Mercurial > illumos > onarm

comparison usr/src/cmd/krb5/kadmin/gui/HelpData.java @ 0:c9caec207d52 b86

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial porting based on b86
author Koji Uno <koji.uno@sun.com>
date Tue, 02 Jun 2009 18:56:50 +0900
parents
children 1a15d5aaf794
comparison
equal deleted inserted replaced
-1:000000000000 0:c9caec207d52
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * ident "@(#)HelpData.java 1.3 05/06/24 SMI"
24 *
25 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
26 * Use is subject to license terms.
27 */
28
29 import java.util.ListResourceBundle;
30
31 // On-line spot help. Defined as strings of a "contents" object.
32
33 public class HelpData extends ListResourceBundle {
34 public Object [][] getContents() {
35 return contents;
36 }
37
38 static final Object [][] contents = {
39
40 //
41 // Main Login Panel
42 //
43
44 {"MainLoginPanel",
45 // Not currently available in GUI
46 "This window enables you to log in and use the SEAM Administration"
47 +"Tool. The default information that initially fills in the fields"
48 +" is read from the system's /etc/krb5/krb5.conf file (except"
49 +" for the principal name)."},
50
51
52 {"LoginName",
53 "The principal name to log in with (without realm included)."
54 +"In order to use the SEAM Administration Tool, your principal"
55 +" must have the appropriate privileges specified in the master"
56 +" KDC's kadm5.acl"
57 +" file.\n"
58 +" \n"
59 +"The default principal name consists of your user name with the"
60 +" 'admin' instance appended. For example, 'jdb/admin'."},
61
62
63 {"LoginPass",
64 "The password for the principal."},
65
66
67 {"LoginRealm",
68 "The Kerberos realm, which is similar to a DNS domain."
69 +"In most cases, the realm name is your domain name, and it should"
70 +" be upper-case. For example, 'MTN.ACME.COM'.\n"
71 +" \n"
72 +"Each realm has one master KDC and may include slave"
73 +" KDCs that contain read-only copies of the master."
74 +"The default realm is read from the system's"
75 +" /etc/krb5/krb5.conf file."},
76
77
78 {"LoginServer",
79 "The master KDC where the Kerberos administration server, kadmind,"
80 +" is running and where the KDC (Key Distribution Center) is located."
81 +"You must provide a fully-qualified host name for the master KDC.\n"
82 +" \n"
83 +"The default admin server is read from the"
84 +" system's /etc/krb5/krb5.conf file."},
85
86
87 {"LoginOK",
88 "Checks the information"
89 +" in this window, and if valid, logs you into the tool."},
90
91
92 {"LoginStartOver",
93 "Resets all fields in this window to their initial"
94 +" settings (when the tool was started)."},
95
96
97 //
98 // Panel Tabs
99 //
100
101
102 {"PrincipalTab",
103 "Sends you to the list of principals. If you are currently"
104 +" working on a principal or policy and you've made"
105 +" changes, you'll be prompted to cancel or save"
106 +" the changes before being sent to Principal List panel."},
107
108
109 {"PolicyTab",
110 "Sends you to the list of policies. If you are currently working on a"
111 +" principal or policy and you've made changes, you'll be prompted to"
112 +" cancel or save the changes before being sent to Policy"
113 +" List panel."},
114
115
116
117 //
118 // Principal List Panel
119 //
120
121
122 {"PrinListPanel",
123 // Not currently available in GUI
124 "This panel enables you to select a principal from the list to modify,"
125 +" delete, and duplicate. You can also create a new principal.\n"
126 +" \n"
127 +" principal is an entity to which tickets may be assigned, generally"
128 +" of the form <primary>/<instance>@<REALM>. For example,"
129 +" jdb/admin@MTN.ACME.COM.\n"
130 +" \n"
131 +" display a specific principal or"
132 +" sublist of principals, enter a filter string in the Filter Pattern"
133 +" field and press"
134 +" return.\n"
135 +" \n"
136 +"To perform an operation on a principal, select it from the list and"
137 +" click the appropriate button. To create a new principal, click"
138 +" Create New."},
139
140
141 {"PrList",
142 "Displays all the available principals in the specified realm.\n"
143 +" \n"
144 +"To select a principal, click on its name in the list;"
145 +" double-clicking on a principal is equivalent to selecting"
146 +" the principal and clicking Modify."},
147
148
149 {"PrNoList",
150 "This list panel is blank when you don't have list privileges"
151 +" or you've chosen not to show lists."},
152
153
154 {"PrListPattern",
155 "Enables you to apply a filter on the available principals to"
156 +" display a particular principal or sublist of principals."
