date,"
|
|
312 +" enter the word 'never' in the field.\n"
|
|
313 +" \n"
|
|
314 +"To help create a formatted date and time entry, click the adjacent"
|
|
315 +" '...' button to bring up a helper."},
|
|
316
|
|
317
|
|
318 {"PrSave",
|
|
319 "Saves any changes you've made to the current principal."},
|
|
320
|
|
321
|
|
322 {"PrCancel",
|
|
323 "Discards all the changes you've made to the current principal"
|
|
324 +" and sends you back to the list of principals."},
|
|
325
|
|
326
|
|
327 {"PrBasicPrevious",
|
|
328 "Sends you back to the list of principals.\n"
|
|
329 +" \n"
|
|
330 +"Note that you must save or cancel any changes you've made to"
|
|
331 +" the current principal before you can go back to the list."},
|
|
332
|
|
333
|
|
334 {"PrBasicNext",
|
|
335 "Sends you to the next Principal Details panel that contains"
|
|
336 +" the password and ticket lifetime attributes for the principal."},
|
|
337
|
|
338
|
|
339
|
|
340 //
|
|
341 // Principal Detail Panel
|
|
342 //
|
|
343
|
|
344
|
|
345 {"PrincipalDetailPanel",
|
|
346 // Not currently available in GUI
|
|
347 "This panel enables you to specify the password and"
|
|
348 +" ticket lifetime attributes for the principal principal."},
|
|
349
|
|
350
|
|
351 {"PrinDetLastSuccess",
|
|
352 "The date and time when the principal last logged in successfully."},
|
|
353
|
|
354
|
|
355 {"PrinDetLastFailure",
|
|
356 "The date and time when the last login failure for the"
|
|
357 +" principal occurred."},
|
|
358
|
|
359
|
|
360 {"PrinDetFailureCount",
|
|
361 "The number of times that there has been a login failure"
|
|
362 +" for the principal."},
|
|
363
|
|
364
|
|
365 {"PrinDetLastPasswordChange",
|
|
366 "The date and time when the principal's password was "
|
|
367 +" last changed."},
|
|
368
|
|
369
|
|
370 {"PrPwExpiry",
|
|
371 "The date and time when the principal's current password"
|
|
372 +" will expire.\n"
|
|
373 +" \n"
|
|
374 +"To set up the password with no expiration date, enter the"
|
|
375 +" word 'never'in the field.\n"
|
|
376 +" \n"
|
|
377 +"To help create a formatted date and time entry, click the adjacent"
|
|
378 +" '...' button to bring up a helper."},
|
|
379
|
|
380
|
|
381 {"PrKvno",
|
|
382 "The key version number for the principal; this is normally"
|
|
383 +" changed only when a password has been compromised."},
|
|
384
|
|
385
|
|
386 {"PrMaxLifetime",
|
|
387 "The maximum length of time for which a ticket can be"
|
|
388 +" granted for the principal (without renewal).\n"
|
|
389 +" \n"
|
|
390 +"To help create a time duration in seconds, click the adjacent"
|
|
391 +" '...' button to bring up a helper."},
|
|
392
|
|
393
|
|
394 {"PrMaxRenewal",
|
|
395 "The maximum length of time for which an existing"
|
|
396 +" ticket may be renewed for the principal.\n"
|
|
397 +" \n"
|
|
398 +"To help create a time duration in seconds, click the adjacent"
|
|
399 +" '...' button to bring up a helper."},
|
|
400
|
|
401
|
|
402 {"PrDetailPrevious",
|
|
403 "Sends you back to the previous Principal Basics panel."},
|
|
404
|
|
405
|
|
406 {"PrDetailNext",
|
|
407 "Sends you to the next Principal Flags panel that contains"
|
|
408 +" security, ticket control, and miscellaneous attributes for"
|
|
409 +" the principal."},
|
|
410
|
|
411
|
|
412
|
|
413 //
|
|
414 // Principal Flags Panel
|
|
415 //
|
|
416
|
|
417
|
|
418
|
|
419 {"PrincipalFlagsPanel",
|
|
420 // Not currently available in GUI
|
|
421 "This panel enables you to specify the security, ticket control, and"
|
|
422 +" miscellaneous attributes for the principal."},
|
|
423
|
|
424
|
|
425 {"PrLockAcct",
|
|
426 "When checked, prevents the principal from logging in."
