1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * ident "%Z%%M% %I% %E% SMI" 24 * 25 * Copyright (c) 2000 by Sun Microsystems, Inc. 26 * All rights reserved. 27 * 28 */ 29 30 import java.util.ListResourceBundle; 31 32 // On-line spot help. Defined as strings of a "contents" object. 33 34 public class HelpData extends ListResourceBundle { 35 public Object [][] getContents() { 36 return contents; 37 } 38 39 static final Object [][] contents = { 40 41 // 42 // Main Login Panel 43 // 44 45 {"MainLoginPanel", 46 // Not currently available in GUI 47 "This window enables you to log in and use the SEAM Administration" 48 +"Tool. The default information that initially fills in the fields" 49 +" is read from the system's /etc/krb5/krb5.conf file (except" 50 +" for the principal name)."}, 51 52 53 {"LoginName", 54 "The principal name to log in with (without realm included)." 55 +"In order to use the SEAM Administration Tool, your principal" 56 +" must have the appropriate privileges specified in the master" 57 +" KDC's kadm5.acl" 58 +" file.\n" 59 +" \n" 60 +"The default principal name consists of your user name with the" 61 +" 'admin' instance appended. For example, 'jdb/admin'."}, 62 63 64 {"LoginPass", 65 "The password for the principal."}, 66 67 68 {"LoginRealm", 69 "The Kerberos realm, which is similar to a DNS domain." 70 +"In most cases, the realm name is your domain name, and it should" 71 +" be upper-case. For example, 'MTN.ACME.COM'.\n" 72 +" \n" 73 +"Each realm has one master KDC and may include slave" 74 +" KDCs that contain read-only copies of the master." 75 +"The default realm is read from the system's" 76 +" /etc/krb5/krb5.conf file."}, 77 78 79 {"LoginServer", 80 "The master KDC where the Kerberos administration server, kadmind," 81 +" is running and where the KDC (Key Distribution Center) is located." 82 +"You must provide a fully-qualified host name for the master KDC.\n" 83 +" \n" 84 +"The default admin server is read from the" 85 +" system's /etc/krb5/krb5.conf file."}, 86 87 88 {"LoginOK", 89 "Checks the information" 90 +" in this window, and if valid, logs you into the tool."}, 91 92 93 {"LoginStartOver", 94 "Resets all fields in this window to their initial" 95 +" settings (when the tool was started)."}, 96 97 98 // 99 // Panel Tabs 100 // 101 102 103 {"PrincipalTab", 104 "Sends you to the list of principals. If you are currently" 105 +" working on a principal or policy and you've made" 106 +" changes, you'll be prompted to cancel or save" 107 +" the changes before being sent to Principal List panel."}, 108 109 110 {"PolicyTab", 111 "Sends you to the list of policies. If you are currently working on a" 112 +" principal or policy and you've made changes, you'll be prompted to" 113 +" cancel or save the changes before being sent to Policy" 114 +" List panel."}, 115 116 117 118 // 119 // Principal List Panel 120 // 121 122 123 {"PrinListPanel", 124 // Not currently available in GUI 125 "This panel enables you to select a principal from the list to modify," 126 +" delete, and duplicate. You can also create a new principal.\n" 127 +" \n" 128 +" principal is an entity to which tickets may be assigned, generally" 129 +" of the form <primary>/<instance>@<REALM>. For example," 130 +" jdb/admin@MTN.ACME.COM.\n" 131 +" \n" 132 +" display a specific principal or" 133 +" sublist of principals, enter a filter string in the Filter Pattern" 134 +" field and press" 135 +" return.\n" 136 +" \n" 137 +"To perform an operation on a principal, select it from the list and" 138 +" click the appropriate button. To create a new principal, click" 139 +" Create New."}, 140 141 142 {"PrList", 143 "Displays all the available principals in the specified realm.\n" 144 +" \n" 145 +"To select a principal, click on its name in the list;" 146 +" double-clicking on a principal is equivalent to selecting" 147 +" the principal and clicking Modify."}, 148 149 150 {"PrNoList", 151 "This list panel is blank when you don't have list privileges" 152 +" or you've chosen not to show lists."}, 153 154 155 {"PrListPattern", 156 "Enables you to apply a filter on the available principals to" 157 +" display a particular principal or sublist of principals." 158 +"The filter string you enter may consist of one or more" 159 +" characters. And, because the filter mechanism is case" 160 +" sensitive, you need to use the appropriate upper-case and" 161 +" lower-case letters for the filter.