157 +"The filter string you enter may consist of one or more"
158 +" characters. And, because the filter mechanism is case"
159 +" sensitive, you need to use the appropriate upper-case and"
160 +" lower-case letters for the filter.\n"
161 +" \n"
162 +"For example, entering 'user' for the filter would match"
163 +" and display principals such as 'enguser', 'user1',"
164 +" and 'useradmin'.\n"
165 +" '\n"
166 +"To display a particular principal or sublist of"
167 +" principals, enter a filter string and press return.\n"
168 +" \n"
169 +"To display the entire list of principals, click Clear"
170 +" Filter(or clear the Filter Pattern field and press return)."},
171
172
173 {"PrNameNoList",
174 "When the principal list is not displayed,"
175 +" you must enter principal names in this field to perform"
176 +" operations on them. Entering a name is equivalent to selecting"
177 +" an item from the principal list in normal operation.\n"
178 +" \n"
179 +"To clear the principal entry, click Clear Name (or clear the"
180 +" Name field and press return)."},
181
182
183 {"PrListClear",
184 "Clears the filter and displays the full list of available",
185 " principals."},
186
187
188 {"PrNoListClear",
189 "Clears the Name field."},
190
191
192 {"PrListModify",
193 "Opens a series of panels that enable you to modify the selected"
194 +" principal, such as the principal's password, expiry date,"
195 +" and policy."},
196
197
198 {"PrListAdd",
199 "Opens a series of panels that enable you to create a new principal."
200 +" The panels will have some of the fields already filled in with"
201 +" default values, which you can set up by choosing Properties from"
202 +" the Edit menu.\n"
203 +" \n"
204 +"The Duplicate button performs the same function; however,"
205 +" instead of the fields filled in with default values, the fields"
206 +" are filled in with the same values as the selected principal."},
207
208
209 {"PrListDelete",
210 "Deletes the selected principal from the Kerberos realm. The deleted"
211 +" principal can no longer be assigned Kerberos tickets."},
212
213
214 {"PrListDuplicate",
215 "Opens a series of panels that enable you to duplicate the selected"
216 +" principal. The panels will have the fields already filled in"
217 +" with the same values as the selected principal,"
218 +" except for the principal's name and password."
219 +"You can use this button to quickly create a new principal using "
220 +" another principal as a template.\n"
221 +" \n"
222 +"The Create New button performs the same function; however,"
223 +" instead of"
224 +" the fields filled in with the same values as the selected"
225 +" principal, the fields are filled in with default values."},
226
227
228
229 //
230 // Principal Basics Panel
231 //
232
233
234 {"PrincipalBasicsPanel",
235 // Not currently available in GUI
236 "This panel enables you to specify the basic attributes for a"
237 +" principal."},
238
239
240 {"PrName",
241 "The name of the principal (the <primary>/<instance> part of a"
242 +" fully-qualified principal name). A principal is a unique identity"
243 +" to which the KDC can assign tickets.\n"
244 +" \n"
245 +"If you are modifying a principal,"
246 +" you cannot edit a principal's name.\n"
247 +" \n"
248 +"For service (or host) principal names, the <primary> part must be"
249 +" the name of a service, such as 'host' for telnet and rsh"
250 +" services,'ftp', or 'nfs'."
251 +"The < instance > part must be the name of the system"
252 +" that requires Kerberos authentication for that service."
253 +"For example, 'host/denver.mtn.acme.com'.\n"
254 +" \n"
255 +"For user principal names, the < primary > part must be"
256 +" the name of the"
257 +" user."
258 +"The < instance > part is optional, but it can be a term used to"
259 +" describe the intended use for the principals, such as 'admin', or"
260 +" it can be the name of a system, which enables you to create"
261 +" different"
262 +" principals for the same user on a per-system basis."
263 +" For example, 'jdb/admin', 'jdb/denver@acme.com', or 'jdb'."},
264
265
266 {"PrComments",
267 "Comments related to the principal (for example,"
268 +" 'Temporary Account')."},
269
270
271 {"PrPolicy",
272 "A menu of available policies for the principal."},
273
274
275 {"PrPassword",
276 "The password for the principal."},
277
278
279 {"PrBasicRandomPw",
280 "Creates a random password for the principal and copies it into"
281 +" the Password field."},
282
283
284 {"PrinBasLastPrincipalChange",
285 "The date on which information for the principal was"
286 +" last modified."},
287
288
289 {"PrinBasLastChangedBy",
290 "The name of the principal who last modified the account for this"
291 +" principal."},
292
293 {"EncList",
294 "The encryption types that the principal's keys will be created with."
