Mercurial > illumos > onarm
comparison usr/src/cmd/krb5/kadmin/gui/HelpData.java @ 0:c9caec207d52 b86
Initial porting based on b86
author | Koji Uno <koji.uno@sun.com> |
---|---|
date | Tue, 02 Jun 2009 18:56:50 +0900 |
parents | |
children | 1a15d5aaf794 |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:c9caec207d52 |
---|---|
1 /* | |
2 * CDDL HEADER START | |
3 * | |
4 * The contents of this file are subject to the terms of the | |
5 * Common Development and Distribution License, Version 1.0 only | |
6 * (the "License"). You may not use this file except in compliance | |
7 * with the License. | |
8 * | |
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
10 * or http://www.opensolaris.org/os/licensing. | |
11 * See the License for the specific language governing permissions | |
12 * and limitations under the License. | |
13 * | |
14 * When distributing Covered Code, include this CDDL HEADER in each | |
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
16 * If applicable, add the following below this CDDL HEADER, with the | |
17 * fields enclosed by brackets "[]" replaced with your own identifying | |
18 * information: Portions Copyright [yyyy] [name of copyright owner] | |
19 * | |
20 * CDDL HEADER END | |
21 */ | |
22 /* | |
23 * ident "@(#)HelpData.java 1.3 05/06/24 SMI" | |
24 * | |
25 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. | |
26 * Use is subject to license terms. | |
27 */ | |
28 | |
29 import java.util.ListResourceBundle; | |
30 | |
31 // On-line spot help. Defined as strings of a "contents" object. | |
32 | |
33 public class HelpData extends ListResourceBundle { | |
34 public Object [][] getContents() { | |
35 return contents; | |
36 } | |
37 | |
38 static final Object [][] contents = { | |
39 | |
40 // | |
41 // Main Login Panel | |
42 // | |
43 | |
44 {"MainLoginPanel", | |
45 // Not currently available in GUI | |
46 "This window enables you to log in and use the SEAM Administration" | |
47 +"Tool. The default information that initially fills in the fields" | |
48 +" is read from the system's /etc/krb5/krb5.conf file (except" | |
49 +" for the principal name)."}, | |
50 | |
51 | |
52 {"LoginName", | |
53 "The principal name to log in with (without realm included)." | |
54 +"In order to use the SEAM Administration Tool, your principal" | |
55 +" must have the appropriate privileges specified in the master" | |
56 +" KDC's kadm5.acl" | |
57 +" file.\n" | |
58 +" \n" | |
59 +"The default principal name consists of your user name with the" | |
60 +" 'admin' instance appended. For example, 'jdb/admin'."}, | |
61 | |
62 | |
63 {"LoginPass", | |
64 "The password for the principal."}, | |
65 | |
66 | |
67 {"LoginRealm", | |
68 "The Kerberos realm, which is similar to a DNS domain." | |
69 +"In most cases, the realm name is your domain name, and it should" | |
70 +" be upper-case. For example, 'MTN.ACME.COM'.\n" | |
71 +" \n" | |
72 +"Each realm has one master KDC and may include slave" | |
73 +" KDCs that contain read-only copies of the master." | |
74 +"The default realm is read from the system's" | |
75 +" /etc/krb5/krb5.conf file."}, | |
76 | |
77 | |
78 {"LoginServer", | |
79 "The master KDC where the Kerberos administration server, kadmind," | |
80 +" is running and where the KDC (Key Distribution Center) is located." | |
81 +"You must provide a fully-qualified host name for the master KDC.\n" | |
82 +" \n" | |
83 +"The default admin server is read from the" | |
84 +" system's /etc/krb5/krb5.conf file."}, | |
85 | |
86 | |
87 {"LoginOK", | |
88 "Checks the information" | |
89 +" in this window, and if valid, logs you into the tool."}, | |
90 | |
91 | |
92 {"LoginStartOver", | |
93 "Resets all fields in this window to their initial" | |
94 +" settings (when the tool was started)."}, | |
95 | |
96 | |
97 // | |
98 // Panel Tabs | |
99 // | |
100 | |
101 | |
102 {"PrincipalTab", | |
103 "Sends you to the list of principals. If you are currently" | |
104 +" working on a principal or policy and you've made" | |
105 +" changes, you'll be prompted to cancel or save" | |
106 +" the changes before being sent to Principal List panel."}, | |
107 | |
108 | |
109 {"PolicyTab", | |
110 "Sends you to the list of policies. If you are currently working on a" | |
111 +" principal or policy and you've made changes, you'll be prompted to" | |
112 +" cancel or save the changes before being sent to Policy" | |
113 +" List panel."}, | |
114 | |
115 | |
116 | |
117 // | |
118 // Principal List Panel | |
119 // | |
120 | |
121 | |
122 {"PrinListPanel", | |
123 // Not currently available in GUI | |
124 "This panel enables you to select a principal from the list to modify," | |
125 +" delete, and duplicate. You can also create a new principal.\n" | |
126 +" \n" | |
127 +" principal is an entity to which tickets may be assigned, generally" | |
128 +" of the form <primary>/<instance>@<REALM>. For example," | |
129 +" jdb/admin@MTN.ACME.COM.\n" | |
130 +" \n" | |
131 +" display a specific principal or" | |
132 +" sublist of principals, enter a filter string in the Filter Pattern" | |
133 +" field and press" | |
134 +" return.\n" | |
135 +" \n" | |
136 +"To perform an operation on a principal, select it from the list and" | |
137 +" click the appropriate button. To create a new principal, click" | |
138 +" Create New."}, | |
139 | |
140 | |
141 {"PrList", | |
