1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * ident "%Z%%M% %I% %E% SMI" 24 * 25 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 26 * Use is subject to license terms. 27 */ 28 29 import java.util.ListResourceBundle; 30 31 // On-line spot help. Defined as strings of a "contents" object. 32 33 public class HelpData extends ListResourceBundle { 34 public Object [][] getContents() { 35 return contents; 36 } 37 38 static final Object [][] contents = { 39 40 // 41 // Main Login Panel 42 // 43 44 {"MainLoginPanel", 45 // Not currently available in GUI 46 "This window enables you to log in and use the SEAM Administration" 47 +"Tool. The default information that initially fills in the fields" 48 +" is read from the system's /etc/krb5/krb5.conf file (except" 49 +" for the principal name)."}, 50 51 52 {"LoginName", 53 "The principal name to log in with (without realm included)." 54 +"In order to use the SEAM Administration Tool, your principal" 55 +" must have the appropriate privileges specified in the master" 56 +" KDC's kadm5.acl" 57 +" file.\n" 58 +" \n" 59 +"The default principal name consists of your user name with the" 60 +" 'admin' instance appended. For example, 'jdb/admin'."}, 61 62 63 {"LoginPass", 64 "The password for the principal."}, 65 66 67 {"LoginRealm", 68 "The Kerberos realm, which is similar to a DNS domain." 69 +"In most cases, the realm name is your domain name, and it should" 70 +" be upper-case. For example, 'MTN.ACME.COM'.\n" 71 +" \n" 72 +"Each realm has one master KDC and may include slave" 73 +" KDCs that contain read-only copies of the master." 74 +"The default realm is read from the system's" 75 +" /etc/krb5/krb5.conf file."}, 76 77 78 {"LoginServer", 79 "The master KDC where the Kerberos administration server, kadmind," 80 +" is running and where the KDC (Key Distribution Center) is located." 81 +"You must provide a fully-qualified host name for the master KDC.\n" 82 +" \n" 83 +"The default admin server is read from the" 84 +" system's /etc/krb5/krb5.conf file."}, 85 86 87 {"LoginOK", 88 "Checks the information" 89 +" in this window, and if valid, logs you into the tool."}, 90 91 92 {"LoginStartOver", 93 "Resets all fields in this window to their initial" 94 +" settings (when the tool was started)."}, 95 96 97 // 98 // Panel Tabs 99 // 100 101 102 {"PrincipalTab", 103 "Sends you to the list of principals. If you are currently" 104 +" working on a principal or policy and you've made" 105 +" changes, you'll be prompted to cancel or save" 106 +" the changes before being sent to Principal List panel."}, 107 108 109 {"PolicyTab", 110 "Sends you to the list of policies. If you are currently working on a" 111 +" principal or policy and you've made changes, you'll be prompted to" 112 +" cancel or save the changes before being sent to Policy" 113 +" List panel."}, 114 115 116 117 // 118 // Principal List Panel 119 // 120 121 122 {"PrinListPanel", 123 // Not currently available in GUI 124 "This panel enables you to select a principal from the list to modify," 125 +" delete, and duplicate. You can also create a new principal.\n" 126 +" \n" 127 +" principal is an entity to which tickets may be assigned, generally" 128 +" of the form <primary>/<instance>@<REALM>. For example," 129 +" jdb/admin@MTN.ACME.COM.\n" 130 +" \n" 131 +" display a specific principal or" 132 +" sublist of principals, enter a filter string in the Filter Pattern" 133 +" field and press" 134 +" return.\n" 135 +" \n" 136 +"To perform an operation on a principal, select it from the list and" 137 +" click the appropriate button. To create a new principal, click" 138 +" Create New."}, 139 140 141 {"PrList", 142 "Displays all the available principals in the specified realm.\n" 143 +" \n" 144 +"To select a principal, click on its name in the list;" 145 +" double-clicking on a principal is equivalent to selecting" 146 +" the principal and clicking Modify."}, 147 148 149 {"PrNoList", 150 "This list panel is blank when you don't have list privileges" 151 +" or you've chosen not to show lists."}, 152 153 154 {"PrListPattern", 155 "Enables you to apply a filter on the available principals to" 156 +" display a particular principal or sublist of principals." 157 +"The filter string you enter may consist of one or more" 158 +" characters. And, because the filter mechanism is case" 159 +" sensitive, you need to use the appropriate upper-case and" 160 +" lower-case letters for the filter.\n" 161 +" \n" 162 +"For example, entering 'user' for the filter would match" 163 +" and display principals such as 'enguser', 'user1'," 164 +" and 'useradmin'.\n" 165 +" '\n" 166 +"To display a particular principal or sublist of" 167 +" principals, enter a filter string and press return.