295 +" Use a white space to separate encryption types."
296 +" Leave blank if the default set of encryption types is desired."
297 +" Refer to krb5.conf for the available encryption types supported."
298 +" The default set of dialog choices can be over-ridden by defining"
299 +" supported_enctypes with the desired list of encryption types in"
300 +" the realm's section of krb5.conf."
301 +" \n"
302 +"Changing encryption types is only applicable when creating a"
303 +" principal or when changing a password. So a password must be"
304 +" accompanied with any encryption type changes."},
305
306 {"PrExpiry",
307 "The date and time on which the principal's account expires. When the"
308 +" account expires, the principal can no longer"
309 +" get a ticket-granting ticket (TGT) and may not be able to log in.\n"
310 +" \n"
311 +"To set up the account with no expiration date,"
312 +" enter the word 'never' in the field.\n"
313 +" \n"
314 +"To help create a formatted date and time entry, click the adjacent"
315 +" '...' button to bring up a helper."},
316
317
318 {"PrSave",
319 "Saves any changes you've made to the current principal."},
320
321
322 {"PrCancel",
323 "Discards all the changes you've made to the current principal"
324 +" and sends you back to the list of principals."},
325
326
327 {"PrBasicPrevious",
328 "Sends you back to the list of principals.\n"
329 +" \n"
330 +"Note that you must save or cancel any changes you've made to"
331 +" the current principal before you can go back to the list."},
332
333
334 {"PrBasicNext",
335 "Sends you to the next Principal Details panel that contains"
336 +" the password and ticket lifetime attributes for the principal."},
337
338
339
340 //
341 // Principal Detail Panel
342 //
343
344
345 {"PrincipalDetailPanel",
346 // Not currently available in GUI
347 "This panel enables you to specify the password and"
348 +" ticket lifetime attributes for the principal principal."},
349
350
351 {"PrinDetLastSuccess",
352 "The date and time when the principal last logged in successfully."},
353
354
355 {"PrinDetLastFailure",
356 "The date and time when the last login failure for the"
357 +" principal occurred."},
358
359
360 {"PrinDetFailureCount",
361 "The number of times that there has been a login failure"
362 +" for the principal."},
363
364
365 {"PrinDetLastPasswordChange",
366 "The date and time when the principal's password was "
367 +" last changed."},
368
369
370 {"PrPwExpiry",
371 "The date and time when the principal's current password"
372 +" will expire.\n"
373 +" \n"
374 +"To set up the password with no expiration date, enter the"
375 +" word 'never'in the field.\n"
376 +" \n"
377 +"To help create a formatted date and time entry, click the adjacent"
378 +" '...' button to bring up a helper."},
379
380
381 {"PrKvno",
382 "The key version number for the principal; this is normally"
383 +" changed only when a password has been compromised."},
384
385
386 {"PrMaxLifetime",
387 "The maximum length of time for which a ticket can be"
388 +" granted for the principal (without renewal).\n"
389 +" \n"
390 +"To help create a time duration in seconds, click the adjacent"
391 +" '...' button to bring up a helper."},
392
393
394 {"PrMaxRenewal",
395 "The maximum length of time for which an existing"
396 +" ticket may be renewed for the principal.\n"
397 +" \n"
398 +"To help create a time duration in seconds, click the adjacent"
399 +" '...' button to bring up a helper."},
400
401
402 {"PrDetailPrevious",
403 "Sends you back to the previous Principal Basics panel."},
404
405
406 {"PrDetailNext",
407 "Sends you to the next Principal Flags panel that contains"
408 +" security, ticket control, and miscellaneous attributes for"
409 +" the principal."},
410
411
412
413 //
414 // Principal Flags Panel
415 //
416
417
418
419 {"PrincipalFlagsPanel",
420 // Not currently available in GUI
421 "This panel enables you to specify the security, ticket control, and"
422 +" miscellaneous attributes for the principal."},
423
424
425 {"PrLockAcct",
426 "When checked, prevents the principal from logging in."
427 +" This is a easy way to temporarily freeze"
428 +" a principal account for any reason."},
429
430
431 {"PrForcePwChange",
432 "When checked, expires the principal's current password, forcing the"
433 +" user to use the kpasswd command to create a new password."