142 "Displays all the available principals in the specified realm.\n" | |
143 +" \n" | |
144 +"To select a principal, click on its name in the list;" | |
145 +" double-clicking on a principal is equivalent to selecting" | |
146 +" the principal and clicking Modify."}, | |
147 | |
148 | |
149 {"PrNoList", | |
150 "This list panel is blank when you don't have list privileges" | |
151 +" or you've chosen not to show lists."}, | |
152 | |
153 | |
154 {"PrListPattern", | |
155 "Enables you to apply a filter on the available principals to" | |
156 +" display a particular principal or sublist of principals." | |
157 +"The filter string you enter may consist of one or more" | |
158 +" characters. And, because the filter mechanism is case" | |
159 +" sensitive, you need to use the appropriate upper-case and" | |
160 +" lower-case letters for the filter.\n" | |
161 +" \n" | |
162 +"For example, entering 'user' for the filter would match" | |
163 +" and display principals such as 'enguser', 'user1'," | |
164 +" and 'useradmin'.\n" | |
165 +" '\n" | |
166 +"To display a particular principal or sublist of" | |
167 +" principals, enter a filter string and press return.\n" | |
168 +" \n" | |
169 +"To display the entire list of principals, click Clear" | |
170 +" Filter(or clear the Filter Pattern field and press return)."}, | |
171 | |
172 | |
173 {"PrNameNoList", | |
174 "When the principal list is not displayed," | |
175 +" you must enter principal names in this field to perform" | |
176 +" operations on them. Entering a name is equivalent to selecting" | |
177 +" an item from the principal list in normal operation.\n" | |
178 +" \n" | |
179 +"To clear the principal entry, click Clear Name (or clear the" | |
180 +" Name field and press return)."}, | |
181 | |
182 | |
183 {"PrListClear", | |
184 "Clears the filter and displays the full list of available", | |
185 " principals."}, | |
186 | |
187 | |
188 {"PrNoListClear", | |
189 "Clears the Name field."}, | |
190 | |
191 | |
192 {"PrListModify", | |
193 "Opens a series of panels that enable you to modify the selected" | |
194 +" principal, such as the principal's password, expiry date," | |
195 +" and policy."}, | |
196 | |
197 | |
198 {"PrListAdd", | |
199 "Opens a series of panels that enable you to create a new principal." | |
200 +" The panels will have some of the fields already filled in with" | |
201 +" default values, which you can set up by choosing Properties from" | |
202 +" the Edit menu.\n" | |
203 +" \n" | |
204 +"The Duplicate button performs the same function; however," | |
205 +" instead of the fields filled in with default values, the fields" | |
206 +" are filled in with the same values as the selected principal."}, | |
207 | |
208 | |
209 {"PrListDelete", | |
210 "Deletes the selected principal from the Kerberos realm. The deleted" | |
211 +" principal can no longer be assigned Kerberos tickets."}, | |
212 | |
213 | |
214 {"PrListDuplicate", | |
215 "Opens a series of panels that enable you to duplicate the selected" | |
216 +" principal. The panels will have the fields already filled in" | |
217 +" with the same values as the selected principal," | |
218 +" except for the principal's name and password." | |
219 +"You can use this button to quickly create a new principal using " | |
220 +" another principal as a template.\n" | |
221 +" \n" | |
222 +"The Create New button performs the same function; however," | |
223 +" instead of" | |
224 +" the fields filled in with the same values as the selected" | |
225 +" principal, the fields are filled in with default values."}, | |
226 | |
227 | |
228 | |
229 // | |
230 // Principal Basics Panel | |
231 // | |
232 | |
233 | |
234 {"PrincipalBasicsPanel", | |
235 // Not currently available in GUI | |
236 "This panel enables you to specify the basic attributes for a" | |
237 +" principal."}, | |
238 | |
239 | |
240 {"PrName", | |
241 "The name of the principal (the <primary>/<instance> part of a" | |
242 +" fully-qualified principal name). A principal is a unique identity" | |
243 +" to which the KDC can assign tickets.\n" | |
244 +" \n" | |
245 +"If you are modifying a principal," | |
246 +" you cannot edit a principal's name.\n" | |
247 +" \n" | |
248 +"For service (or host) principal names, the <primary> part must be" | |
249 +" the name of a service, such as 'host' for telnet and rsh" | |
250 +" services,'ftp', or 'nfs'." | |
251 +"The < instance > part must be the name of the system" | |
252 +" that requires Kerberos authentication for that service." | |
253 +"For example, 'host/denver.mtn.acme.com'.\n" | |
254 +" \n" | |
255 +"For user principal names, the < primary > part must be" | |
256 +" the name of the" | |
257 +" user." | |
258 +"The < instance > part is optional, but it can be a term used to" | |
259 +" describe the intended use for the principals, such as 'admin', or" | |
260 +" it can be the name of a system, which enables you to create" | |
261 +" different" | |
262 +" principals for the same user on a per-system basis." | |
263 +" For example, 'jdb/admin', 'jdb/denver@acme.com', or 'jdb'."}, | |
264 | |
265 | |
266 {"PrComments", | |
267 "Comments related to the principal (for example," | |
268 +" 'Temporary Account')."}, | |
269 | |
270 | |
271 {"PrPolicy", | |
272 "A menu of available policies for the principal."}, | |
273 | |
274 | |
275 {"PrPassword", | |