|
|
427 +" This is a easy way to temporarily freeze"
|
|
428 +" a principal account for any reason."},
|
|
429
|
|
430
|
|
431 {"PrForcePwChange",
|
|
432 "When checked, expires the principal's current password, forcing the"
|
|
433 +" user to use the kpasswd command to create a new password."
|
|
434 +" This is useful if"
|
|
435 +" there is a security breach and you need to make sure that old"
|
|
436 +" passwords are replaced."},
|
|
437
|
|
438
|
|
439 {"PrAllowPostdated",
|
|
440 "When checked, allows the principal to obtain postdated tickets.\n"
|
|
441 +" \n"
|
|
442 +"For example, you may need to use postdated tickets for cron jobs"
|
|
443 +" that need to run after hours and can't obtain tickets in"
|
|
444 +" advance because of short ticket lifetimes."},
|
|
445
|
|
446
|
|
447 {"PrAllowRenewable",
|
|
448 "When checked, allows the principal to obtain renewable tickets.\n"
|
|
449 +" \n"
|
|
450 +"A principal can automatically extend the expiration date or time of"
|
|
451 +" a ticket that is renewable (rather than having to get a new"
|
|
452 +" ticket after the first one expires). Currently, the NFS service"
|
|
453 +" is the only service that can renew tickets."},
|
|
454
|
|
455
|
|
456 {"PrAllowSvr",
|
|
457 "When checked, allows service tickets to be issued for"
|
|
458 +" the principal.\n"
|
|
459 +" \n"
|
|
460 +"You should not allow service tickets to be issued for the"
|
|
461 +" 'kadmin/admin' and 'changepw/admin' principals."
|
|
462 +" This will ensure that these"
|
|
463 +" principals can only update the KDC database." },
|
|
464
|
|
465
|
|
466 {"PrAllowForwardable",
|
|
467 "When checked, allows the principal to obtain forwardable"
|
|
468 +" tickets.\n"
|
|
469 +" \n"
|
|
470 +"Forwardable tickets are tickets that are forwarded to the"
|
|
471 +" remote host to provide a single-sign-on session."
|
|
472 +"For example, if you are using forwardable tickets and you"
|
|
473 +" authenticate yourself through ftp or rsh, other services,"
|
|
474 +" such as NFS, are available without you being prompted"
|
|
475 +" for another password."},
|
|
476
|
|
477
|
|
478 {"PrAllowProxiable",
|
|
479 "When checked, allows the principal to obtain proxiable tickets.\n"
|
|
480 +" \n"
|
|
481 +"A proxiable ticket is a ticket that can be used by a service"
|
|
482 +" on behalf of a client to perform an operation for the client."
|
|
483 +" With a proxiable ticket, a service can take on the identity"
|
|
484 +" of a client and obtain a ticket for another service, but it"
|
|
485 +" cannot obtain a ticket-granting ticket."},
|
|
486
|
|
487
|
|
488 {"PrEnforcePolicy",
|
|
489 "When checked, the policy selected for this principal"
|
|
490 +" will be enforced."},
|
|
491
|
|
492
|
|
493 {"PrAllowTGT",
|
|
494 "When checked, allows the service principal to provide services"
|
|
495 +" to another principal. More specifically, it allows the KDC to"
|
|
496 +" issue a service ticket for the service principal.\n"
|
|
497 +" \n"
|
|
498 +"This attribute is valid only for service principals."