\n" 162 +" \n" 163 +"For example, entering 'user' for the filter would match" 164 +" and display principals such as 'enguser', 'user1'," 165 +" and 'useradmin'.\n" 166 +" '\n" 167 +"To display a particular principal or sublist of" 168 +" principals, enter a filter string and press return.\n" 169 +" \n" 170 +"To display the entire list of principals, click Clear" 171 +" Filter(or clear the Filter Pattern field and press return)."}, 172 173 174 {"PrNameNoList", 175 "When the principal list is not displayed," 176 +" you must enter principal names in this field to perform" 177 +" operations on them. Entering a name is equivalent to selecting" 178 +" an item from the principal list in normal operation.\n" 179 +" \n" 180 +"To clear the principal entry, click Clear Name (or clear the" 181 +" Name field and press return)."}, 182 183 184 {"PrListClear", 185 "Clears the filter and displays the full list of available", 186 " principals."}, 187 188 189 {"PrNoListClear", 190 "Clears the Name field."}, 191 192 193 {"PrListModify", 194 "Opens a series of panels that enable you to modify the selected" 195 +" principal, such as the principal's password, expiry date," 196 +" and policy."}, 197 198 199 {"PrListAdd", 200 "Opens a series of panels that enable you to create a new principal." 201 +" The panels will have some of the fields already filled in with" 202 +" default values, which you can set up by choosing Properties from" 203 +" the Edit menu.\n" 204 +" \n" 205 +"The Duplicate button performs the same function; however," 206 +" instead of the fields filled in with default values, the fields" 207 +" are filled in with the same values as the selected principal."}, 208 209 210 {"PrListDelete", 211 "Deletes the selected principal from the Kerberos realm. The deleted" 212 +" principal can no longer be assigned Kerberos tickets."}, 213 214 215 {"PrListDuplicate", 216 "Opens a series of panels that enable you to duplicate the selected" 217 +" principal. The panels will have the fields already filled in" 218 +" with the same values as the selected principal," 219 +" except for the principal's name and password." 220 +"You can use this button to quickly create a new principal using " 221 +" another principal as a template.\n" 222 +" \n" 223 +"The Create New button performs the same function; however," 224 +" instead of" 225 +" the fields filled in with the same values as the selected" 226 +" principal, the fields are filled in with default values."}, 227 228 229 230 // 231 // Principal Basics Panel 232 // 233 234 235 {"PrincipalBasicsPanel", 236 // Not currently available in GUI 237 "This panel enables you to specify the basic attributes for a" 238 +" principal."}, 239 240 241 {"PrName", 242 "The name of the principal (the <primary>/<instance> part of a" 243 +" fully-qualified principal name). A principal is a unique identity" 244 +" to which the KDC can assign tickets.\n" 245 +" \n" 246 +"If you are modifying a principal," 247 +" you cannot edit a principal's name.\n" 248 +" \n" 249 +"For service (or host) principal names, the <primary> part must be" 250 +" the name of a service, such as 'host' for telnet and rsh" 251 +" services,'ftp', or 'nfs'." 252 +"The < instance > part must be the name of the system" 253 +" that requires Kerberos authentication for that service." 254 +"For example, 'host/denver.mtn.acme.com'.\n" 255 +" \n" 256 +"For user principal names, the < primary > part must be" 257 +" the name of the" 258 +" user." 259 +"The < instance > part is optional, but it can be a term used to" 260 +" describe the intended use for the principals, such as 'admin', or" 261 +" it can be the name of a system, which enables you to create" 262 +" different" 263 +" principals for the same user on a per-system basis." 264 +" For example, 'jdb/admin', 'jdb/denver@acme.com', or 'jdb'."}, 265 266 267 {"PrComments", 268 "Comments related to the principal (for example," 269 +" 'Temporary Account')."}, 270 271 272 {"PrPolicy", 273 "A menu of available policies for the principal."}, 274 275 276 {"PrPassword", 277 "The password for the principal."}, 278 279 280 {"PrBasicRandomPw", 281 "Creates a random password for the principal and copies it into" 282 +" the Password field."}, 283 284 285 {"PrinBasLastPrincipalChange", 286 "The date on which information for the principal was" 287 +" last modified."}, 288 289 290 {"PrinBasLastChangedBy", 291 "The name of the principal who last modified the account for this" 292 +" principal."