276 "The password for the principal."}, | |
277 | |
278 | |
279 {"PrBasicRandomPw", | |
280 "Creates a random password for the principal and copies it into" | |
281 +" the Password field."}, | |
282 | |
283 | |
284 {"PrinBasLastPrincipalChange", | |
285 "The date on which information for the principal was" | |
286 +" last modified."}, | |
287 | |
288 | |
289 {"PrinBasLastChangedBy", | |
290 "The name of the principal who last modified the account for this" | |
291 +" principal."}, | |
292 | |
293 {"EncList", | |
294 "The encryption types that the principal's keys will be created with." | |
295 +" Use a white space to separate encryption types." | |
296 +" Leave blank if the default set of encryption types is desired." | |
297 +" Refer to krb5.conf for the available encryption types supported." | |
298 +" The default set of dialog choices can be over-ridden by defining" | |
299 +" supported_enctypes with the desired list of encryption types in" | |
300 +" the realm's section of krb5.conf." | |
301 +" \n" | |
302 +"Changing encryption types is only applicable when creating a" | |
303 +" principal or when changing a password. So a password must be" | |
304 +" accompanied with any encryption type changes."}, | |
305 | |
306 {"PrExpiry", | |
307 "The date and time on which the principal's account expires. When the" | |
308 +" account expires, the principal can no longer" | |
309 +" get a ticket-granting ticket (TGT) and may not be able to log in.\n" | |
310 +" \n" | |
311 +"To set up the account with no expiration date," | |
312 +" enter the word 'never' in the field.\n" | |
313 +" \n" | |
314 +"To help create a formatted date and time entry, click the adjacent" | |
315 +" '...' button to bring up a helper."}, | |
316 | |
317 | |
318 {"PrSave", | |
319 "Saves any changes you've made to the current principal."}, | |
320 | |
321 | |
322 {"PrCancel", | |
323 "Discards all the changes you've made to the current principal" | |
324 +" and sends you back to the list of principals."}, | |
325 | |
326 | |
327 {"PrBasicPrevious", | |
328 "Sends you back to the list of principals.\n" | |
329 +" \n" | |
330 +"Note that you must save or cancel any changes you've made to" | |
331 +" the current principal before you can go back to the list."}, | |
332 | |
333 | |
334 {"PrBasicNext", | |
335 "Sends you to the next Principal Details panel that contains" | |
336 +" the password and ticket lifetime attributes for the principal."}, | |
337 | |
338 | |
339 | |
340 // | |
341 // Principal Detail Panel | |
342 // | |
343 | |
344 | |
345 {"PrincipalDetailPanel", | |
346 // Not currently available in GUI | |
347 "This panel enables you to specify the password and" | |
348 +" ticket lifetime attributes for the principal principal."}, | |
349 | |
350 | |
351 {"PrinDetLastSuccess", | |
352 "The date and time when the principal last logged in successfully."}, | |
353 | |
354 | |
355 {"PrinDetLastFailure", | |
356 "The date and time when the last login failure for the" | |
357 +" principal occurred."}, | |
358 | |
359 | |
360 {"PrinDetFailureCount", | |
361 "The number of times that there has been a login failure" | |
362 +" for the principal."}, | |
363 | |
364 | |
365 {"PrinDetLastPasswordChange", | |
366 "The date and time when the principal's password was " | |
367 +" last changed."}, | |
368 | |
369 | |
370 {"PrPwExpiry", | |
371 "The date and time when the principal's current password" | |
372 +" will expire.\n" | |
373 +" \n" | |
374 +"To set up the password with no expiration date, enter the" | |
375 +" word 'never'in the field.\n" | |
376 +" \n" | |
377 +"To help create a formatted date and time entry, click the adjacent" | |
378 +" '...' button to bring up a helper."}, | |
379 | |
380 | |
381 {"PrKvno", | |
382 "The key version number for the principal; this is normally" | |
383 +" changed only when a password has been compromised."}, | |
384 | |
385 | |
386 {"PrMaxLifetime", | |
387 "The maximum length of time for which a ticket can be" | |
388 +" granted for the principal (without renewal).\n" | |
389 +" \n" | |
390 +"To help create a time duration in seconds, click the adjacent" | |
391 +" '...' button to bring up a helper."}, | |
392 | |
393 | |
394 {"PrMaxRenewal", | |
395 "The maximum length of time for which an existing" | |
396 +" ticket may be renewed for the principal.\n" | |
397 +" \n" | |
398 +"To help create a time duration in seconds, click the adjacent" | |
399 +" '...' button to bring up a helper."}, | |
400 | |
401 | |
402 {"PrDetailPrevious", | |
403 "Sends you back to the previous Principal Basics panel."}, | |
404 | |
405 | |
406 {"PrDetailNext", | |
407 "Sends you to the next Principal Flags panel that contains" | |
408 +" security, ticket control, and miscellaneous attributes for" | |
409 +" the principal."}, | |
410 | |
411 | |
412 | |
413 // | |
414 // Principal Flags Panel | |
415 // | |
416 | |
417 | |
418 | |
419 {"PrincipalFlagsPanel", | |
420 // Not currently available in GUI | |
421 "This panel enables you to specify the security, ticket control, and" | |
422 +" miscellaneous attributes for the principal."}, | |
423 | |
424 | |
425 {"PrLockAcct", | |
426 "When checked, prevents the principal from logging in." | |
427 +" This is a easy way to temporarily freeze" | |
428 +" a principal account for any reason."}, | |
429 | |
430 | |
431 {"PrForcePwChange", | |