|
|
499 +"When not checked, service tickets cannot be issued for"
|
|
500 +" the service principal."},
|
|
501
|
|
502
|
|
503 {"PrRequirePreAuth",
|
|
504 "When checked, the KDC will not send a requested ticket-granting"
|
|
505 +" ticket(TGT) to the principal until it can"
|
|
506 +" authenticate (through software) that it is really the principal"
|
|
507 +" requesting the TGT. This preauthentication is usually done"
|
|
508 +" through an extra password, for example, from a DES card.\n"
|
|
509 +" \n"
|
|
510 +"When not checked, the KDC will not need to preauthenticate"
|
|
511 +" the principal before it sends a requested TGT to it."},
|
|
512
|
|
513
|
|
514 {"PrAllowDupAuth",
|
|
515 "When checked, allows the user principal to obtain service tickets for"
|
|
516 +" other user principals.\n"
|
|
517 +" \n"
|
|
518 +"This attribute is valid only for user principals. When not checked,"
|
|
519 +" the user principal can still obtain service tickets for"
|
|
520 +" service principals, but not for other user principals."},
|
|
521
|
|
522
|
|
523 {"PrRequireHwPreAuth",
|
|
524 "When checked, the KDC will not send a requested ticket-granting"
|
|
525 +" ticket(TGT) to the principal until"
|
|
526 +" it can authenticate (through hardware) that it is really the"
|
|
527 +" principal requesting the TGT. Hardware preauthentication could"
|
|
528 +" be something like a Java ring reader.\n"
|
|
529 +" \n"
|
|
530 +"When not checked, the KDC will not need to preauthenticate"
|
|
531 +" the principal before it sends a requested TGT to it."},
|
|
532
|
|
533
|
|
534 {"PrFlagsPrevious",
|
|
535 "Sends you back to the previous Principal Details panel."},
|
|
536
|
|
537 //
|
|
538 // Done Button
|
|
539 //
|
|
540
|
|
541 {"PrFlagsNext",
|
|
542 "Saves any changes you've made to the current principal and"
|
|
543 +" sends you back to list of principals."},
|
|
544
|
|
545
|
|
546
|
|
547 //
|
|
548 // Policies Panel
|
|
549 //
|
|
550
|
|
551
|
|
552
|
|
553 {"PoliciesPanel",
|
|
554 // Not currently available in GUI
|
|
555 "This panel enables you to select a policy from the list to"
|
|
556 +" modify, delete, or duplicate. You can also create a new policy.\n"
|
|
557 +" \n"
|
|
558 +"A policy is a set of behaviors regarding"
|
|
559 +" passwords and tickets that can be applied to a principal."
|
|
560 +" For example, the principals for system administrators might"
|
|
561 +" all have the same policy."
|
|
562 +" \n"
|
|
563 +"To display a specific policy or sublist of policy,"
|
|
564 +" enter a filter string in the Filter Pattern field and press"
|
|
565 +" return.\n"
|
|
566 +" \n"
|
|
567 +"To perform an operation on a policy, select it from the list and"
|
|
568 +" click the appropriate button. To add a new policy, click New."},
|
|
569
|
|
570
|
|
571 {"Pollist",
|
|
572 "Displays the all the available policies in the specified realm.\n"
|
|
573 +" \n"
|
|
574 +"To select a policy, click on its name in the list; double-clicking"
|
|
575 +" on a policy is equivalent to selecting the policy and clicking"
|
|
576 +" Modify"},
|
|
577
|
|
578 {"PolNoList",
|
|
579 "This list panel is blank when you don't have list privileges"
|
|
580 +" or you've chosen not to show lists."},
|
|
581
|
|
582 {"PoListPattern",
|
|
583 "Enables you to apply a filter on the available policies to display a"
|
|
584 +" particular policy or sublist of policies. The filter string you"
|
|
585 +" enter may consist of one or more characters, And, because"
|
|
586 +" the filter mechanism is case-sensitive, you need to use the"
|
|
587 +" appropriate upper-case and lower-case letters for the filter.\n"
|
|
588 +" \n"
|
|
589 +"For example, entering 'adm' for the filter would match and display,"
|
|
590 +" policies such as 'admpol', 'adm1', and 'poladmin'.\n"
|
|
591 +" \n"
|
|
592 +"To display a particular policy or sublist of"
|
|
593 +" policies, enter a filter string and press"
|
|
594 +" return.\n"
|
|
595 +" \n"
|
|
596 +"To display the entire list of policies, click Clear"
|
|
597 +" Filter (or clear the Filter Pattern field and press return)."},
|
|
598
|
|
599
|
|
600 {"PoNameNoList",
|
|
601 "When the policy list is not displayed,"
|
|
602 +" you must enter policy names in this field to perform"
|
|
603 +" operations on them. Entering a name is equivalent to selecting"
|
|
604 +" an item from the list in normal operation.\n"
|
|
605 +" \n"
|
|
606 +"To clear the policy entry, click Clear Name (or clear the"
|
|
607 +" Name field and press return)."},
|
|
608
|
|
609
|
|
610 {"PoListClear",
|
|
611 "Clears the filter and displays the full list of available policies."},
|
|
612
|
|
613
|
|
614 {"PoNoListClear",
|
|
615 "Clears the Name field."},
|
|
616
|
|
617
|
|
618 {"PoListModify",
|
|
619 "Opens the Policy Details panel that enables you to modify the"
|
|
620 +" selected policy attributes, such as the policy's minimum password"
|
|
621 +" length and the minimum ticket lifetime."},
|
|
622
|
|
623
|
|
624
|
|
625 {"PoListAdd",
|
|
626 "Opens the Policy Details panel that enables you to create a new"
|
|
627 +" policy. The panel will have some of the fields already filled"
|
|
628 +" in with default values.\n"
|
|
629 +" \n"
|
|
630 +"The Duplicate button performs the same function; however,"
|
|
631 +" instead of the fields filled in with default values, the"
|
|
632 +" fields are filled in with the same values as the selected policy."},
|
|
633
|
|
634
|
|
635 {"PoListDelete",
|
|
636 "Deletes the selected policy from the Kerberos realm."},
|
|
637
|
|
638
|
|
639
|
|
640 {"PoListDuplicate",
|
|
641 "Opens the Policy Details panel that enables you to duplicate"
|
|
642 +" the selected policy. The panels will have the fields already"
|
|
643 +" filled in with the same values as the selected policy,"
|
|
644 +" except for the policy's name."