\n" 168 +" \n" 169 +"To display the entire list of principals, click Clear" 170 +" Filter(or clear the Filter Pattern field and press return)."}, 171 172 173 {"PrNameNoList", 174 "When the principal list is not displayed," 175 +" you must enter principal names in this field to perform" 176 +" operations on them. Entering a name is equivalent to selecting" 177 +" an item from the principal list in normal operation.\n" 178 +" \n" 179 +"To clear the principal entry, click Clear Name (or clear the" 180 +" Name field and press return)."}, 181 182 183 {"PrListClear", 184 "Clears the filter and displays the full list of available", 185 " principals."}, 186 187 188 {"PrNoListClear", 189 "Clears the Name field."}, 190 191 192 {"PrListModify", 193 "Opens a series of panels that enable you to modify the selected" 194 +" principal, such as the principal's password, expiry date," 195 +" and policy."}, 196 197 198 {"PrListAdd", 199 "Opens a series of panels that enable you to create a new principal." 200 +" The panels will have some of the fields already filled in with" 201 +" default values, which you can set up by choosing Properties from" 202 +" the Edit menu.\n" 203 +" \n" 204 +"The Duplicate button performs the same function; however," 205 +" instead of the fields filled in with default values, the fields" 206 +" are filled in with the same values as the selected principal."}, 207 208 209 {"PrListDelete", 210 "Deletes the selected principal from the Kerberos realm. The deleted" 211 +" principal can no longer be assigned Kerberos tickets."}, 212 213 214 {"PrListDuplicate", 215 "Opens a series of panels that enable you to duplicate the selected" 216 +" principal. The panels will have the fields already filled in" 217 +" with the same values as the selected principal," 218 +" except for the principal's name and password." 219 +"You can use this button to quickly create a new principal using " 220 +" another principal as a template.\n" 221 +" \n" 222 +"The Create New button performs the same function; however," 223 +" instead of" 224 +" the fields filled in with the same values as the selected" 225 +" principal, the fields are filled in with default values."}, 226 227 228 229 // 230 // Principal Basics Panel 231 // 232 233 234 {"PrincipalBasicsPanel", 235 // Not currently available in GUI 236 "This panel enables you to specify the basic attributes for a" 237 +" principal."}, 238 239 240 {"PrName", 241 "The name of the principal (the <primary>/<instance> part of a" 242 +" fully-qualified principal name). A principal is a unique identity" 243 +" to which the KDC can assign tickets.\n" 244 +" \n" 245 +"If you are modifying a principal," 246 +" you cannot edit a principal's name.\n" 247 +" \n" 248 +"For service (or host) principal names, the <primary> part must be" 249 +" the name of a service, such as 'host' for telnet and rsh" 250 +" services,'ftp', or 'nfs'." 251 +"The < instance > part must be the name of the system" 252 +" that requires Kerberos authentication for that service." 253 +"For example, 'host/denver.mtn.acme.com'.\n" 254 +" \n" 255 +"For user principal names, the < primary > part must be" 256 +" the name of the" 257 +" user." 258 +"The < instance > part is optional, but it can be a term used to" 259 +" describe the intended use for the principals, such as 'admin', or" 260 +" it can be the name of a system, which enables you to create" 261 +" different" 262 +" principals for the same user on a per-system basis." 263 +" For example, 'jdb/admin', 'jdb/denver@acme.com', or 'jdb'."}, 264 265 266 {"PrComments", 267 "Comments related to the principal (for example," 268 +" 'Temporary Account')."}, 269 270 271 {"PrPolicy", 272 "A menu of available policies for the principal."}, 273 274 275 {"PrPassword", 276 "The password for the principal."}, 277 278 279 {"PrBasicRandomPw", 280 "Creates a random password for the principal and copies it into" 281 +" the Password field."}, 282 283 284 {"PrinBasLastPrincipalChange", 285 "The date on which information for the principal was" 286 +" last modified."}, 287 288 289 {"PrinBasLastChangedBy", 290 "The name of the principal who last modified the account for this" 291 +" principal."}, 292 293 {"EncList", 294 "The encryption types that the principal's keys will be created with." 295 +" Use a white space to separate encryption types." 296 +" Leave blank if the default set of encryption types is desired." 297 +" Refer to krb5.conf for the available encryption types supported." 