}, 293 294 295 {"PrExpiry", 296 "The date and time on which the principal's account expires. When the" 297 +" account expires, the principal can no longer" 298 +" get a ticket-granting ticket (TGT) and may not be able to log in.\n" 299 +" \n" 300 +"To set up the account with no expiration date," 301 +" enter the word 'never' in the field.\n" 302 +" \n" 303 +"To help create a formatted date and time entry, click the adjacent" 304 +" '...' button to bring up a helper."}, 305 306 307 {"PrSave", 308 "Saves any changes you've made to the current principal."}, 309 310 311 {"PrCancel", 312 "Discards all the changes you've made to the current principal" 313 +" and sends you back to the list of principals."}, 314 315 316 {"PrBasicPrevious", 317 "Sends you back to the list of principals.\n" 318 +" \n" 319 +"Note that you must save or cancel any changes you've made to" 320 +" the current principal before you can go back to the list."}, 321 322 323 {"PrBasicNext", 324 "Sends you to the next Principal Details panel that contains" 325 +" the password and ticket lifetime attributes for the principal."}, 326 327 328 329 // 330 // Principal Detail Panel 331 // 332 333 334 {"PrincipalDetailPanel", 335 // Not currently available in GUI 336 "This panel enables you to specify the password and" 337 +" ticket lifetime attributes for the principal principal."}, 338 339 340 {"PrinDetLastSuccess", 341 "The date and time when the principal last logged in successfully."}, 342 343 344 {"PrinDetLastFailure", 345 "The date and time when the last login failure for the" 346 +" principal occurred."}, 347 348 349 {"PrinDetFailureCount", 350 "The number of times that there has been a login failure" 351 +" for the principal."}, 352 353 354 {"PrinDetLastPasswordChange", 355 "The date and time when the principal's password was " 356 +" last changed."}, 357 358 359 {"PrPwExpiry", 360 "The date and time when the principal's current password" 361 +" will expire.\n" 362 +" \n" 363 +"To set up the password with no expiration date, enter the" 364 +" word 'never'in the field.\n" 365 +" \n" 366 +"To help create a formatted date and time entry, click the adjacent" 367 +" '...' button to bring up a helper."}, 368 369 370 {"PrKvno", 371 "The key version number for the principal; this is normally" 372 +" changed only when a password has been compromised."}, 373 374 375 {"PrMaxLifetime", 376 "The maximum length of time for which a ticket can be" 377 +" granted for the principal (without renewal).\n" 378 +" \n" 379 +"To help create a time duration in seconds, click the adjacent" 380 +" '...' button to bring up a helper."}, 381 382 383 {"PrMaxRenewal", 384 "The maximum length of time for which an existing" 385 +" ticket may be renewed for the principal.\n" 386 +" \n" 387 +"To help create a time duration in seconds, click the adjacent" 388 +" '...' button to bring up a helper."}, 389 390 391 {"PrDetailPrevious", 392 "Sends you back to the previous Principal Basics panel."}, 393 394 395 {"PrDetailNext", 396 "Sends you to the next Principal Flags panel that contains" 397 +" security, ticket control, and miscellaneous attributes for" 398 +" the principal."}, 399 400 401 402 // 403 // Principal Flags Panel 404 // 405 406 407 408 {"PrincipalFlagsPanel", 409 // Not currently available in GUI 410 "This panel enables you to specify the security, ticket control, and" 411 +" miscellaneous attributes for the principal."}, 412 413 414 {"PrLockAcct", 415 "When checked, prevents the principal from logging in." 416 +" This is a easy way to temporarily freeze" 417 +" a principal account for any reason."}, 418 419 420 {"PrForcePwChange", 421 "When checked, expires the principal's current password, forcing the" 422 +" user to use the kpasswd command to create a new password." 423 +" This is useful if" 424 +" there is a security breach and you need to make sure that old" 425 +" passwords are replaced."}, 426 427 428 {"PrAllowPostdated", 429 "When checked, allows the principal to obtain postdated tickets.\n" 430 +" \n" 431 +"For example, you may need to use postdated tickets for cron jobs" 432 +" that need to run after hours and can't obtain tickets in" 433 +" advance because of short ticket lifetimes."}, 434 435 436 {"PrAllowRenewable", 437 "When checked, allows the principal to obtain renewable tickets.\n" 438 +" \n" 439 +"A principal can automatically extend the expiration date or time of" 440 +" a ticket that is renewable (rather than having to get a new" 441 +" ticket after the first one expires). Currently, the NFS service" 442 +" is the only service that can renew tickets."