|
|
645 +"You can use this button to quickly create a new policy using"
|
|
646 +" another policy as a template.\n"
|
|
647 +" \n"
|
|
648 +"The Create New button performs the same function; however,"
|
|
649 +" the fields are filled in with default values."},
|
|
650
|
|
651
|
|
652
|
|
653 //
|
|
654 // Policy.Detail
|
|
655 //
|
|
656
|
|
657
|
|
658 {"PoName",
|
|
659 "The name of the policy. A policy is set of rules governing a"
|
|
660 +" principal's password and tickets.\n"
|
|
661 +" \n"
|
|
662 +"If you are modifying a policy, you cannot edit a policy's name."},
|
|
663
|
|
664
|
|
665
|
|
666 {"PoMinPwLength",
|
|
667 "The minimum length for the principal's password."},
|
|
668
|
|
669
|
|
670 {"PoMinPwClass",
|
|
671 "The minimum number of different character types required in the"
|
|
672 +" principal's password."
|
|
673 +"For example, a minimum classes value of 2 means that the"
|
|
674 +" password must have at least two different character types,"
|
|
675 +" such as letters and numbers(hi2mom). A value of 3 means that"
|
|
676 +" the password must have at least three different character"
|
|
677 +" types, such as letters, numbers, and punctuation (hi2mom!)."
|
|
678 +"And so on. \n"
|
|
679 +" \n"
|
|
680 +"A value of 1 basically sets no restriction on the number of password"
|
|
681 +" character types."},
|
|
682
|
|
683
|
|
684 {"PoSavedPasswords",
|
|
685 "The number of previous passwords that have been used by the principal"
|
|
686 +" and cannot be reused."},
|
|
687
|
|
688
|
|
689 {"PoMinTicketLifetime",
|
|
690 "The minimum time that the password must be used before it can be"
|
|
691 +" changed.\n"
|
|
692 +" \n"
|
|
693 +"To help create a time duration in seconds, click the adjacent"
|
|
694 +" '...' button to bring up a helper."},
|
|
695
|
|
696
|
|
697 {"PoMaxTicketLifetime",
|
|
698 "The maximum time that the password can be used before it must be"
|
|
699 +" changed.\n"
|
|
700 +" \n"
|
|
701 +"To help create a time duration in seconds, click the adjacent"
|
|
702 +" '...' button to bring up a helper."},
|
|
703
|
|
704
|
|
705 {"PolDetPrincipalsUsingThisPolicy",
|
|
706 "The number of principals to which this policy currently applies."},
|
|
707
|
|
708
|
|
709 {"PoSave",
|
|
710 "Saves any changes you've made to the current policy."},
|
|
711
|
|
712
|
|
713 {"PoCancel",
|
|
714 "Discards all the changes you've made to the current policy and sends"
|
|
715 +" you back to the list of policies."},
|
|
716
|
|
717
|
|
718 {"PoDetailPrevious",
|
|
719 "Sends you back to the list of policies.\n"
|
|
720 +" \n"
|
|
721 +"Note that you must save or cancel any changes you've made to the"
|
|
722 +" current policy before you can go back to the list."},
|
|
723
|
|
724
|
|
725 {"PoDetailDone",
|
|
726 "Saves any changes you've made to the current policy and sends"
|
|
727 +" you back to list of policies."},
|
|
728
|
|
729
|
|
730
|
|
731 //
|
|
732 // Defaults Panel
|
|
733 //
|
|
734
|
|
735
|
|
736 {"DefaultsPanel",
|
|
737 // Not currently available in GUI
|
|
738 "This window enables you to change the default settings for adding new"
|
|
739 +" principals."},
|
|
740
|
|
741
|
|
742 {"GlobalLockAcct",
|
|
743 "When checked, prevents the new principal from logging in."