298 +" The default set of dialog choices can be over-ridden by defining" 299 +" supported_enctypes with the desired list of encryption types in" 300 +" the realm's section of krb5.conf." 301 +" \n" 302 +"Changing encryption types is only applicable when creating a" 303 +" principal or when changing a password. So a password must be" 304 +" accompanied with any encryption type changes."}, 305 306 {"PrExpiry", 307 "The date and time on which the principal's account expires. When the" 308 +" account expires, the principal can no longer" 309 +" get a ticket-granting ticket (TGT) and may not be able to log in.\n" 310 +" \n" 311 +"To set up the account with no expiration date," 312 +" enter the word 'never' in the field.\n" 313 +" \n" 314 +"To help create a formatted date and time entry, click the adjacent" 315 +" '...' button to bring up a helper."}, 316 317 318 {"PrSave", 319 "Saves any changes you've made to the current principal."}, 320 321 322 {"PrCancel", 323 "Discards all the changes you've made to the current principal" 324 +" and sends you back to the list of principals."}, 325 326 327 {"PrBasicPrevious", 328 "Sends you back to the list of principals.\n" 329 +" \n" 330 +"Note that you must save or cancel any changes you've made to" 331 +" the current principal before you can go back to the list."}, 332 333 334 {"PrBasicNext", 335 "Sends you to the next Principal Details panel that contains" 336 +" the password and ticket lifetime attributes for the principal."}, 337 338 339 340 // 341 // Principal Detail Panel 342 // 343 344 345 {"PrincipalDetailPanel", 346 // Not currently available in GUI 347 "This panel enables you to specify the password and" 348 +" ticket lifetime attributes for the principal principal."}, 349 350 351 {"PrinDetLastSuccess", 352 "The date and time when the principal last logged in successfully."}, 353 354 355 {"PrinDetLastFailure", 356 "The date and time when the last login failure for the" 357 +" principal occurred."}, 358 359 360 {"PrinDetFailureCount", 361 "The number of times that there has been a login failure" 362 +" for the principal."}, 363 364 365 {"PrinDetLastPasswordChange", 366 "The date and time when the principal's password was " 367 +" last changed."}, 368 369 370 {"PrPwExpiry", 371 "The date and time when the principal's current password" 372 +" will expire.\n" 373 +" \n" 374 +"To set up the password with no expiration date, enter the" 375 +" word 'never'in the field.\n" 376 +" \n" 377 +"To help create a formatted date and time entry, click the adjacent" 378 +" '...' button to bring up a helper."}, 379 380 381 {"PrKvno", 382 "The key version number for the principal; this is normally" 383 +" changed only when a password has been compromised."}, 384 385 386 {"PrMaxLifetime", 387 "The maximum length of time for which a ticket can be" 388 +" granted for the principal (without renewal).\n" 389 +" \n" 390 +"To help create a time duration in seconds, click the adjacent" 391 +" '...' button to bring up a helper."}, 392 393 394 {"PrMaxRenewal", 395 "The maximum length of time for which an existing" 396 +" ticket may be renewed for the principal.\n" 397 +" \n" 398 +"To help create a time duration in seconds, click the adjacent" 399 +" '...' button to bring up a helper."}, 400 401 402 {"PrDetailPrevious", 403 "Sends you back to the previous Principal Basics panel."}, 404 405 406 {"PrDetailNext", 407 "Sends you to the next Principal Flags panel that contains" 408 +" security, ticket control, and miscellaneous attributes for" 409 +" the principal."}, 410 411 412 413 // 414 // Principal Flags Panel 415 // 416 417 418 419 {"PrincipalFlagsPanel", 420 // Not currently available in GUI 421 "This panel enables you to specify the security, ticket control, and" 422 +" miscellaneous attributes for the principal."}, 423 424 425 {"PrLockAcct", 426 "When checked, prevents the principal from logging in." 427 +" This is a easy way to temporarily freeze" 428 +" a principal account for any reason."}, 429 430 431 {"PrForcePwChange", 432 "When checked, expires the principal's current password, forcing the" 433 +" user to use the kpasswd command to create a new password." 434 +" This is useful if" 435 +" there is a security breach and you need to make sure that old" 436 +" passwords are replaced."}, 437 438 439 {"PrAllowPostdated", 440 "When checked, allows the principal to obtain postdated tickets.\n" 441 +" \n" 442 +"For example, you may need to use postdated tickets for cron jobs" 443 +" that need to run after hours and can't obtain tickets in" 444 +" advance because of short ticket lifetimes."}, 445 446 447 {"PrAllowRenewable", 448 "When checked, allows the principal to obtain renewable tickets.