432 "When checked, expires the principal's current password, forcing the" | |
433 +" user to use the kpasswd command to create a new password." | |
434 +" This is useful if" | |
435 +" there is a security breach and you need to make sure that old" | |
436 +" passwords are replaced."}, | |
437 | |
438 | |
439 {"PrAllowPostdated", | |
440 "When checked, allows the principal to obtain postdated tickets.\n" | |
441 +" \n" | |
442 +"For example, you may need to use postdated tickets for cron jobs" | |
443 +" that need to run after hours and can't obtain tickets in" | |
444 +" advance because of short ticket lifetimes."}, | |
445 | |
446 | |
447 {"PrAllowRenewable", | |
448 "When checked, allows the principal to obtain renewable tickets.\n" | |
449 +" \n" | |
450 +"A principal can automatically extend the expiration date or time of" | |
451 +" a ticket that is renewable (rather than having to get a new" | |
452 +" ticket after the first one expires). Currently, the NFS service" | |
453 +" is the only service that can renew tickets."}, | |
454 | |
455 | |
456 {"PrAllowSvr", | |
457 "When checked, allows service tickets to be issued for" | |
458 +" the principal.\n" | |
459 +" \n" | |
460 +"You should not allow service tickets to be issued for the" | |
461 +" 'kadmin/admin' and 'changepw/admin' principals." | |
462 +" This will ensure that these" | |
463 +" principals can only update the KDC database." }, | |
464 | |
465 | |
466 {"PrAllowForwardable", | |
467 "When checked, allows the principal to obtain forwardable" | |
468 +" tickets.\n" | |
469 +" \n" | |
470 +"Forwardable tickets are tickets that are forwarded to the" | |
471 +" remote host to provide a single-sign-on session." | |
472 +"For example, if you are using forwardable tickets and you" | |
473 +" authenticate yourself through ftp or rsh, other services," | |
474 +" such as NFS, are available without you being prompted" | |
475 +" for another password."}, | |
476 | |
477 | |
478 {"PrAllowProxiable", | |
479 "When checked, allows the principal to obtain proxiable tickets.\n" | |
480 +" \n" | |
481 +"A proxiable ticket is a ticket that can be used by a service" | |
482 +" on behalf of a client to perform an operation for the client." | |
483 +" With a proxiable ticket, a service can take on the identity" | |
484 +" of a client and obtain a ticket for another service, but it" | |
485 +" cannot obtain a ticket-granting ticket."}, | |
486 | |
487 | |
488 {"PrEnforcePolicy", | |
489 "When checked, the policy selected for this principal" | |
490 +" will be enforced."}, | |
491 | |
492 | |
493 {"PrAllowTGT", | |
494 "When checked, allows the service principal to provide services" | |
495 +" to another principal. More specifically, it allows the KDC to" | |
496 +" issue a service ticket for the service principal.\n" | |
497 +" \n" | |
498 +"This attribute is valid only for service principals." | |
499 +"When not checked, service tickets cannot be issued for" | |
500 +" the service principal."}, | |
501 | |
502 | |
503 {"PrRequirePreAuth", | |
504 "When checked, the KDC will not send a requested ticket-granting" | |
505 +" ticket(TGT) to the principal until it can" | |
506 +" authenticate (through software) that it is really the principal" | |
507 +" requesting the TGT. This preauthentication is usually done" | |
508 +" through an extra password, for example, from a DES card.\n" | |
509 +" \n" | |
510 +"When not checked, the KDC will not need to preauthenticate" | |
511 +" the principal before it sends a requested TGT to it."}, | |
512 | |
513 | |
514 {"PrAllowDupAuth", | |
515 "When checked, allows the user principal to obtain service tickets for" | |
516 +" other user principals.\n" | |
517 +" \n" | |
518 +"This attribute is valid only for user principals. When not checked," | |
519 +" the user principal can still obtain service tickets for" | |
520 +" service principals, but not for other user principals."}, | |
521 | |
522 | |
523 {"PrRequireHwPreAuth", | |
524 "When checked, the KDC will not send a requested ticket-granting" | |
525 +" ticket(TGT) to the principal until" | |
526 +" it can authenticate (through hardware) that it is really the" | |
527 +" principal requesting the TGT. Hardware preauthentication could" | |
528 +" be something like a Java ring reader.\n" | |
529 +" \n" | |
530 +"When not checked, the KDC will not need to preauthenticate" | |
531 +" the principal before it sends a requested TGT to it."}, | |
532 | |
533 | |
534 {"PrFlagsPrevious", | |
535 "Sends you back to the previous Principal Details panel."}, | |
536 | |
537 // | |
538 // Done Button | |
539 // | |
540 | |
541 {"PrFlagsNext", | |
542 "Saves any changes you've made to the current principal and" | |
543 +" sends you back to list of principals."}, | |
544 | |
545 | |
546 | |
547 // | |
548 // Policies Panel | |
549 // | |
550 | |
551 | |
552 | |
553 {"PoliciesPanel", | |
554 // Not currently available in GUI | |
555 "This panel enables you to select a policy from the list to" | |
556 +" modify, delete, or duplicate. You can also create a new policy.\n" | |
557 +" \n" | |
558 +"A policy is a set of behaviors regarding" | |
559 +" passwords and tickets that can be applied to a principal." | |
560 +" For example, the principals for system administrators might" | |
561 +" all have the same policy." | |
562 +" \n" | |
563 +"To display a specific policy or sublist of policy," | |