|
|
744 +"This is a easy way to temporarily freeze"
|
|
745 +" new principal accounts for any reason. For example, you may want"
|
|
746 +" to add a number of new principals in the beginning of the week,"
|
|
747 +" but you might not want to activate them until the end of the"
|
|
748 +" week."},
|
|
749
|
|
750
|
|
751 {"GlobalAllowPostdated",
|
|
752 "When checked, allows the new principal to obtain postdated tickets.\n"
|
|
753 +" \n"
|
|
754 +"For example, you may need to use postdated tickets for cron jobs"
|
|
755 +" that need to run after hours and can't obtain tickets in advance"
|
|
756 +" because of short ticket lifetimes."},
|
|
757
|
|
758
|
|
759 {"GlobalAllowRenewable",
|
|
760 "When checked, allows the new principal to obtain renewable tickets.\n"
|
|
761 +" \n"
|
|
762 +"A principal can automatically extend the expiration date or time of"
|
|
763 +" a ticket that is renewable (rather than having to get a new ticket"
|
|
764 +" after the first one expires). Currently, the NFS service is the"
|
|
765 +" only service that can obtain renewable tickets."},
|
|
766
|
|
767
|
|
768 {"GlobalEnforcePolicy",
|
|
769 "When checked, the policy selected for the new principal"
|
|
770 +" will be enforced."},
|
|
771
|
|
772 {"GlobalAllowTGT",
|
|
773 "When checked, allows the new service principal to provide services to"
|
|
774 +" another principal. More specifically, it allows the KDC to issue a"
|
|
775 +" service ticket for the new service principal.\n"
|
|
776 +" \n"
|
|
777 +"This attribute is valid only for service principals."
|
|
778 +"When not checked,"
|
|
779 +" service tickets cannot be issued for the new service principal."},
|
|
780
|
|
781
|
|
782 {"GlobalForcePwChange",
|
|
783 "When checked, expires the principal's current password, forcing the"
|
|
784 +" user to use the kpasswd command to create a new password. This is"
|
|
785 +" is useful if you want to force users with new principals to set"
|
|
786 +" up their own passwords."},
|
|
787
|
|
788
|
|
789 {"GlobalAllowForwardable",
|
|
790 "When checked, allows the new principal to obtain forwardable"
|
|
791 +" tickets.\n"
|
|
792 +" \n"
|
|
793 +"Forwardable tickets are tickets that are forwarded to the remote"
|
|
794 +" host to provide a single-sign-on session. For example, if you"
|
|
795 +" are using forwardable tickets and you authenticate yourself"
|
|
796 +" through ftp or rsh, other services, such as NFS, are available"
|
|
797 +" without you being prompted for another password."},
|
|
798
|
|
799
|
|
800 {"GlobalAllowSvr",
|
|
801 "When checked, allows service tickets to be issued for"
|
|
802 +" the new principal.\n"
|
|
803 +" \n"
|
|
804 +"You should not allow service tickets to be issued for the"
|
|
805 +" 'kadmin/admin' and the 'changepw/admin' principals."
|
|
806 +" This will ensure that these"
|
|
807 +" principals can only update the KDC database." },
|
|
808
|
|
809
|
|
810 {"GlobalAllowProxiable",
|
|
811 "When checked, allows the new principal to obtain proxiable tickets.\n"
|
|
812 +" \n"
|
|
813 +"A proxiable ticket is a ticket that can be used by a service on"
|
|
814 +" behalf of a client to perform an operation for the client."