\n" 449 +" \n" 450 +"A principal can automatically extend the expiration date or time of" 451 +" a ticket that is renewable (rather than having to get a new" 452 +" ticket after the first one expires). Currently, the NFS service" 453 +" is the only service that can renew tickets."}, 454 455 456 {"PrAllowSvr", 457 "When checked, allows service tickets to be issued for" 458 +" the principal.\n" 459 +" \n" 460 +"You should not allow service tickets to be issued for the" 461 +" 'kadmin/admin' and 'changepw/admin' principals." 462 +" This will ensure that these" 463 +" principals can only update the KDC database." }, 464 465 466 {"PrAllowForwardable", 467 "When checked, allows the principal to obtain forwardable" 468 +" tickets.\n" 469 +" \n" 470 +"Forwardable tickets are tickets that are forwarded to the" 471 +" remote host to provide a single-sign-on session." 472 +"For example, if you are using forwardable tickets and you" 473 +" authenticate yourself through ftp or rsh, other services," 474 +" such as NFS, are available without you being prompted" 475 +" for another password."}, 476 477 478 {"PrAllowProxiable", 479 "When checked, allows the principal to obtain proxiable tickets.\n" 480 +" \n" 481 +"A proxiable ticket is a ticket that can be used by a service" 482 +" on behalf of a client to perform an operation for the client." 483 +" With a proxiable ticket, a service can take on the identity" 484 +" of a client and obtain a ticket for another service, but it" 485 +" cannot obtain a ticket-granting ticket."}, 486 487 488 {"PrEnforcePolicy", 489 "When checked, the policy selected for this principal" 490 +" will be enforced."}, 491 492 493 {"PrAllowTGT", 494 "When checked, allows the service principal to provide services" 495 +" to another principal. More specifically, it allows the KDC to" 496 +" issue a service ticket for the service principal.\n" 497 +" \n" 498 +"This attribute is valid only for service principals." 499 +"When not checked, service tickets cannot be issued for" 500 +" the service principal."}, 501 502 503 {"PrRequirePreAuth", 504 "When checked, the KDC will not send a requested ticket-granting" 505 +" ticket(TGT) to the principal until it can" 506 +" authenticate (through software) that it is really the principal" 507 +" requesting the TGT. This preauthentication is usually done" 508 +" through an extra password, for example, from a DES card.\n" 509 +" \n" 510 +"When not checked, the KDC will not need to preauthenticate" 511 +" the principal before it sends a requested TGT to it."}, 512 513 514 {"PrAllowDupAuth", 515 "When checked, allows the user principal to obtain service tickets for" 516 +" other user principals.\n" 517 +" \n" 518 +"This attribute is valid only for user principals. When not checked," 519 +" the user principal can still obtain service tickets for" 520 +" service principals, but not for other user principals."}, 521 522 523 {"PrRequireHwPreAuth", 524 "When checked, the KDC will not send a requested ticket-granting" 525 +" ticket(TGT) to the principal until" 526 +" it can authenticate (through hardware) that it is really the" 527 +" principal requesting the TGT. Hardware preauthentication could" 528 +" be something like a Java ring reader.\n" 529 +" \n" 530 +"When not checked, the KDC will not need to preauthenticate" 531 +" the principal before it sends a requested TGT to it."}, 532 533 534 {"PrFlagsPrevious", 535 "Sends you back to the previous Principal Details panel."}, 536 537 // 538 // Done Button 539 // 540 541 {"PrFlagsNext", 542 "Saves any changes you've made to the current principal and" 543 +" sends you back to list of principals."}, 544 545 546 547 // 548 // Policies Panel 549 // 550 551 552 553 {"PoliciesPanel", 554 // Not currently available in GUI 555 "This panel enables you to select a policy from the list to" 556 +" modify, delete, or duplicate. You can also create a new policy.\n" 557 +" \n" 558 +"A policy is a set of behaviors regarding" 559 +" passwords and tickets that can be applied to a principal." 560 +" For example, the principals for system administrators might" 561 +" all have the same policy." 562 +" \n" 563 +"To display a specific policy or sublist of policy," 564 +" enter a filter string in the Filter Pattern field and press" 565 +" return.\n" 566 +" \n" 567 +"To perform an operation on a policy, select it from the list and" 568 +" click the appropriate button. To add a new policy, click New."}, 569 570 571 {"Pollist", 572 "Displays the all the available policies in the specified realm.\n" 573 +" \n" 574 +"To select a policy, click on its name in the list; double-clicking" 575 +" on a policy is equivalent to selecting the policy and clicking" 576 +" Modify"}, 577 578 {"PolNoList", 579 "This list panel is blank when you don't have list privileges" 580 +" or you've chosen not to show lists."