564 +" enter a filter string in the Filter Pattern field and press" | |
565 +" return.\n" | |
566 +" \n" | |
567 +"To perform an operation on a policy, select it from the list and" | |
568 +" click the appropriate button. To add a new policy, click New."}, | |
569 | |
570 | |
571 {"Pollist", | |
572 "Displays the all the available policies in the specified realm.\n" | |
573 +" \n" | |
574 +"To select a policy, click on its name in the list; double-clicking" | |
575 +" on a policy is equivalent to selecting the policy and clicking" | |
576 +" Modify"}, | |
577 | |
578 {"PolNoList", | |
579 "This list panel is blank when you don't have list privileges" | |
580 +" or you've chosen not to show lists."}, | |
581 | |
582 {"PoListPattern", | |
583 "Enables you to apply a filter on the available policies to display a" | |
584 +" particular policy or sublist of policies. The filter string you" | |
585 +" enter may consist of one or more characters, And, because" | |
586 +" the filter mechanism is case-sensitive, you need to use the" | |
587 +" appropriate upper-case and lower-case letters for the filter.\n" | |
588 +" \n" | |
589 +"For example, entering 'adm' for the filter would match and display," | |
590 +" policies such as 'admpol', 'adm1', and 'poladmin'.\n" | |
591 +" \n" | |
592 +"To display a particular policy or sublist of" | |
593 +" policies, enter a filter string and press" | |
594 +" return.\n" | |
595 +" \n" | |
596 +"To display the entire list of policies, click Clear" | |
597 +" Filter (or clear the Filter Pattern field and press return)."}, | |
598 | |
599 | |
600 {"PoNameNoList", | |
601 "When the policy list is not displayed," | |
602 +" you must enter policy names in this field to perform" | |
603 +" operations on them. Entering a name is equivalent to selecting" | |
604 +" an item from the list in normal operation.\n" | |
605 +" \n" | |
606 +"To clear the policy entry, click Clear Name (or clear the" | |
607 +" Name field and press return)."}, | |
608 | |
609 | |
610 {"PoListClear", | |
611 "Clears the filter and displays the full list of available policies."}, | |
612 | |
613 | |
614 {"PoNoListClear", | |
615 "Clears the Name field."}, | |
616 | |
617 | |
618 {"PoListModify", | |
619 "Opens the Policy Details panel that enables you to modify the" | |
620 +" selected policy attributes, such as the policy's minimum password" | |
621 +" length and the minimum ticket lifetime."}, | |
622 | |
623 | |
624 | |
625 {"PoListAdd", | |
626 "Opens the Policy Details panel that enables you to create a new" | |
627 +" policy. The panel will have some of the fields already filled" | |
628 +" in with default values.\n" | |
629 +" \n" | |
630 +"The Duplicate button performs the same function; however," | |
631 +" instead of the fields filled in with default values, the" | |
632 +" fields are filled in with the same values as the selected policy."}, | |
633 | |
634 | |
635 {"PoListDelete", | |
636 "Deletes the selected policy from the Kerberos realm."}, | |
637 | |
638 | |
639 | |
640 {"PoListDuplicate", | |
641 "Opens the Policy Details panel that enables you to duplicate" | |
642 +" the selected policy. The panels will have the fields already" | |
643 +" filled in with the same values as the selected policy," | |
644 +" except for the policy's name." | |
645 +"You can use this button to quickly create a new policy using" | |
646 +" another policy as a template.\n" | |
647 +" \n" | |
648 +"The Create New button performs the same function; however," | |
649 +" the fields are filled in with default values."}, | |
650 | |
651 | |
652 | |
653 // | |
654 // Policy.Detail | |
655 // | |
656 | |
657 | |
658 {"PoName", | |
659 "The name of the policy. A policy is set of rules governing a" | |
660 +" principal's password and tickets.\n" | |
661 +" \n" | |
662 +"If you are modifying a policy, you cannot edit a policy's name."}, | |
663 | |
664 | |
665 | |
666 {"PoMinPwLength", | |
667 "The minimum length for the principal's password."}, | |
668 | |
669 | |
670 {"PoMinPwClass", | |
671 "The minimum number of different character types required in the" | |
672 +" principal's password." | |
673 +"For example, a minimum classes value of 2 means that the" | |
674 +" password must have at least two different character types," | |
675 +" such as letters and numbers(hi2mom). A value of 3 means that" | |
676 +" the password must have at least three different character" | |
677 +" types, such as letters, numbers, and punctuation (hi2mom!)." | |
678 +"And so on. \n" | |
679 +" \n" | |
680 +"A value of 1 basically sets no restriction on the number of password" | |
681 +" character types."}, | |
682 | |
683 | |
684 {"PoSavedPasswords", | |
685 "The number of previous passwords that have been used by the principal" | |
686 +" and cannot be reused."}, | |
687 | |
688 | |
689 {"PoMinTicketLifetime", | |
690 "The minimum time that the password must be used before it can be" | |
691 +" changed.\n" | |
692 +" \n" | |
693 +"To help create a time duration in seconds, click the adjacent" | |
694 +" '...' button to bring up a helper."}, | |
695 | |
696 | |
697 {"PoMaxTicketLifetime", | |
698 "The maximum time that the password can be used before it must be" | |
699 +" changed.\n" | |
700 +" \n" | |
701 +"To help create a time duration in seconds, click the adjacent" | |
702 +" '...' button to bring up a helper."}, | |