434 +" This is useful if"
435 +" there is a security breach and you need to make sure that old"
436 +" passwords are replaced."},
437
438
439 {"PrAllowPostdated",
440 "When checked, allows the principal to obtain postdated tickets.\n"
441 +" \n"
442 +"For example, you may need to use postdated tickets for cron jobs"
443 +" that need to run after hours and can't obtain tickets in"
444 +" advance because of short ticket lifetimes."},
445
446
447 {"PrAllowRenewable",
448 "When checked, allows the principal to obtain renewable tickets.\n"
449 +" \n"
450 +"A principal can automatically extend the expiration date or time of"
451 +" a ticket that is renewable (rather than having to get a new"
452 +" ticket after the first one expires). Currently, the NFS service"
453 +" is the only service that can renew tickets."},
454
455
456 {"PrAllowSvr",
457 "When checked, allows service tickets to be issued for"
458 +" the principal.\n"
459 +" \n"
460 +"You should not allow service tickets to be issued for the"
461 +" 'kadmin/admin' and 'changepw/admin' principals."
462 +" This will ensure that these"
463 +" principals can only update the KDC database." },
464
465
466 {"PrAllowForwardable",
467 "When checked, allows the principal to obtain forwardable"
468 +" tickets.\n"
469 +" \n"
470 +"Forwardable tickets are tickets that are forwarded to the"
471 +" remote host to provide a single-sign-on session."
472 +"For example, if you are using forwardable tickets and you"
473 +" authenticate yourself through ftp or rsh, other services,"
474 +" such as NFS, are available without you being prompted"
475 +" for another password."},
476
477
478 {"PrAllowProxiable",
479 "When checked, allows the principal to obtain proxiable tickets.\n"
480 +" \n"
481 +"A proxiable ticket is a ticket that can be used by a service"
482 +" on behalf of a client to perform an operation for the client."
483 +" With a proxiable ticket, a service can take on the identity"
484 +" of a client and obtain a ticket for another service, but it"
485 +" cannot obtain a ticket-granting ticket."},
486
487
488 {"PrEnforcePolicy",
489 "When checked, the policy selected for this principal"
490 +" will be enforced."},
491
492
493 {"PrAllowTGT",
494 "When checked, allows the service principal to provide services"
495 +" to another principal. More specifically, it allows the KDC to"
496 +" issue a service ticket for the service principal.\n"
497 +" \n"
498 +"This attribute is valid only for service principals."
499 +"When not checked, service tickets cannot be issued for"
500 +" the service principal."},
501
502
503 {"PrRequirePreAuth",
504 "When checked, the KDC will not send a requested ticket-granting"
505 +" ticket(TGT) to the principal until it can"
506 +" authenticate (through software) that it is really the principal"
507 +" requesting the TGT. This preauthentication is usually done"
508 +" through an extra password, for example, from a DES card.\n"
509 +" \n"
510 +"When not checked, the KDC will not need to preauthenticate"
511 +" the principal before it sends a requested TGT to it."},
512
513
514 {"PrAllowDupAuth",
515 "When checked, allows the user principal to obtain service tickets for"
516 +" other user principals.\n"
517 +" \n"
518 +"This attribute is valid only for user principals. When not checked,"
519 +" the user principal can still obtain service tickets for"
520 +" service principals, but not for other user principals."},
521
522
523 {"PrRequireHwPreAuth",
524 "When checked, the KDC will not send a requested ticket-granting"
525 +" ticket(TGT) to the principal until"
526 +" it can authenticate (through hardware) that it is really the"
527 +" principal requesting the TGT. Hardware preauthentication could"
528 +" be something like a Java ring reader.\n"
529 +" \n"
530 +"When not checked, the KDC will not need to preauthenticate"
531 +" the principal before it sends a requested TGT to it."},
532
533
534 {"PrFlagsPrevious",
535 "Sends you back to the previous Principal Details panel."},
536
537 //
538 // Done Button
539 //
540
541 {"PrFlagsNext",
542 "Saves any changes you've made to the current principal and"
543 +" sends you back to list of principals."},
544
545
546
547 //
548 // Policies Panel
549 //
550
551
552
553 {"PoliciesPanel",
554 // Not currently available in GUI
555 "This panel enables you to select a policy from the list to"
556 +" modify, delete, or duplicate. You can also create a new policy.\n"
557 +" \n"
558 +"A policy is a set of behaviors regarding"
559 +" passwords and tickets that can be applied to a principal."
560 +" For example, the principals for system administrators might"
561 +" all have the same policy."