}, 581 582 {"PoListPattern", 583 "Enables you to apply a filter on the available policies to display a" 584 +" particular policy or sublist of policies. The filter string you" 585 +" enter may consist of one or more characters, And, because" 586 +" the filter mechanism is case-sensitive, you need to use the" 587 +" appropriate upper-case and lower-case letters for the filter.\n" 588 +" \n" 589 +"For example, entering 'adm' for the filter would match and display," 590 +" policies such as 'admpol', 'adm1', and 'poladmin'.\n" 591 +" \n" 592 +"To display a particular policy or sublist of" 593 +" policies, enter a filter string and press" 594 +" return.\n" 595 +" \n" 596 +"To display the entire list of policies, click Clear" 597 +" Filter (or clear the Filter Pattern field and press return)."}, 598 599 600 {"PoNameNoList", 601 "When the policy list is not displayed," 602 +" you must enter policy names in this field to perform" 603 +" operations on them. Entering a name is equivalent to selecting" 604 +" an item from the list in normal operation.\n" 605 +" \n" 606 +"To clear the policy entry, click Clear Name (or clear the" 607 +" Name field and press return)."}, 608 609 610 {"PoListClear", 611 "Clears the filter and displays the full list of available policies."}, 612 613 614 {"PoNoListClear", 615 "Clears the Name field."}, 616 617 618 {"PoListModify", 619 "Opens the Policy Details panel that enables you to modify the" 620 +" selected policy attributes, such as the policy's minimum password" 621 +" length and the minimum ticket lifetime."}, 622 623 624 625 {"PoListAdd", 626 "Opens the Policy Details panel that enables you to create a new" 627 +" policy. The panel will have some of the fields already filled" 628 +" in with default values.\n" 629 +" \n" 630 +"The Duplicate button performs the same function; however," 631 +" instead of the fields filled in with default values, the" 632 +" fields are filled in with the same values as the selected policy."}, 633 634 635 {"PoListDelete", 636 "Deletes the selected policy from the Kerberos realm."}, 637 638 639 640 {"PoListDuplicate", 641 "Opens the Policy Details panel that enables you to duplicate" 642 +" the selected policy. The panels will have the fields already" 643 +" filled in with the same values as the selected policy," 644 +" except for the policy's name." 645 +"You can use this button to quickly create a new policy using" 646 +" another policy as a template.\n" 647 +" \n" 648 +"The Create New button performs the same function; however," 649 +" the fields are filled in with default values."}, 650 651 652 653 // 654 // Policy.Detail 655 // 656 657 658 {"PoName", 659 "The name of the policy. A policy is set of rules governing a" 660 +" principal's password and tickets.\n" 661 +" \n" 662 +"If you are modifying a policy, you cannot edit a policy's name."}, 663 664 665 666 {"PoMinPwLength", 667 "The minimum length for the principal's password."}, 668 669 670 {"PoMinPwClass", 671 "The minimum number of different character types required in the" 672 +" principal's password." 673 +"For example, a minimum classes value of 2 means that the" 674 +" password must have at least two different character types," 675 +" such as letters and numbers(hi2mom). A value of 3 means that" 676 +" the password must have at least three different character" 677 +" types, such as letters, numbers, and punctuation (hi2mom!)." 678 +"And so on. \n" 679 +" \n" 680 +"A value of 1 basically sets no restriction on the number of password" 681 +" character types."}, 682 683 684 {"PoSavedPasswords", 685 "The number of previous passwords that have been used by the principal" 686 +" and cannot be reused."}, 687 688 689 {"PoMinTicketLifetime", 690 "The minimum time that the password must be used before it can be" 691 +" changed.\n" 692 +" \n" 693 +"To help create a time duration in seconds, click the adjacent" 694 +" '...' button to bring up a helper."}, 695 696 697 {"PoMaxTicketLifetime", 698 "The maximum time that the password can be used before it must be" 699 +" changed.\n" 700 +" \n" 701 +"To help create a time duration in seconds, click the adjacent" 702 +" '...' button to bring up a helper."}, 703 704 705 {"PolDetPrincipalsUsingThisPolicy", 706 "The number of principals to which this policy currently applies."}, 707 708 709 {"PoSave", 710 "Saves any changes you've made to the current policy."}, 711 712 713 {"PoCancel", 714 "Discards all the changes you've made to the current policy and sends" 715 +" you back to the list of policies."}, 716 717 718 {"PoDetailPrevious", 719 "Sends you back to the list of policies.