703 | |
704 | |
705 {"PolDetPrincipalsUsingThisPolicy", | |
706 "The number of principals to which this policy currently applies."}, | |
707 | |
708 | |
709 {"PoSave", | |
710 "Saves any changes you've made to the current policy."}, | |
711 | |
712 | |
713 {"PoCancel", | |
714 "Discards all the changes you've made to the current policy and sends" | |
715 +" you back to the list of policies."}, | |
716 | |
717 | |
718 {"PoDetailPrevious", | |
719 "Sends you back to the list of policies.\n" | |
720 +" \n" | |
721 +"Note that you must save or cancel any changes you've made to the" | |
722 +" current policy before you can go back to the list."}, | |
723 | |
724 | |
725 {"PoDetailDone", | |
726 "Saves any changes you've made to the current policy and sends" | |
727 +" you back to list of policies."}, | |
728 | |
729 | |
730 | |
731 // | |
732 // Defaults Panel | |
733 // | |
734 | |
735 | |
736 {"DefaultsPanel", | |
737 // Not currently available in GUI | |
738 "This window enables you to change the default settings for adding new" | |
739 +" principals."}, | |
740 | |
741 | |
742 {"GlobalLockAcct", | |
743 "When checked, prevents the new principal from logging in." | |
744 +"This is a easy way to temporarily freeze" | |
745 +" new principal accounts for any reason. For example, you may want" | |
746 +" to add a number of new principals in the beginning of the week," | |
747 +" but you might not want to activate them until the end of the" | |
748 +" week."}, | |
749 | |
750 | |
751 {"GlobalAllowPostdated", | |
752 "When checked, allows the new principal to obtain postdated tickets.\n" | |
753 +" \n" | |
754 +"For example, you may need to use postdated tickets for cron jobs" | |
755 +" that need to run after hours and can't obtain tickets in advance" | |
756 +" because of short ticket lifetimes."}, | |
757 | |
758 | |
759 {"GlobalAllowRenewable", | |
760 "When checked, allows the new principal to obtain renewable tickets.\n" | |
761 +" \n" | |
762 +"A principal can automatically extend the expiration date or time of" | |
763 +" a ticket that is renewable (rather than having to get a new ticket" | |
764 +" after the first one expires). Currently, the NFS service is the" | |
765 +" only service that can obtain renewable tickets."}, | |
766 | |
767 | |
768 {"GlobalEnforcePolicy", | |
769 "When checked, the policy selected for the new principal" | |
770 +" will be enforced."}, | |
771 | |
772 {"GlobalAllowTGT", | |
773 "When checked, allows the new service principal to provide services to" | |
774 +" another principal. More specifically, it allows the KDC to issue a" | |
775 +" service ticket for the new service principal.\n" | |
776 +" \n" | |
777 +"This attribute is valid only for service principals." | |
778 +"When not checked," | |
779 +" service tickets cannot be issued for the new service principal."}, | |
780 | |
781 | |
782 {"GlobalForcePwChange", | |
783 "When checked, expires the principal's current password, forcing the" | |
784 +" user to use the kpasswd command to create a new password. This is" | |
785 +" is useful if you want to force users with new principals to set" | |
786 +" up their own passwords."}, | |
787 | |
788 | |
789 {"GlobalAllowForwardable", | |
790 "When checked, allows the new principal to obtain forwardable" | |
791 +" tickets.\n" | |
792 +" \n" | |
793 +"Forwardable tickets are tickets that are forwarded to the remote" | |
794 +" host to provide a single-sign-on session. For example, if you" | |
795 +" are using forwardable tickets and you authenticate yourself" | |
796 +" through ftp or rsh, other services, such as NFS, are available" | |
797 +" without you being prompted for another password."}, | |
798 | |
799 | |
800 {"GlobalAllowSvr", | |
801 "When checked, allows service tickets to be issued for" | |
802 +" the new principal.\n" | |
803 +" \n" | |
804 +"You should not allow service tickets to be issued for the" | |
805 +" 'kadmin/admin' and the 'changepw/admin' principals." | |
806 +" This will ensure that these" | |
807 +" principals can only update the KDC database." }, | |
808 | |
809 | |
810 {"GlobalAllowProxiable", | |
811 "When checked, allows the new principal to obtain proxiable tickets.\n" | |
812 +" \n" | |
813 +"A proxiable ticket is a ticket that can be used by a service on" | |
814 +" behalf of a client to perform an operation for the client." | |
815 +"With a proxiable ticket, a service can take on the identity of" | |
816 +" a client and obtain a ticket for another service, but it cannot" | |
817 +" obtain a ticket-granting ticket."}, | |
818 | |
819 | |
820 | |
821 {"GlobalAllowDupAuth", | |
822 "When checked, allows the new user principal to obtain service" | |
823 +" tickets for other user principals.\n" | |
824 +" \n" | |
825 +"This attribute is valid only for user principals. When not checked," | |
826 +" the new user principal can still obtain service tickets for" | |
827 +" service principals, but not for other user principals."}, | |
828 | |
829 | |
830 {"GlobalRequirePreAuth", | |
831 "When checked, the KDC will not send a requested ticket-granting" | |
832 +" ticket(TGT)" | |
833 +" for the new principal until" | |
834 +" it can authenticate (through software) that it is really the" | |
835 +" principal requesting the TGT. This preauthentication is usually" | |