|
|
815 +"With a proxiable ticket, a service can take on the identity of"
|
|
816 +" a client and obtain a ticket for another service, but it cannot"
|
|
817 +" obtain a ticket-granting ticket."},
|
|
818
|
|
819
|
|
820
|
|
821 {"GlobalAllowDupAuth",
|
|
822 "When checked, allows the new user principal to obtain service"
|
|
823 +" tickets for other user principals.\n"
|
|
824 +" \n"
|
|
825 +"This attribute is valid only for user principals. When not checked,"
|
|
826 +" the new user principal can still obtain service tickets for"
|
|
827 +" service principals, but not for other user principals."},
|
|
828
|
|
829
|
|
830 {"GlobalRequirePreAuth",
|
|
831 "When checked, the KDC will not send a requested ticket-granting"
|
|
832 +" ticket(TGT)"
|
|
833 +" for the new principal until"
|
|
834 +" it can authenticate (through software) that it is really the"
|
|
835 +" principal requesting the TGT. This preauthentication is usually"
|
|
836 +" done through an extra password, for example, from a DES card.\n"
|
|
837 +" \n"
|
|
838 +"When not checked, the KDC will not need preauthenticate the new"
|
|
839 +" principal before it sends a requested TGT for it."},
|
|
840
|
|
841
|
|
842 {"GlobalRequireHwPreAuth",
|
|
843 "When checked, the KDC will not send a requested ticket-granting"
|
|
844 +" ticket(TGT) for the new principal until it can authenticate"
|
|
845 +" (through hardware) that it is really the principal"
|
|
846 +" requesting the TGT. Hardware preauthentication could be something"
|
|
847 +" like a Java ring reader.\n"
|
|
848 +" \n"
|
|
849 +"When not checked, the KDC will not need to preauthenticate the new"
|
|
850 +" principal with hardware before it sends a requested TGT for it."},
|
|
851
|
|
852 {"GlDefServerSide",
|
|
853 "When checked, the ticket lifetime values in the new principal are set"
|
|
854 +" such that "
|
|
855 +"the maximum value is used. When issuing a ticket the KDC uses the"
|
|
856 +" minimum of the value defined in the principal entry, in "
|
|
857 +" /etc/krb5/kdc.conf, or whatever the client requests with kinit."},
|
|
858
|
|
859 {"GlDefLife",
|
|
860 "The maximum length of time for which a ticket can be"
|
|
861 +" granted for the new principal (without renewal).\n"
|
|
862 +" \n"
|
|
863 +"To help create a time duration in seconds, click the adjacent"
|
|
864 +" '...' button to bring up a helper."},
|
|
865
|
|
866 {"GlDefRenewableLife",
|
|
867 "The maximum length of time for which an existing"
|
|
868 +" ticket may be renewed for the new principal.\n"
|
|
869 +" \n"
|
|
870 +"To help create a time duration in seconds, click the adjacent"
|
|
871 +" '...' button to bring up a helper."},
|
|
872
|
|
873
|
|
874 {"GlDefExpiry",
|
|
875 "The date and time on which the new principal's account expires."
|
|
876 +"When the account expires, the principal can no longer"
|
|
877 +" get a ticket-granting ticket (TGT) and may not be able to log in.\n"
|
|
878 +" \n"
|
|
879 +"To set up the new account with no expiration date, enter the word"
|
|
880 +" 'never' in the field.\n"
|
|
881 +" \n"
|
|
882 +"To help create a formatted date and time entry, click the adjacent"
|
|
883 +" '...' button to bring up a helper."},
|
|
884
|
|
885
|
|
886
|
|
887 {"GlDefShowLists",
|
|
888 "When checked, the principal and policy lists will be loaded and"
|
|
889 +" displayed in the list panels. Large lists may produce significant"
|
|
890 +" loading times, so it may be more convenient to work without lists"
|
|
891 +" when they are very large, or you should cache them."