\n" 720 +" \n" 721 +"Note that you must save or cancel any changes you've made to the" 722 +" current policy before you can go back to the list."}, 723 724 725 {"PoDetailDone", 726 "Saves any changes you've made to the current policy and sends" 727 +" you back to list of policies."}, 728 729 730 731 // 732 // Defaults Panel 733 // 734 735 736 {"DefaultsPanel", 737 // Not currently available in GUI 738 "This window enables you to change the default settings for adding new" 739 +" principals."}, 740 741 742 {"GlobalLockAcct", 743 "When checked, prevents the new principal from logging in." 744 +"This is a easy way to temporarily freeze" 745 +" new principal accounts for any reason. For example, you may want" 746 +" to add a number of new principals in the beginning of the week," 747 +" but you might not want to activate them until the end of the" 748 +" week."}, 749 750 751 {"GlobalAllowPostdated", 752 "When checked, allows the new principal to obtain postdated tickets.\n" 753 +" \n" 754 +"For example, you may need to use postdated tickets for cron jobs" 755 +" that need to run after hours and can't obtain tickets in advance" 756 +" because of short ticket lifetimes."}, 757 758 759 {"GlobalAllowRenewable", 760 "When checked, allows the new principal to obtain renewable tickets.\n" 761 +" \n" 762 +"A principal can automatically extend the expiration date or time of" 763 +" a ticket that is renewable (rather than having to get a new ticket" 764 +" after the first one expires). Currently, the NFS service is the" 765 +" only service that can obtain renewable tickets."}, 766 767 768 {"GlobalEnforcePolicy", 769 "When checked, the policy selected for the new principal" 770 +" will be enforced."}, 771 772 {"GlobalAllowTGT", 773 "When checked, allows the new service principal to provide services to" 774 +" another principal. More specifically, it allows the KDC to issue a" 775 +" service ticket for the new service principal.\n" 776 +" \n" 777 +"This attribute is valid only for service principals." 778 +"When not checked," 779 +" service tickets cannot be issued for the new service principal."}, 780 781 782 {"GlobalForcePwChange", 783 "When checked, expires the principal's current password, forcing the" 784 +" user to use the kpasswd command to create a new password. This is" 785 +" is useful if you want to force users with new principals to set" 786 +" up their own passwords."}, 787 788 789 {"GlobalAllowForwardable", 790 "When checked, allows the new principal to obtain forwardable" 791 +" tickets.\n" 792 +" \n" 793 +"Forwardable tickets are tickets that are forwarded to the remote" 794 +" host to provide a single-sign-on session. For example, if you" 795 +" are using forwardable tickets and you authenticate yourself" 796 +" through ftp or rsh, other services, such as NFS, are available" 797 +" without you being prompted for another password."}, 798 799 800 {"GlobalAllowSvr", 801 "When checked, allows service tickets to be issued for" 802 +" the new principal.\n" 803 +" \n" 804 +"You should not allow service tickets to be issued for the" 805 +" 'kadmin/admin' and the 'changepw/admin' principals." 806 +" This will ensure that these" 807 +" principals can only update the KDC database." }, 808 809 810 {"GlobalAllowProxiable", 811 "When checked, allows the new principal to obtain proxiable tickets.\n" 812 +" \n" 813 +"A proxiable ticket is a ticket that can be used by a service on" 814 +" behalf of a client to perform an operation for the client." 815 +"With a proxiable ticket, a service can take on the identity of" 816 +" a client and obtain a ticket for another service, but it cannot" 817 +" obtain a ticket-granting ticket."}, 818 819 820 821 {"GlobalAllowDupAuth", 822 "When checked, allows the new user principal to obtain service" 823 +" tickets for other user principals.\n" 824 +" \n" 825 +"This attribute is valid only for user principals. When not checked," 826 +" the new user principal can still obtain service tickets for" 827 +" service principals, but not for other user principals."}, 828 829 830 {"GlobalRequirePreAuth", 831 "When checked, the KDC will not send a requested ticket-granting" 832 +" ticket(TGT)" 833 +" for the new principal until" 834 +" it can authenticate (through software) that it is really the" 835 +" principal requesting the TGT. This preauthentication is usually" 836 +" done through an extra password, for example, from a DES card.\n" 837 +" \n" 838 +"When not checked, the KDC will not need preauthenticate the new" 839 +" principal before it sends a requested TGT for it."