836 +" done through an extra password, for example, from a DES card.\n" | |
837 +" \n" | |
838 +"When not checked, the KDC will not need preauthenticate the new" | |
839 +" principal before it sends a requested TGT for it."}, | |
840 | |
841 | |
842 {"GlobalRequireHwPreAuth", | |
843 "When checked, the KDC will not send a requested ticket-granting" | |
844 +" ticket(TGT) for the new principal until it can authenticate" | |
845 +" (through hardware) that it is really the principal" | |
846 +" requesting the TGT. Hardware preauthentication could be something" | |
847 +" like a Java ring reader.\n" | |
848 +" \n" | |
849 +"When not checked, the KDC will not need to preauthenticate the new" | |
850 +" principal with hardware before it sends a requested TGT for it."}, | |
851 | |
852 {"GlDefServerSide", | |
853 "When checked, the ticket lifetime values in the new principal are set" | |
854 +" such that " | |
855 +"the maximum value is used. When issuing a ticket the KDC uses the" | |
856 +" minimum of the value defined in the principal entry, in " | |
857 +" /etc/krb5/kdc.conf, or whatever the client requests with kinit."}, | |
858 | |
859 {"GlDefLife", | |
860 "The maximum length of time for which a ticket can be" | |
861 +" granted for the new principal (without renewal).\n" | |
862 +" \n" | |
863 +"To help create a time duration in seconds, click the adjacent" | |
864 +" '...' button to bring up a helper."}, | |
865 | |
866 {"GlDefRenewableLife", | |
867 "The maximum length of time for which an existing" | |
868 +" ticket may be renewed for the new principal.\n" | |
869 +" \n" | |
870 +"To help create a time duration in seconds, click the adjacent" | |
871 +" '...' button to bring up a helper."}, | |
872 | |
873 | |
874 {"GlDefExpiry", | |
875 "The date and time on which the new principal's account expires." | |
876 +"When the account expires, the principal can no longer" | |
877 +" get a ticket-granting ticket (TGT) and may not be able to log in.\n" | |
878 +" \n" | |
879 +"To set up the new account with no expiration date, enter the word" | |
880 +" 'never' in the field.\n" | |
881 +" \n" | |
882 +"To help create a formatted date and time entry, click the adjacent" | |
883 +" '...' button to bring up a helper."}, | |
884 | |
885 | |
886 | |
887 {"GlDefShowLists", | |
888 "When checked, the principal and policy lists will be loaded and" | |
889 +" displayed in the list panels. Large lists may produce significant" | |
890 +" loading times, so it may be more convenient to work without lists" | |
891 +" when they are very large, or you should cache them." | |
892 +"The default is on."}, | |
893 | |
894 | |
895 {"GlDefStaticLists", | |
896 "When checked, the principal and policy lists will be cached" | |
897 +" when they are initially loaded, and the lists will not be refreshed" | |
898 +" from the server unless you use the Refresh menu. Because large" | |
899 +" lists may produce significant loading times, you should cache" | |
900 +" large lists and refresh them when necessary. The default" | |
901 +" is off."}, | |
902 | |
903 | |
904 {"GlDefCacheTime", | |
905 "The period of time that the principal and policy lists will be" | |
906 +" cached before being considered stale and refreshed from the" | |
907 +" server. The default is 300 seconds (6 minutes)."}, | |
908 | |
909 | |
910 {"GlobalSave", | |
911 "Makes a permanent change to the default values by writing them" | |
912 +" to ~/.gkadmin, updates the tool, and closes the window."}, | |
913 | |
914 | |
915 {"GlobalApply", | |
916 "Makes a temporary change to the default values in the tool and" | |
917 +" closes the window. This does not update ~/.gkadmin."}, | |
918 | |
919 | |
920 {"GlobalCancel", | |
921 "Discards all the changes you've made to the current defaults and" | |
922 +" closes the window."}, | |
923 | |
924 // | |
925 // Generic Helper Button Descriptions | |
926 // | |
927 | |
928 {"DateHelperButton", | |
929 "Opens the Date and Time Helper window to help you create" | |
930 +" a formatted date and time entry for the associated field."}, | |
931 | |
932 {"DurationHelperButton", | |
933 "Opens the Time Duration Helper window to help you create a time" | |
934 +" duration in seconds for the associated field."}, | |
935 | |
936 {"EncListHelperButton", | |
937 "Opens the Encryption Types Helper window to help you create" | |
938 +" the principal's keys from the default set."}, | |
939 | |
940 // | |
941 // EncryptionTypeDialogHelp | |
942 // | |
943 | |
944 {"EncryptionTypeDialogHelp", | |
945 "You can select/deselect encryption types for this principal as" | |
946 +" needed. Certain encryption types are similar therefore when" | |
947 +" one of these encryption types is selected the other type(s)" | |
948 +" will be deselected. If no encryption types are selected the" | |
949 +" default set of types will be used, see krb5.conf(4) for these.\n" | |
950 +" \n" | |
951 +"Click OK to copy the encryption list that you've selected to the" | |
952 +" corresponding field.\n" | |
953 +" \n" | |
954 +"Click Clear to unselect all encryption types listed."}, | |
955 | |
956 // | |
957 // DateTimeDialog | |
958 // | |
959 | |
960 {"DateTimeDialogHelp", | |
961 "To change the month, choose from the Month menu.\n " | |
962 +" \n" | |
963 +"To change the other date and time fields, click in the field and" | |
964 +" enter a value, or use the +/- buttons to increment/decrement their" | |