562 +" \n"
563 +"To display a specific policy or sublist of policy,"
564 +" enter a filter string in the Filter Pattern field and press"
565 +" return.\n"
566 +" \n"
567 +"To perform an operation on a policy, select it from the list and"
568 +" click the appropriate button. To add a new policy, click New."},
569
570
571 {"Pollist",
572 "Displays the all the available policies in the specified realm.\n"
573 +" \n"
574 +"To select a policy, click on its name in the list; double-clicking"
575 +" on a policy is equivalent to selecting the policy and clicking"
576 +" Modify"},
577
578 {"PolNoList",
579 "This list panel is blank when you don't have list privileges"
580 +" or you've chosen not to show lists."},
581
582 {"PoListPattern",
583 "Enables you to apply a filter on the available policies to display a"
584 +" particular policy or sublist of policies. The filter string you"
585 +" enter may consist of one or more characters, And, because"
586 +" the filter mechanism is case-sensitive, you need to use the"
587 +" appropriate upper-case and lower-case letters for the filter.\n"
588 +" \n"
589 +"For example, entering 'adm' for the filter would match and display,"
590 +" policies such as 'admpol', 'adm1', and 'poladmin'.\n"
591 +" \n"
592 +"To display a particular policy or sublist of"
593 +" policies, enter a filter string and press"
594 +" return.\n"
595 +" \n"
596 +"To display the entire list of policies, click Clear"
597 +" Filter (or clear the Filter Pattern field and press return)."},
598
599
600 {"PoNameNoList",
601 "When the policy list is not displayed,"
602 +" you must enter policy names in this field to perform"
603 +" operations on them. Entering a name is equivalent to selecting"
604 +" an item from the list in normal operation.\n"
605 +" \n"
606 +"To clear the policy entry, click Clear Name (or clear the"
607 +" Name field and press return)."},
608
609
610 {"PoListClear",
611 "Clears the filter and displays the full list of available policies."},
612
613
614 {"PoNoListClear",
615 "Clears the Name field."},
616
617
618 {"PoListModify",
619 "Opens the Policy Details panel that enables you to modify the"
620 +" selected policy attributes, such as the policy's minimum password"
621 +" length and the minimum ticket lifetime."},
622
623
624
625 {"PoListAdd",
626 "Opens the Policy Details panel that enables you to create a new"
627 +" policy. The panel will have some of the fields already filled"
628 +" in with default values.\n"
629 +" \n"
630 +"The Duplicate button performs the same function; however,"
631 +" instead of the fields filled in with default values, the"
632 +" fields are filled in with the same values as the selected policy."},
633
634
635 {"PoListDelete",
636 "Deletes the selected policy from the Kerberos realm."},
637
638
639
640 {"PoListDuplicate",
641 "Opens the Policy Details panel that enables you to duplicate"
642 +" the selected policy. The panels will have the fields already"
643 +" filled in with the same values as the selected policy,"
644 +" except for the policy's name."
645 +"You can use this button to quickly create a new policy using"
646 +" another policy as a template.\n"
647 +" \n"
648 +"The Create New button performs the same function; however,"
649 +" the fields are filled in with default values."},
650
651
652
653 //
654 // Policy.Detail
655 //
656
657
658 {"PoName",
659 "The name of the policy. A policy is set of rules governing a"
660 +" principal's password and tickets.\n"
661 +" \n"
662 +"If you are modifying a policy, you cannot edit a policy's name."},
663
664
665
666 {"PoMinPwLength",
667 "The minimum length for the principal's password."},
668
669
670 {"PoMinPwClass",
671 "The minimum number of different character types required in the"
672 +" principal's password."
673 +"For example, a minimum classes value of 2 means that the"
674 +" password must have at least two different character types,"
675 +" such as letters and numbers(hi2mom). A value of 3 means that"
676 +" the password must have at least three different character"
677 +" types, such as letters, numbers, and punctuation (hi2mom!)."
678 +"And so on. \n"
679 +" \n"
680 +"A value of 1 basically sets no restriction on the number of password"
681 +" character types."},
682
683
684 {"PoSavedPasswords",
685 "The number of previous passwords that have been used by the principal"
686 +" and cannot be reused."},
687
688
689 {"PoMinTicketLifetime",
690 "The minimum time that the password must be used before it can be"
691 +" changed.\n"
692 +" \n"
693 +"To help create a time duration in seconds, click the adjacent"
694 +" '...' button to bring up a helper."},
695
696
697 {"PoMaxTicketLifetime",
698 "The maximum time that the password can be used before it must be"
699 +" changed.\n"
700 +" \n"
701 +"To help create a time duration in seconds, click the adjacent"
702 +" '...' button to bring up a helper."},
703
704
705 {"PolDetPrincipalsUsingThisPolicy",
706 "The number of principals to which this policy currently applies."},
707
708
709 {"PoSave",
710 "Saves any changes you've made to the current policy."},
711
712
713 {"PoCancel",
714 "Discards all the changes you've made to the current policy and sends"
715 +" you back to the list of policies."},
716
717
718 {"PoDetailPrevious",
719 "Sends you back to the list of policies.\n"
720 +" \n"
721 +"Note that you must save or cancel any changes you've made to the"
722 +" current policy before you can go back to the list."},
723
724
725 {"PoDetailDone",
726 "Saves any changes you've made to the current policy and sends"
727 +" you back to list of policies."},
728
729
730
731 //
732 // Defaults Panel
733 //
734
735
736 {"DefaultsPanel",
737 // Not currently available in GUI
738 "This window enables you to change the default settings for adding new"
739 +" principals."},
740
741
742 {"GlobalLockAcct",
743 "When checked, prevents the new principal from logging in."