}, 840 841 842 {"GlobalRequireHwPreAuth", 843 "When checked, the KDC will not send a requested ticket-granting" 844 +" ticket(TGT) for the new principal until it can authenticate" 845 +" (through hardware) that it is really the principal" 846 +" requesting the TGT. Hardware preauthentication could be something" 847 +" like a Java ring reader.\n" 848 +" \n" 849 +"When not checked, the KDC will not need to preauthenticate the new" 850 +" principal with hardware before it sends a requested TGT for it."}, 851 852 {"GlDefServerSide", 853 "When checked, the ticket lifetime values in the new principal are set" 854 +" such that " 855 +"the maximum value is used. When issuing a ticket the KDC uses the" 856 +" minimum of the value defined in the principal entry, in " 857 +" /etc/krb5/kdc.conf, or whatever the client requests with kinit."}, 858 859 {"GlDefLife", 860 "The maximum length of time for which a ticket can be" 861 +" granted for the new principal (without renewal).\n" 862 +" \n" 863 +"To help create a time duration in seconds, click the adjacent" 864 +" '...' button to bring up a helper."}, 865 866 {"GlDefRenewableLife", 867 "The maximum length of time for which an existing" 868 +" ticket may be renewed for the new principal.\n" 869 +" \n" 870 +"To help create a time duration in seconds, click the adjacent" 871 +" '...' button to bring up a helper."}, 872 873 874 {"GlDefExpiry", 875 "The date and time on which the new principal's account expires." 876 +"When the account expires, the principal can no longer" 877 +" get a ticket-granting ticket (TGT) and may not be able to log in.\n" 878 +" \n" 879 +"To set up the new account with no expiration date, enter the word" 880 +" 'never' in the field.\n" 881 +" \n" 882 +"To help create a formatted date and time entry, click the adjacent" 883 +" '...' button to bring up a helper."}, 884 885 886 887 {"GlDefShowLists", 888 "When checked, the principal and policy lists will be loaded and" 889 +" displayed in the list panels. Large lists may produce significant" 890 +" loading times, so it may be more convenient to work without lists" 891 +" when they are very large, or you should cache them." 892 +"The default is on."}, 893 894 895 {"GlDefStaticLists", 896 "When checked, the principal and policy lists will be cached" 897 +" when they are initially loaded, and the lists will not be refreshed" 898 +" from the server unless you use the Refresh menu. Because large" 899 +" lists may produce significant loading times, you should cache" 900 +" large lists and refresh them when necessary. The default" 901 +" is off."}, 902 903 904 {"GlDefCacheTime", 905 "The period of time that the principal and policy lists will be" 906 +" cached before being considered stale and refreshed from the" 907 +" server. The default is 300 seconds (6 minutes)."}, 908 909 910 {"GlobalSave", 911 "Makes a permanent change to the default values by writing them" 912 +" to ~/.gkadmin, updates the tool, and closes the window."}, 913 914 915 {"GlobalApply", 916 "Makes a temporary change to the default values in the tool and" 917 +" closes the window. This does not update ~/.gkadmin."}, 918 919 920 {"GlobalCancel", 921 "Discards all the changes you've made to the current defaults and" 922 +" closes the window."}, 923 924 // 925 // Generic Helper Button Descriptions 926 // 927 928 {"DateHelperButton", 929 "Opens the Date and Time Helper window to help you create" 930 +" a formatted date and time entry for the associated field."}, 931 932 {"DurationHelperButton", 933 "Opens the Time Duration Helper window to help you create a time" 934 +" duration in seconds for the associated field."}, 935 936 {"EncListHelperButton", 937 "Opens the Encryption Types Helper window to help you create" 938 +" the principal's keys from the default set."}, 939 940 // 941 // EncryptionTypeDialogHelp 942 // 943 944 {"EncryptionTypeDialogHelp", 945 "You can select/deselect encryption types for this principal as" 946 +" needed. Certain encryption types are similar therefore when" 947 +" one of these encryption types is selected the other type(s)" 948 +" will be deselected. If no encryption types are selected the" 949 +" default set of types will be used, see krb5.conf(4) for these.\n" 950 +" \n" 951 +"Click OK to copy the encryption list that you've selected to the" 952 +" corresponding field.\n" 953 +" \n" 954 +"Click Clear to unselect all encryption types listed."}, 955 956 // 957 // DateTimeDialog 958 // 959 960 {"DateTimeDialogHelp", 961 "To change the month, choose from the Month menu.\n " 962 +" \n" 963 +"To change the other date and time fields, click in the field and" 964 +" enter a value, or use the +/- buttons to increment/decrement their" 965 +" value. (Hint: Keeping the buttons pressed makes the value change" 966 +" at a faster rate.)