965 +" value. (Hint: Keeping the buttons pressed makes the value change" | |
966 +" at a faster rate.)\n" | |
967 +" \n" | |
968 +"Click Midnight to change the time to midnight, and click Now to" | |
969 +" change the time to the current time based on the system's clock.\n" | |
970 +" \n" | |
971 +"Click OK to copy the date and time settings you've changed to" | |
972 +" the corresponding field."}, | |
973 | |
974 | |
975 // | |
976 // DurationHelper | |
977 // | |
978 | |
979 {"DurationHelperHelp", | |
980 "To help create a time duration in seconds, choose a unit of time" | |
981 +" from the Unit menu, enter a number of units under the" | |
982 +" Value field, and press return (or click '='). The number of" | |
983 +" seconds based on your input will be displayed.\n" | |
984 +" \n" | |
985 +"Click OK to copy the number of seconds you've specified into the" | |
986 +" corresponding field."}, | |
987 | |
988 // | |
989 // PrintUtil | |
990 // | |
991 | |
992 {"PrintUtilHelp", | |
993 "You can either print to a printer or a file.\n" | |
994 +" \n" | |
995 +"To print directly to a printer, click the Print Command" | |
996 +" radio button, enter a print command (if you don't want the default" | |
997 +" print command), and click Print.\n" | |
998 +" \n" | |
999 +"To print to a file, click the File Name radio button, enter a file" | |
1000 +" name, and click Print. The file name can be an absolute path." | |
1001 +" If no path is given, the file will be saved in the directory" | |
1002 +" where gkadmin was started. Click '...' next to the File Name field" | |
1003 +" to open the File Helper window to help you specify a" | |
1004 +" a location and name for the file."}, | |
1005 | |
1006 // | |
1007 // Menubar context sensitive help | |
1008 // | |
1009 | |
1010 {"ContextSensitiveHelp", | |
1011 "Opens the Context-Sensitive Help window and switches the tool into" | |
1012 +" help mode. In help mode, you can get help on any part of the" | |
1013 +" current window just by clicking on it. To dismiss the Help window" | |
1014 +" and switch back to the normal mode, click Dismiss on the Help" | |
1015 +" window."}, | |
1016 | |
1017 {"PrintCurrentPrincipal", | |
1018 "Prints the attributes of the currently selected principal in the" | |
1019 +" list or the currently loaded principal."}, | |
1020 | |
1021 {"PrintCurrentPolicy", | |
1022 "Prints the attributes of the currently selected policy in the" | |
1023 +" list or the currently loaded policy."}, | |
1024 | |
1025 {"PrintPrincipalList", | |
1026 "Prints the list of all the available principals on the master KDC."}, | |
1027 | |
1028 {"PrintPolicyList", | |
1029 "Prints the list of all the available policies on the master KDC."}, | |
1030 | |
1031 {"Logout", | |
1032 "Quits the current session and sends you back to the Login window, so" | |
1033 +" you can change the login fields and log in again."}, | |
1034 | |
1035 {"EditPreferences", | |
1036 "Opens the Properties window, which enables you to" | |
1037 +" specify the default settings for creating new principals" | |
1038 +" and how the tool should manage the principal" | |
1039 +" and policy lists."}, | |
1040 | |
1041 {"RefreshPrincipals", | |
1042 "Forces the principal list to be updated from the server."}, | |
1043 | |
1044 {"RefreshPolicies", | |
1045 "Forces the policy list to be updated from the server."}, | |
1046 | |
1047 {"Exit", | |
1048 "Quits the SEAM Administration Tool."}, | |
1049 | |
1050 {"HelpBrowser", | |
1051 "Opens an HTML browser that provides pointers to overview and task" | |
1052 +" information" | |
1053 +" for the SEAM Administration Tool. This provides the same" | |
1054 +" information as the 'Sun Enterprise Authentication Management" | |
1055 +" Guide'."}, | |
1056 | |
1057 {"About", | |
1058 "Displays the current version of the SEAM Administration Tool."}, | |
1059 | |
1060 {"DateTime...", | |
1061 "Opens the SEAM Date and Time Helper window, which enables you to" | |
1062 +" set the date and time. After you set the date and time and click" | |
1063 +" OK, the settings are automatically formatted and copied into the" | |
1064 +" corresponding field."}, | |
1065 | |
1066 {"Duration...", | |
1067 "Opens the SEAM Duration Helper window, which enables you to specify a" | |
1068 +" time duration and have it converted into seconds." | |
1069 +" After you specify the time" | |
1070 +" and click OK, the time duration is copied into the corresponding" | |
1071 +" field."}, | |
1072 | |
1073 {"EncList...", | |
1074 "Opens the SEAM Encryption Type List Helper window, which enables you" | |
1075 +" to specify custom encryption types for the principal. " | |
1076 +" After you select the encryption types and click OK, the encryption" | |
1077 +" type list is copied into the corresponding field."}, | |
1078 | |
1079 {"Print...", | |
1080 "Opens the SEAM Print Dialog window, which enables you to specify a" | |
1081 +" printer" | |
1082 +" to print the information or a file name in which to save the" | |
1083 +" information."}, | |
1084 | |
1085 {"Bad Duration", | |
1086 "Please enter the duration (in seconds) correctly."}, | |
1087 | |
1088 {"Bad Date", | |
1089 "Please enter the date correctly."}, | |
1090 | |
1091 {"Bad Number", | |
1092 "Please enter the number correctly."} | |
1093 | |
1094 }; // end contents object | |
1095 | |
1096 } |