}, 443 444 445 {"PrAllowSvr", 446 "When checked, allows service tickets to be issued for" 447 +" the principal.\n" 448 +" \n" 449 +"You should not allow service tickets to be issued for the" 450 +" 'kadmin/admin' and 'changepw/admin' principals." 451 +" This will ensure that these" 452 +" principals can only update the KDC database." }, 453 454 455 {"PrAllowForwardable", 456 "When checked, allows the principal to obtain forwardable" 457 +" tickets.\n" 458 +" \n" 459 +"Forwardable tickets are tickets that are forwarded to the" 460 +" remote host to provide a single-sign-on session." 461 +"For example, if you are using forwardable tickets and you" 462 +" authenticate yourself through ftp or rsh, other services," 463 +" such as NFS, are available without you being prompted" 464 +" for another password."}, 465 466 467 {"PrAllowProxiable", 468 "When checked, allows the principal to obtain proxiable tickets.\n" 469 +" \n" 470 +"A proxiable ticket is a ticket that can be used by a service" 471 +" on behalf of a client to perform an operation for the client." 472 +" With a proxiable ticket, a service can take on the identity" 473 +" of a client and obtain a ticket for another service, but it" 474 +" cannot obtain a ticket-granting ticket."}, 475 476 477 {"PrEnforcePolicy", 478 "When checked, the policy selected for this principal" 479 +" will be enforced."}, 480 481 482 {"PrAllowTGT", 483 "When checked, allows the service principal to provide services" 484 +" to another principal. More specifically, it allows the KDC to" 485 +" issue a service ticket for the service principal.\n" 486 +" \n" 487 +"This attribute is valid only for service principals." 488 +"When not checked, service tickets cannot be issued for" 489 +" the service principal."}, 490 491 492 {"PrRequirePreAuth", 493 "When checked, the KDC will not send a requested ticket-granting" 494 +" ticket(TGT) to the principal until it can" 495 +" authenticate (through software) that it is really the principal" 496 +" requesting the TGT. This preauthentication is usually done" 497 +" through an extra password, for example, from a DES card.\n" 498 +" \n" 499 +"When not checked, the KDC will not need to preauthenticate" 500 +" the principal before it sends a requested TGT to it."}, 501 502 503 {"PrAllowDupAuth", 504 "When checked, allows the user principal to obtain service tickets for" 505 +" other user principals.\n" 506 +" \n" 507 +"This attribute is valid only for user principals. When not checked," 508 +" the user principal can still obtain service tickets for" 509 +" service principals, but not for other user principals."}, 510 511 512 {"PrRequireHwPreAuth", 513 "When checked, the KDC will not send a requested ticket-granting" 514 +" ticket(TGT) to the principal until" 515 +" it can authenticate (through hardware) that it is really the" 516 +" principal requesting the TGT. Hardware preauthentication could" 517 +" be something like a Java ring reader.\n" 518 +" \n" 519 +"When not checked, the KDC will not need to preauthenticate" 520 +" the principal before it sends a requested TGT to it."}, 521 522 523 {"PrFlagsPrevious", 524 "Sends you back to the previous Principal Details panel."}, 525 526 // 527 // Done Button 528 // 529 530 {"PrFlagsNext", 531 "Saves any changes you've made to the current principal and" 532 +" sends you back to list of principals."}, 533 534 535 536 // 537 // Policies Panel 538 // 539 540 541 542 {"PoliciesPanel", 543 // Not currently available in GUI 544 "This panel enables you to select a policy from the list to" 545 +" modify, delete, or duplicate. You can also create a new policy.\n" 546 +" \n" 547 +"A policy is a set of behaviors regarding" 548 +" passwords and tickets that can be applied to a principal." 549 +" For example, the principals for system administrators might" 550 +" all have the same policy." 551 +" \n" 552 +"To display a specific policy or sublist of policy," 553 +" enter a filter string in the Filter Pattern field and press" 554 +" return.\n" 555 +" \n" 556 +"To perform an operation on a policy, select it from the list and" 557 +" click the appropriate button. To add a new policy, click New."}, 558 559 560 {"Pollist", 561 "Displays the all the available policies in the specified realm.