|
|
892 +"The default is on."},
|
|
893
|
|
894
|
|
895 {"GlDefStaticLists",
|
|
896 "When checked, the principal and policy lists will be cached"
|
|
897 +" when they are initially loaded, and the lists will not be refreshed"
|
|
898 +" from the server unless you use the Refresh menu. Because large"
|
|
899 +" lists may produce significant loading times, you should cache"
|
|
900 +" large lists and refresh them when necessary. The default"
|
|
901 +" is off."},
|
|
902
|
|
903
|
|
904 {"GlDefCacheTime",
|
|
905 "The period of time that the principal and policy lists will be"
|
|
906 +" cached before being considered stale and refreshed from the"
|
|
907 +" server. The default is 300 seconds (6 minutes)."},
|
|
908
|
|
909
|
|
910 {"GlobalSave",
|
|
911 "Makes a permanent change to the default values by writing them"
|
|
912 +" to ~/.gkadmin, updates the tool, and closes the window."},
|
|
913
|
|
914
|
|
915 {"GlobalApply",
|
|
916 "Makes a temporary change to the default values in the tool and"
|
|
917 +" closes the window. This does not update ~/.gkadmin."},
|
|
918
|
|
919
|
|
920 {"GlobalCancel",
|
|
921 "Discards all the changes you've made to the current defaults and"
|
|
922 +" closes the window."},
|
|
923
|
|
924 //
|
|
925 // Generic Helper Button Descriptions
|
|
926 //
|
|
927
|
|
928 {"DateHelperButton",
|
|
929 "Opens the Date and Time Helper window to help you create"
|
|
930 +" a formatted date and time entry for the associated field."},
|
|
931
|
|
932 {"DurationHelperButton",
|
|
933 "Opens the Time Duration Helper window to help you create a time"
|
|
934 +" duration in seconds for the associated field."},
|
|
935
|
|
936 {"EncListHelperButton",
|
|
937 "Opens the Encryption Types Helper window to help you create"
|
|
938 +" the principal's keys from the default set."},
|
|
939
|
|
940 //
|
|
941 // EncryptionTypeDialogHelp
|
|
942 //
|
|
943
|
|
944 {"EncryptionTypeDialogHelp",
|
|
945 "You can select/deselect encryption types for this principal as"
|
|
946 +" needed. Certain encryption types are similar therefore when"
|
|
947 +" one of these encryption types is selected the other type(s)"
|
|
948 +" will be deselected. If no encryption types are selected the"
|
|
949 +" default set of types will be used, see krb5.conf(4) for these.\n"
|
|
950 +" \n"
|
|
951 +"Click OK to copy the encryption list that you've selected to the"
|
|
952 +" corresponding field.\n"
|
|
953 +" \n"
|
|
954 +"Click Clear to unselect all encryption types listed."},
|
|
955
|
|
956 //
|
|
957 // DateTimeDialog
|
|
958 //
|
|
959
|
|
960 {"DateTimeDialogHelp",
|
|
961 "To change the month, choose from the Month menu.\n "
|
|
962 +" \n"
|
|
963 +"To change the other date and time fields, click in the field and"
|
|
964 +" enter a value, or use the +/- buttons to increment/decrement their"
|
|
965 +" value. (Hint: Keeping the buttons pressed makes the value change"
|
|
966 +" at a faster rate.)\n"
|
|
967 +" \n"
|
|
968 +"Click Midnight to change the time to midnight, and click Now to"
|
|
969 +" change the time to the current time based on the system's clock.\n"
|
|
970 +" \n"
|
|
971 +"Click OK to copy the date and time settings you've changed to"
|
|
972 +" the corresponding field."},
|
|
973
|
|
974
|
|
975 //
|
|
976 // DurationHelper
|
|
977 //
|
|
978
|
|
979 {"DurationHelperHelp",
|
|
980 "To help create a time duration in seconds, choose a unit of time"
|
|
981 +" from the Unit menu, enter a number of units under the"
|
|
982 +" Value field, and press return (or click '='). The number of"
|
|
983 +" seconds based on your input will be displayed.\n"
|
|
984 +" \n"
|
|
985 +"Click OK to copy the number of seconds you've specified into the"
|
|
986 +" corresponding field."},
|
|
987
|
|
988 //
|
|
989 // PrintUtil
|
|
990 //
|
|
991
|
|
992 {"PrintUtilHelp",
|
|
993 "You can either print to a printer or a file.\n"
|
|
994 +" \n"
|
|
995 +"To print directly to a printer, click the Print Command"
|
|
996 +" radio button, enter a print command (if you don't want the default"
|
|
997 +" print command), and click Print.\n"
|
|
998 +" \n"
|
|
999 +"To print to a file, click the File Name radio button, enter a file"
|
|
1000 +" name, and click Print. The file name can be an absolute path."