744 +"This is a easy way to temporarily freeze"
745 +" new principal accounts for any reason. For example, you may want"
746 +" to add a number of new principals in the beginning of the week,"
747 +" but you might not want to activate them until the end of the"
748 +" week."},
749
750
751 {"GlobalAllowPostdated",
752 "When checked, allows the new principal to obtain postdated tickets.\n"
753 +" \n"
754 +"For example, you may need to use postdated tickets for cron jobs"
755 +" that need to run after hours and can't obtain tickets in advance"
756 +" because of short ticket lifetimes."},
757
758
759 {"GlobalAllowRenewable",
760 "When checked, allows the new principal to obtain renewable tickets.\n"
761 +" \n"
762 +"A principal can automatically extend the expiration date or time of"
763 +" a ticket that is renewable (rather than having to get a new ticket"
764 +" after the first one expires). Currently, the NFS service is the"
765 +" only service that can obtain renewable tickets."},
766
767
768 {"GlobalEnforcePolicy",
769 "When checked, the policy selected for the new principal"
770 +" will be enforced."},
771
772 {"GlobalAllowTGT",
773 "When checked, allows the new service principal to provide services to"
774 +" another principal. More specifically, it allows the KDC to issue a"
775 +" service ticket for the new service principal.\n"
776 +" \n"
777 +"This attribute is valid only for service principals."
778 +"When not checked,"
779 +" service tickets cannot be issued for the new service principal."},
780
781
782 {"GlobalForcePwChange",
783 "When checked, expires the principal's current password, forcing the"
784 +" user to use the kpasswd command to create a new password. This is"
785 +" is useful if you want to force users with new principals to set"
786 +" up their own passwords."},
787
788
789 {"GlobalAllowForwardable",
790 "When checked, allows the new principal to obtain forwardable"
791 +" tickets.\n"
792 +" \n"
793 +"Forwardable tickets are tickets that are forwarded to the remote"
794 +" host to provide a single-sign-on session. For example, if you"
795 +" are using forwardable tickets and you authenticate yourself"
796 +" through ftp or rsh, other services, such as NFS, are available"
797 +" without you being prompted for another password."},
798
799
800 {"GlobalAllowSvr",
801 "When checked, allows service tickets to be issued for"
802 +" the new principal.\n"
803 +" \n"
804 +"You should not allow service tickets to be issued for the"
805 +" 'kadmin/admin' and the 'changepw/admin' principals."
806 +" This will ensure that these"
807 +" principals can only update the KDC database." },
808
809
810 {"GlobalAllowProxiable",
811 "When checked, allows the new principal to obtain proxiable tickets.\n"
812 +" \n"
813 +"A proxiable ticket is a ticket that can be used by a service on"
814 +" behalf of a client to perform an operation for the client."