\n" 562 +" \n" 563 +"To select a policy, click on its name in the list; double-clicking" 564 +" on a policy is equivalent to selecting the policy and clicking" 565 +" Modify"}, 566 567 {"PolNoList", 568 "This list panel is blank when you don't have list privileges" 569 +" or you've chosen not to show lists."}, 570 571 {"PoListPattern", 572 "Enables you to apply a filter on the available policies to display a" 573 +" particular policy or sublist of policies. The filter string you" 574 +" enter may consist of one or more characters, And, because" 575 +" the filter mechanism is case-sensitive, you need to use the" 576 +" appropriate upper-case and lower-case letters for the filter.\n" 577 +" \n" 578 +"For example, entering 'adm' for the filter would match and display," 579 +" policies such as 'admpol', 'adm1', and 'poladmin'.\n" 580 +" \n" 581 +"To display a particular policy or sublist of" 582 +" policies, enter a filter string and press" 583 +" return.\n" 584 +" \n" 585 +"To display the entire list of policies, click Clear" 586 +" Filter (or clear the Filter Pattern field and press return)."}, 587 588 589 {"PoNameNoList", 590 "When the policy list is not displayed," 591 +" you must enter policy names in this field to perform" 592 +" operations on them. Entering a name is equivalent to selecting" 593 +" an item from the list in normal operation.\n" 594 +" \n" 595 +"To clear the policy entry, click Clear Name (or clear the" 596 +" Name field and press return)."}, 597 598 599 {"PoListClear", 600 "Clears the filter and displays the full list of available policies."}, 601 602 603 {"PoNoListClear", 604 "Clears the Name field."}, 605 606 607 {"PoListModify", 608 "Opens the Policy Details panel that enables you to modify the" 609 +" selected policy attributes, such as the policy's minimum password" 610 +" length and the minimum ticket lifetime."}, 611 612 613 614 {"PoListAdd", 615 "Opens the Policy Details panel that enables you to create a new" 616 +" policy. The panel will have some of the fields already filled" 617 +" in with default values.\n" 618 +" \n" 619 +"The Duplicate button performs the same function; however," 620 +" instead of the fields filled in with default values, the" 621 +" fields are filled in with the same values as the selected policy."}, 622 623 624 {"PoListDelete", 625 "Deletes the selected policy from the Kerberos realm."}, 626 627 628 629 {"PoListDuplicate", 630 "Opens the Policy Details panel that enables you to duplicate" 631 +" the selected policy. The panels will have the fields already" 632 +" filled in with the same values as the selected policy," 633 +" except for the policy's name." 634 +"You can use this button to quickly create a new policy using" 635 +" another policy as a template.\n" 636 +" \n" 637 +"The Create New button performs the same function; however," 638 +" the fields are filled in with default values."}, 639 640 641 642 // 643 // Policy.Detail 644 // 645 646 647 {"PoName", 648 "The name of the policy. A policy is set of rules governing a" 649 +" principal's password and tickets.\n" 650 +" \n" 651 +"If you are modifying a policy, you cannot edit a policy's name."}, 652 653 654 655 {"PoMinPwLength", 656 "The minimum length for the principal's password."}, 657 658 659 {"PoMinPwClass", 660 "The minimum number of different character types required in the" 661 +" principal's password." 662 +"For example, a minimum classes value of 2 means that the" 663 +" password must have at least two different character types," 664 +" such as letters and numbers(hi2mom). A value of 3 means that" 665 +" the password must have at least three different character" 666 +" types, such as letters, numbers, and punctuation (hi2mom!)." 667 +"And so on. \n" 668 +" \n" 669 +"A value of 1 basically sets no restriction on the number of password" 670 +" character types."}, 671 672 673 {"PoSavedPasswords", 674 "The number of previous passwords that have been used by the principal" 675 +" and cannot be reused."}, 676 677 678 {"PoMinTicketLifetime", 679 "The minimum time that the password must be used before it can be" 680 +" changed.\n" 681 +" \n" 682 +"To help create a time duration in seconds, click the adjacent" 683 +" '...' button to bring up a helper."}, 684 685 686 {"PoMaxTicketLifetime", 687 "The maximum time that the password can be used before it must be" 688 +" changed.\n" 689 +" \n" 690 +"To help create a time duration in seconds, click the adjacent" 691 +" '...' button to bring up a helper."