\n" 967 +" \n" 968 +"Click Midnight to change the time to midnight, and click Now to" 969 +" change the time to the current time based on the system's clock.\n" 970 +" \n" 971 +"Click OK to copy the date and time settings you've changed to" 972 +" the corresponding field."}, 973 974 975 // 976 // DurationHelper 977 // 978 979 {"DurationHelperHelp", 980 "To help create a time duration in seconds, choose a unit of time" 981 +" from the Unit menu, enter a number of units under the" 982 +" Value field, and press return (or click '='). The number of" 983 +" seconds based on your input will be displayed.\n" 984 +" \n" 985 +"Click OK to copy the number of seconds you've specified into the" 986 +" corresponding field."}, 987 988 // 989 // PrintUtil 990 // 991 992 {"PrintUtilHelp", 993 "You can either print to a printer or a file.\n" 994 +" \n" 995 +"To print directly to a printer, click the Print Command" 996 +" radio button, enter a print command (if you don't want the default" 997 +" print command), and click Print.\n" 998 +" \n" 999 +"To print to a file, click the File Name radio button, enter a file" 1000 +" name, and click Print. The file name can be an absolute path." 1001 +" If no path is given, the file will be saved in the directory" 1002 +" where gkadmin was started. Click '...' next to the File Name field" 1003 +" to open the File Helper window to help you specify a" 1004 +" a location and name for the file."}, 1005 1006 // 1007 // Menubar context sensitive help 1008 // 1009 1010 {"ContextSensitiveHelp", 1011 "Opens the Context-Sensitive Help window and switches the tool into" 1012 +" help mode. In help mode, you can get help on any part of the" 1013 +" current window just by clicking on it. To dismiss the Help window" 1014 +" and switch back to the normal mode, click Dismiss on the Help" 1015 +" window."}, 1016 1017 {"PrintCurrentPrincipal", 1018 "Prints the attributes of the currently selected principal in the" 1019 +" list or the currently loaded principal."}, 1020 1021 {"PrintCurrentPolicy", 1022 "Prints the attributes of the currently selected policy in the" 1023 +" list or the currently loaded policy."}, 1024 1025 {"PrintPrincipalList", 1026 "Prints the list of all the available principals on the master KDC."}, 1027 1028 {"PrintPolicyList", 1029 "Prints the list of all the available policies on the master KDC."}, 1030 1031 {"Logout", 1032 "Quits the current session and sends you back to the Login window, so" 1033 +" you can change the login fields and log in again."}, 1034 1035 {"EditPreferences", 1036 "Opens the Properties window, which enables you to" 1037 +" specify the default settings for creating new principals" 1038 +" and how the tool should manage the principal" 1039 +" and policy lists."}, 1040 1041 {"RefreshPrincipals", 1042 "Forces the principal list to be updated from the server."}, 1043 1044 {"RefreshPolicies", 1045 "Forces the policy list to be updated from the server."}, 1046 1047 {"Exit", 1048 "Quits the SEAM Administration Tool."}, 1049 1050 {"HelpBrowser", 1051 "Opens an HTML browser that provides pointers to overview and task" 1052 +" information" 1053 +" for the SEAM Administration Tool. This provides the same" 1054 +" information as the 'Sun Enterprise Authentication Management" 1055 +" Guide'."}, 1056 1057 {"About", 1058 "Displays the current version of the SEAM Administration Tool."}, 1059 1060 {"DateTime...", 1061 "Opens the SEAM Date and Time Helper window, which enables you to" 1062 +" set the date and time. After you set the date and time and click" 1063 +" OK, the settings are automatically formatted and copied into the" 1064 +" corresponding field."}, 1065 1066 {"Duration...", 1067 "Opens the SEAM Duration Helper window, which enables you to specify a" 1068 +" time duration and have it converted into seconds." 1069 +" After you specify the time" 1070 +" and click OK, the time duration is copied into the corresponding" 1071 +" field."}, 1072 1073 {"EncList...", 1074 "Opens the SEAM Encryption Type List Helper window, which enables you" 1075 +" to specify custom encryption types for the principal. " 1076 +" After you select the encryption types and click OK, the encryption" 1077 +" type list is copied into the corresponding field."}, 1078 1079 {"Print...", 1080 "Opens the SEAM Print Dialog window, which enables you to specify a" 1081 +" printer" 1082 +" to print the information or a file name in which to save the" 1083 +" information."}, 1084 1085 {"Bad Duration", 1086 "Please enter the duration (in seconds) correctly."}, 1087 1088 {"Bad Date", 1089 "Please enter the date correctly."}, 1090 1091 {"Bad Number", 1092 "Please enter the number correctly."} 1093 1094 }; // end contents object 1095 1096 } 1097