815 +"With a proxiable ticket, a service can take on the identity of"
816 +" a client and obtain a ticket for another service, but it cannot"
817 +" obtain a ticket-granting ticket."},
818
819
820
821 {"GlobalAllowDupAuth",
822 "When checked, allows the new user principal to obtain service"
823 +" tickets for other user principals.\n"
824 +" \n"
825 +"This attribute is valid only for user principals. When not checked,"
826 +" the new user principal can still obtain service tickets for"
827 +" service principals, but not for other user principals."},
828
829
830 {"GlobalRequirePreAuth",
831 "When checked, the KDC will not send a requested ticket-granting"
832 +" ticket(TGT)"
833 +" for the new principal until"
834 +" it can authenticate (through software) that it is really the"
835 +" principal requesting the TGT. This preauthentication is usually"
836 +" done through an extra password, for example, from a DES card.\n"
837 +" \n"
838 +"When not checked, the KDC will not need preauthenticate the new"
839 +" principal before it sends a requested TGT for it."},
840
841
842 {"GlobalRequireHwPreAuth",
843 "When checked, the KDC will not send a requested ticket-granting"
844 +" ticket(TGT) for the new principal until it can authenticate"
845 +" (through hardware) that it is really the principal"
846 +" requesting the TGT. Hardware preauthentication could be something"
847 +" like a Java ring reader.\n"
848 +" \n"
849 +"When not checked, the KDC will not need to preauthenticate the new"
850 +" principal with hardware before it sends a requested TGT for it."},
851
852 {"GlDefServerSide",
853 "When checked, the ticket lifetime values in the new principal are set"
854 +" such that "
855 +"the maximum value is used. When issuing a ticket the KDC uses the"
856 +" minimum of the value defined in the principal entry, in "
857 +" /etc/krb5/kdc.conf, or whatever the client requests with kinit."},
858
859 {"GlDefLife",
860 "The maximum length of time for which a ticket can be"
861 +" granted for the new principal (without renewal).\n"
862 +" \n"
863 +"To help create a time duration in seconds, click the adjacent"
864 +" '...' button to bring up a helper."},
865
866 {"GlDefRenewableLife",
867 "The maximum length of time for which an existing"
868 +" ticket may be renewed for the new principal.\n"
869 +" \n"
870 +"To help create a time duration in seconds, click the adjacent"
871 +" '...' button to bring up a helper."},
872
873
874 {"GlDefExpiry",
875 "The date and time on which the new principal's account expires."
876 +"When the account expires, the principal can no longer"
877 +" get a ticket-granting ticket (TGT) and may not be able to log in.\n"
878 +" \n"
879 +"To set up the new account with no expiration date, enter the word"
880 +" 'never' in the field.\n"
881 +" \n"
882 +"To help create a formatted date and time entry, click the adjacent"
883 +" '...' button to bring up a helper."},
884
885
886
887 {"GlDefShowLists",
888 "When checked, the principal and policy lists will be loaded and"
889 +" displayed in the list panels. Large lists may produce significant"
890 +" loading times, so it may be more convenient to work without lists"
891 +" when they are very large, or you should cache them."
892 +"The default is on."},
893
894
895 {"GlDefStaticLists",
896 "When checked, the principal and policy lists will be cached"
897 +" when they are initially loaded, and the lists will not be refreshed"
898 +" from the server unless you use the Refresh menu. Because large"
899 +" lists may produce significant loading times, you should cache"
900 +" large lists and refresh them when necessary. The default"
901 +" is off."},
902
903
904 {"GlDefCacheTime",
905 "The period of time that the principal and policy lists will be"
906 +" cached before being considered stale and refreshed from the"
907 +" server. The default is 300 seconds (6 minutes)."},
908
909
910 {"GlobalSave",
911 "Makes a permanent change to the default values by writing them"
912 +" to ~/.gkadmin, updates the tool, and closes the window."},
913
914
915 {"GlobalApply",
916 "Makes a temporary change to the default values in the tool and"
917 +" closes the window. This does not update ~/.gkadmin."},
918
919
920 {"GlobalCancel",
921 "Discards all the changes you've made to the current defaults and"
922 +" closes the window."},
923
924 //
925 // Generic Helper Button Descriptions
926 //
927
928 {"DateHelperButton",
929 "Opens the Date and Time Helper window to help you create"
930 +" a formatted date and time entry for the associated field."},
931
932 {"DurationHelperButton",
933 "Opens the Time Duration Helper window to help you create a time"
934 +" duration in seconds for the associated field."},
935
936 {"EncListHelperButton",
937 "Opens the Encryption Types Helper window to help you create"
938 +" the principal's keys from the default set."},
939
940 //
941 // EncryptionTypeDialogHelp
942 //
943
944 {"EncryptionTypeDialogHelp",
945 "You can select/deselect encryption types for this principal as"
946 +" needed. Certain encryption types are similar therefore when"
947 +" one of these encryption types is selected the other type(s)"
948 +" will be deselected. If no encryption types are selected the"
949 +" default set of types will be used, see krb5.conf(4) for these.\n"
950 +" \n"
951 +"Click OK to copy the encryption list that you've selected to the"
952 +" corresponding field.\n"
953 +" \n"
954 +"Click Clear to unselect all encryption types listed."},
955
956 //
957 // DateTimeDialog
958 //
959
960 {"DateTimeDialogHelp",
961 "To change the month, choose from the Month menu.\n "
962 +" \n"
963 +"To change the other date and time fields, click in the field and"
964 +" enter a value, or use the +/- buttons to increment/decrement their"
965 +" value. (Hint: Keeping the buttons pressed makes the value change"
966 +" at a faster rate.)\n"
967 +" \n"
968 +"Click Midnight to change the time to midnight, and click Now to"
969 +" change the time to the current time based on the system's clock.\n"
970 +" \n"
971 +"Click OK to copy the date and time settings you've changed to"
972 +" the corresponding field."},
973
974
975 //
976 // DurationHelper
977 //
978
979 {"DurationHelperHelp",
980 "To help create a time duration in seconds, choose a unit of time"
981 +" from the Unit menu, enter a number of units under the"
982 +" Value field, and press return (or click '='). The number of"
983 +" seconds based on your input will be displayed.\n"
984 +" \n"
985 +"Click OK to copy the number of seconds you've specified into the"
986 +" corresponding field."},
987
988 //
989 // PrintUtil
990 //
991
992 {"PrintUtilHelp",
993 "You can either print to a printer or a file.\n"
994 +" \n"
995 +"To print directly to a printer, click the Print Command"
996 +" radio button, enter a print command (if you don't want the default"
997 +" print command), and click Print.\n"
998 +" \n"
999 +"To print to a file, click the File Name radio button, enter a file"
1000 +" name, and click Print. The file name can be an absolute path."