}, 692 693 694 {"PolDetPrincipalsUsingThisPolicy", 695 "The number of principals to which this policy currently applies."}, 696 697 698 {"PoSave", 699 "Saves any changes you've made to the current policy."}, 700 701 702 {"PoCancel", 703 "Discards all the changes you've made to the current policy and sends" 704 +" you back to the list of policies."}, 705 706 707 {"PoDetailPrevious", 708 "Sends you back to the list of policies.\n" 709 +" \n" 710 +"Note that you must save or cancel any changes you've made to the" 711 +" current policy before you can go back to the list."}, 712 713 714 {"PoDetailDone", 715 "Saves any changes you've made to the current policy and sends" 716 +" you back to list of policies."}, 717 718 719 720 // 721 // Defaults Panel 722 // 723 724 725 {"DefaultsPanel", 726 // Not currently available in GUI 727 "This window enables you to change the default settings for adding new" 728 +" principals."}, 729 730 731 {"GlobalLockAcct", 732 "When checked, prevents the new principal from logging in." 733 +"This is a easy way to temporarily freeze" 734 +" new principal accounts for any reason. For example, you may want" 735 +" to add a number of new principals in the beginning of the week," 736 +" but you might not want to activate them until the end of the" 737 +" week."}, 738 739 740 {"GlobalAllowPostdated", 741 "When checked, allows the new principal to obtain postdated tickets.\n" 742 +" \n" 743 +"For example, you may need to use postdated tickets for cron jobs" 744 +" that need to run after hours and can't obtain tickets in advance" 745 +" because of short ticket lifetimes."}, 746 747 748 {"GlobalAllowRenewable", 749 "When checked, allows the new principal to obtain renewable tickets.\n" 750 +" \n" 751 +"A principal can automatically extend the expiration date or time of" 752 +" a ticket that is renewable (rather than having to get a new ticket" 753 +" after the first one expires). Currently, the NFS service is the" 754 +" only service that can obtain renewable tickets."}, 755 756 757 {"GlobalEnforcePolicy", 758 "When checked, the policy selected for the new principal" 759 +" will be enforced."}, 760 761 {"GlobalAllowTGT", 762 "When checked, allows the new service principal to provide services to" 763 +" another principal. More specifically, it allows the KDC to issue a" 764 +" service ticket for the new service principal.\n" 765 +" \n" 766 +"This attribute is valid only for service principals." 767 +"When not checked," 768 +" service tickets cannot be issued for the new service principal."}, 769 770 771 {"GlobalForcePwChange", 772 "When checked, expires the principal's current password, forcing the" 773 +" user to use the kpasswd command to create a new password. This is" 774 +" is useful if you want to force users with new principals to set" 775 +" up their own passwords."}, 776 777 778 {"GlobalAllowForwardable", 779 "When checked, allows the new principal to obtain forwardable" 780 +" tickets.\n" 781 +" \n" 782 +"Forwardable tickets are tickets that are forwarded to the remote" 783 +" host to provide a single-sign-on session. For example, if you" 784 +" are using forwardable tickets and you authenticate yourself" 785 +" through ftp or rsh, other services, such as NFS, are available" 786 +" without you being prompted for another password."}, 787 788 789 {"GlobalAllowSvr", 790 "When checked, allows service tickets to be issued for" 791 +" the new principal.\n" 792 +" \n" 793 +"You should not allow service tickets to be issued for the" 794 +" 'kadmin/admin' and the 'changepw/admin' principals." 795 +" This will ensure that these" 796 +" principals can only update the KDC database." }, 797 798 799 {"GlobalAllowProxiable", 800 "When checked, allows the new principal to obtain proxiable tickets.\n" 801 +" \n" 802 +"A proxiable ticket is a ticket that can be used by a service on" 803 +" behalf of a client to perform an operation for the client." 804 +"With a proxiable ticket, a service can take on the identity of" 805 +" a client and obtain a ticket for another service, but it cannot" 806 +" obtain a ticket-granting ticket."}, 807 808 809 810 {"GlobalAllowDupAuth", 811 "When checked, allows the new user principal to obtain service" 812 +" tickets for other user principals.\n" 813 +" \n" 814 +"This attribute is valid only for user principals. When not checked," 815 +" the new user principal can still obtain service tickets for" 816 +" service principals, but not for other user principals."