|
|
1001 +" If no path is given, the file will be saved in the directory"
|
|
1002 +" where gkadmin was started. Click '...' next to the File Name field"
|
|
1003 +" to open the File Helper window to help you specify a"
|
|
1004 +" a location and name for the file."},
|
|
1005
|
|
1006 //
|
|
1007 // Menubar context sensitive help
|
|
1008 //
|
|
1009
|
|
1010 {"ContextSensitiveHelp",
|
|
1011 "Opens the Context-Sensitive Help window and switches the tool into"
|
|
1012 +" help mode. In help mode, you can get help on any part of the"
|
|
1013 +" current window just by clicking on it. To dismiss the Help window"
|
|
1014 +" and switch back to the normal mode, click Dismiss on the Help"
|
|
1015 +" window."},
|
|
1016
|
|
1017 {"PrintCurrentPrincipal",
|
|
1018 "Prints the attributes of the currently selected principal in the"
|
|
1019 +" list or the currently loaded principal."},
|
|
1020
|
|
1021 {"PrintCurrentPolicy",
|
|
1022 "Prints the attributes of the currently selected policy in the"
|
|
1023 +" list or the currently loaded policy."},
|
|
1024
|
|
1025 {"PrintPrincipalList",
|
|
1026 "Prints the list of all the available principals on the master KDC."},
|
|
1027
|
|
1028 {"PrintPolicyList",
|
|
1029 "Prints the list of all the available policies on the master KDC."},
|
|
1030
|
|
1031 {"Logout",
|
|
1032 "Quits the current session and sends you back to the Login window, so"
|
|
1033 +" you can change the login fields and log in again."},
|
|
1034
|
|
1035 {"EditPreferences",
|
|
1036 "Opens the Properties window, which enables you to"
|
|
1037 +" specify the default settings for creating new principals"
|
|
1038 +" and how the tool should manage the principal"
|
|
1039 +" and policy lists."},
|
|
1040
|
|
1041 {"RefreshPrincipals",
|
|
1042 "Forces the principal list to be updated from the server."},
|
|
1043
|
|
1044 {"RefreshPolicies",
|
|
1045 "Forces the policy list to be updated from the server."},
|
|
1046
|
|
1047 {"Exit",
|
|
1048 "Quits the SEAM Administration Tool."},
|
|
1049
|
|
1050 {"HelpBrowser",
|
|
1051 "Opens an HTML browser that provides pointers to overview and task"
|
|
1052 +" information"
|
|
1053 +" for the SEAM Administration Tool. This provides the same"
|
|
1054 +" information as the 'Sun Enterprise Authentication Management"
|
|
1055 +" Guide'."},
|
|
1056
|
|
1057 {"About",
|
|
1058 "Displays the current version of the SEAM Administration Tool."},
|
|
1059
|
|
1060 {"DateTime...",
|
|
1061 "Opens the SEAM Date and Time Helper window, which enables you to"
|
|
1062 +" set the date and time. After you set the date and time and click"
|
|
1063 +" OK, the settings are automatically formatted and copied into the"
|
|
1064 +" corresponding field."},
|
|
1065
|
|
1066 {"Duration...",
|
|
1067 "Opens the SEAM Duration Helper window, which enables you to specify a"
|
|
1068 +" time duration and have it converted into seconds."
|
|
1069 +" After you specify the time"
|
|
1070 +" and click OK, the time duration is copied into the corresponding"
|
|
1071 +" field."},
|
|
1072
|
|
1073 {"EncList...",
|
|
1074 "Opens the SEAM Encryption Type List Helper window, which enables you"
|
|
1075 +" to specify custom encryption types for the principal. "
|
|
1076 +" After you select the encryption types and click OK, the encryption"
|
|
1077 +" type list is copied into the corresponding field."},
|
|
1078
|
|
1079 {"Print...",
|
|
1080 "Opens the SEAM Print Dialog window, which enables you to specify a"
|
|
1081 +" printer"
|
|
1082 +" to print the information or a file name in which to save the"
|
|
1083 +" information."},
|
|
1084
|
|
1085 {"Bad Duration",
|
|
1086 "Please enter the duration (in seconds) correctly."},
|
|
1087
|
|
1088 {"Bad Date",
|
|
1089 "Please enter the date correctly."},
|
|
1090
|
|
1091 {"Bad Number",
|
|
1092 "Please enter the number correctly."}
|
|
1093
|
|
1094 }; // end contents object
|
|
1095
|
|
1096 }
|