1001 +" If no path is given, the file will be saved in the directory"
1002 +" where gkadmin was started. Click '...' next to the File Name field"
1003 +" to open the File Helper window to help you specify a"
1004 +" a location and name for the file."},
1005
1006 //
1007 // Menubar context sensitive help
1008 //
1009
1010 {"ContextSensitiveHelp",
1011 "Opens the Context-Sensitive Help window and switches the tool into"
1012 +" help mode. In help mode, you can get help on any part of the"
1013 +" current window just by clicking on it. To dismiss the Help window"
1014 +" and switch back to the normal mode, click Dismiss on the Help"
1015 +" window."},
1016
1017 {"PrintCurrentPrincipal",
1018 "Prints the attributes of the currently selected principal in the"
1019 +" list or the currently loaded principal."},
1020
1021 {"PrintCurrentPolicy",
1022 "Prints the attributes of the currently selected policy in the"
1023 +" list or the currently loaded policy."},
1024
1025 {"PrintPrincipalList",
1026 "Prints the list of all the available principals on the master KDC."},
1027
1028 {"PrintPolicyList",
1029 "Prints the list of all the available policies on the master KDC."},
1030
1031 {"Logout",
1032 "Quits the current session and sends you back to the Login window, so"
1033 +" you can change the login fields and log in again."},
1034
1035 {"EditPreferences",
1036 "Opens the Properties window, which enables you to"
1037 +" specify the default settings for creating new principals"
1038 +" and how the tool should manage the principal"
1039 +" and policy lists."},
1040
1041 {"RefreshPrincipals",
1042 "Forces the principal list to be updated from the server."},
1043
1044 {"RefreshPolicies",
1045 "Forces the policy list to be updated from the server."},
1046
1047 {"Exit",
1048 "Quits the SEAM Administration Tool."},
1049
1050 {"HelpBrowser",
1051 "Opens an HTML browser that provides pointers to overview and task"
1052 +" information"
1053 +" for the SEAM Administration Tool. This provides the same"
1054 +" information as the 'Sun Enterprise Authentication Management"
1055 +" Guide'."},
1056
1057 {"About",
1058 "Displays the current version of the SEAM Administration Tool."},
1059
1060 {"DateTime...",
1061 "Opens the SEAM Date and Time Helper window, which enables you to"
1062 +" set the date and time. After you set the date and time and click"
1063 +" OK, the settings are automatically formatted and copied into the"
1064 +" corresponding field."},
1065
1066 {"Duration...",
1067 "Opens the SEAM Duration Helper window, which enables you to specify a"
1068 +" time duration and have it converted into seconds."
1069 +" After you specify the time"
1070 +" and click OK, the time duration is copied into the corresponding"
1071 +" field."},
1072
1073 {"EncList...",
1074 "Opens the SEAM Encryption Type List Helper window, which enables you"
1075 +" to specify custom encryption types for the principal. "
1076 +" After you select the encryption types and click OK, the encryption"
1077 +" type list is copied into the corresponding field."},
1078
1079 {"Print...",
1080 "Opens the SEAM Print Dialog window, which enables you to specify a"
1081 +" printer"
1082 +" to print the information or a file name in which to save the"
1083 +" information."},
1084
1085 {"Bad Duration",
1086 "Please enter the duration (in seconds) correctly."},
1087
1088 {"Bad Date",
1089 "Please enter the date correctly."},
1090
1091 {"Bad Number",
1092 "Please enter the number correctly."}
1093
1094 }; // end contents object
1095
1096 }