}, 817 818 819 {"GlobalRequirePreAuth", 820 "When checked, the KDC will not send a requested ticket-granting" 821 +" ticket(TGT)" 822 +" for the new principal until" 823 +" it can authenticate (through software) that it is really the" 824 +" principal requesting the TGT. This preauthentication is usually" 825 +" done through an extra password, for example, from a DES card.\n" 826 +" \n" 827 +"When not checked, the KDC will not need preauthenticate the new" 828 +" principal before it sends a requested TGT for it."}, 829 830 831 {"GlobalRequireHwPreAuth", 832 "When checked, the KDC will not send a requested ticket-granting" 833 +" ticket(TGT) for the new principal until it can authenticate" 834 +" (through hardware) that it is really the principal" 835 +" requesting the TGT. Hardware preauthentication could be something" 836 +" like a Java ring reader.\n" 837 +" \n" 838 +"When not checked, the KDC will not need to preauthenticate the new" 839 +" principal with hardware before it sends a requested TGT for it."}, 840 841 {"GlDefServerSide", 842 "When checked, the ticket lifetime values in the new principal are set" 843 +" such that " 844 +"the maximum value is used. When issuing a ticket the KDC uses the" 845 +" minimum of the value defined in the principal entry, in " 846 +" /etc/krb5/kdc.conf, or whatever the client requests with kinit."}, 847 848 {"GlDefLife", 849 "The maximum length of time for which a ticket can be" 850 +" granted for the new principal (without renewal).\n" 851 +" \n" 852 +"To help create a time duration in seconds, click the adjacent" 853 +" '...' button to bring up a helper."}, 854 855 {"GlDefRenewableLife", 856 "The maximum length of time for which an existing" 857 +" ticket may be renewed for the new principal.\n" 858 +" \n" 859 +"To help create a time duration in seconds, click the adjacent" 860 +" '...' button to bring up a helper."}, 861 862 863 {"GlDefExpiry", 864 "The date and time on which the new principal's account expires." 865 +"When the account expires, the principal can no longer" 866 +" get a ticket-granting ticket (TGT) and may not be able to log in.\n" 867 +" \n" 868 +"To set up the new account with no expiration date, enter the word" 869 +" 'never' in the field.\n" 870 +" \n" 871 +"To help create a formatted date and time entry, click the adjacent" 872 +" '...' button to bring up a helper."}, 873 874 875 876 {"GlDefShowLists", 877 "When checked, the principal and policy lists will be loaded and" 878 +" displayed in the list panels. Large lists may produce significant" 879 +" loading times, so it may be more convenient to work without lists" 880 +" when they are very large, or you should cache them." 881 +"The default is on."}, 882 883 884 {"GlDefStaticLists", 885 "When checked, the principal and policy lists will be cached" 886 +" when they are initially loaded, and the lists will not be refreshed" 887 +" from the server unless you use the Refresh menu. Because large" 888 +" lists may produce significant loading times, you should cache" 889 +" large lists and refresh them when necessary. The default" 890 +" is off."}, 891 892 893 {"GlDefCacheTime", 894 "The period of time that the principal and policy lists will be" 895 +" cached before being considered stale and refreshed from the" 896 +" server. The default is 300 seconds (6 minutes)."}, 897 898 899 {"GlobalSave", 900 "Makes a permanent change to the default values by writing them" 901 +" to ~/.gkadmin, updates the tool, and closes the window."}, 902 903 904 {"GlobalApply", 905 "Makes a temporary change to the default values in the tool and" 906 +" closes the window. This does not update ~/.gkadmin."}, 907 908 909 {"GlobalCancel", 910 "Discards all the changes you've made to the current defaults and" 911 +" closes the window."}, 912 913 // 914 // Generic Helper Button Descriptions 915 // 916 917 {"DateHelperButton", 918 "Opens the Date and Time Helper window to help you create" 919 +" a formatted date and time entry for the associated field."}, 920 921 922 {"DurationHelperButton", 923 "Opens the Time Duration Helper window to help you create a time" 924 +" duration in seconds for the associated field."}, 925 926 // 927 // DateTimeDialog 928 // 929 930 {"DateTimeDialogHelp", 931 "To change the month, choose from the Month menu.\n " 932 +" \n" 933 +"To change the other date and time fields, click in the field and" 934 +" enter a value, or use the +/- buttons to increment/decrement their" 935 +" value. (Hint: Keeping the buttons pressed makes the value change" 936 +" at a faster rate.)\n" 937 +" \n" 938 +"Click Midnight to change the time to midnight, and click Now to" 939 +" change the time to the current time based on the system's clock.\n" 940 +" \n" 941 +"Click OK to copy the date and time settings you've changed to" 942 +" the corresponding field."}, 943 944 945 // 946 // DurationHelper 947 // 948 949 {"DurationHelperHelp", 950 "To help create a time duration in seconds, choose a unit of time" 951 +" from the Unit menu, enter a number of units under the" 952 +" Value field, and press return (or click '='). The number of" 953 +" seconds based on your input will be displayed.\n" 954 +" \n" 955 +"Click OK to copy the number of seconds you've specified into the" 956 +" corresponding field."}, 957 958 // 959 // PrintUtil 960 // 961 962 {"PrintUtilHelp", 963 "You can either print to a printer or a file.\n" 964 +" \n" 965 +"To print directly to a printer, click the Print Command" 966 +" radio button, enter a print command (if you don't want the default" 967 +" print command), and click Print.\n" 968 +" \n" 969 +"To print to a file, click the File Name radio button, enter a file" 970 +" name, and click Print. The file name can be an absolute path." 971 +" If no path is given, the file will be saved in the directory" 972 +" where gkadmin was started. Click '...' next to the File Name field" 973 +" to open the File Helper window to help you specify a" 974 +" a location and name for the file."}, 975 976 // 977 // Menubar context sensitive help 978 // 979 980 {"ContextSensitiveHelp", 981 "Opens the Context-Sensitive Help window and switches the tool into" 982 +" help mode. In help mode, you can get help on any part of the" 983 +" current window just by clicking on it. To dismiss the Help window" 984 +" and switch back to the normal mode, click Dismiss on the Help" 985 +" window."}, 986 987 {"PrintCurrentPrincipal", 988 "Prints the attributes of the currently selected principal in the" 989 +" list or the currently loaded principal."}, 990 991 {"PrintCurrentPolicy", 992 "Prints the attributes of the currently selected policy in the" 993 +" list or the currently loaded policy."}, 994 995 {"PrintPrincipalList", 996 "Prints the list of all the available principals on the master KDC."}, 997 998 {"PrintPolicyList", 999 "Prints the list of all the available policies on the master KDC."}, 1000 1001 {"Logout", 1002 "Quits the current session and sends you back to the Login window, so" 1003 +" you can change the login fields and log in again."}, 1004 1005 {"EditPreferences", 1006 "Opens the Properties window, which enables you to" 1007 +" specify the default settings for creating new principals" 1008 +" and how the tool should manage the principal" 1009 +" and policy lists."}, 1010 1011 {"RefreshPrincipals", 1012 "Forces the principal list to be updated from the server."}, 1013 1014 {"RefreshPolicies", 1015 "Forces the policy list to be updated from the server."}, 1016 1017 {"Exit", 1018 "Quits the SEAM Administration Tool."}, 1019 1020 {"HelpBrowser", 1021 "Opens an HTML browser that provides pointers to overview and task" 1022 +" information" 1023 +" for the SEAM Administration Tool. This provides the same" 1024 +" information as the 'Sun Enterprise Authentication Management" 1025 +" Guide'."}, 1026 1027 {"About", 1028 "Displays the current version of the SEAM Administration Tool."}, 1029 1030 {"DateTime...", 1031 "Opens the SEAM Date and Time Helper window, which enables you to" 1032 +" set the date and time. After you set the date and time and click" 1033 +" OK, the settings are automatically formatted and copied into the" 1034 +" corresponding field."}, 1035 1036 {"Duration...", 1037 "Opens the SEAM Duration Helper window, which enables you to specify a" 1038 +" time duration and have it converted into seconds." 1039 +" After you specify the time" 1040 +" and click OK, the time duration is copied into the corresponding" 1041 +" field."}, 1042 1043 {"Print...", 1044 "Opens the SEAM Print Dialog window, which enables you to specify a" 1045 +" printer" 1046 +" to print the information or a file name in which to save the" 1047 +" information."}, 1048 1049 {"Bad Duration", 1050 "Please enter the duration (in seconds) correctly."}, 1051 1052 {"Bad Date", 1053 "Please enter the date correctly."}, 1054 1055 {"Bad Number", 1056 "Please enter the number correctly."} 1057 1058 }; // end contents object 1059 1060 } 1061