xref: /titanic_44/usr/src/cmd/krb5/kadmin/gui/HelpData.java (revision e1c679fa4b0ab8c4bcaa6263974ca0c46e5b027f)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * ident	"%Z%%M%	%I%	%E% SMI"
24  *
25  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
26  * Use is subject to license terms.
27  */
28 
29 import java.util.ListResourceBundle;
30 
31 // On-line spot help.  Defined as strings of a "contents" object.
32 
33 public class HelpData extends ListResourceBundle {
34     public Object [][] getContents() {
35         return contents;
36     }
37 
38     static final Object [][] contents = {
39 
40         //
41         //  Main Login Panel
42         //
43 
44         {"MainLoginPanel",
45 	 // Not currently available in GUI
46 	 "This window enables you to log in and use the SEAM Administration"
47 	 +"Tool. The default information that initially fills in the fields"
48 	 +" is read from the system's /etc/krb5/krb5.conf file (except"
49 	 +" for the principal name)."},
50 
51 
52         {"LoginName",
53 	 "The principal name to log in with (without realm included)."
54 	 +"In order to use the SEAM Administration Tool, your principal"
55 	 +" must have the appropriate privileges specified in the master"
56 	 +" KDC's kadm5.acl"
57 	 +" file.\n"
58 	 +" \n"
59 	 +"The default principal name consists of your user name with the"
60 	 +" 'admin' instance appended. For example, 'jdb/admin'."},
61 
62 
63         {"LoginPass",
64 	 "The password for the principal."},
65 
66 
67         {"LoginRealm",
68 	 "The Kerberos realm, which is similar to a DNS domain."
69 	 +"In most cases, the realm name is your domain name, and it should"
70 	 +" be upper-case. For example, 'MTN.ACME.COM'.\n"
71 	 +" \n"
72 	 +"Each realm has one master KDC and may include slave"
73 	 +" KDCs that contain read-only copies of the master."
74 	 +"The default realm is read from the system's"
75 	 +" /etc/krb5/krb5.conf file."},
76 
77 
78         {"LoginServer",
79 	 "The master KDC where the Kerberos administration server, kadmind,"
80 	 +" is running and where the KDC (Key Distribution Center) is located."
81 	 +"You must provide a fully-qualified host name for the master KDC.\n"
82 	 +" \n"
83 	 +"The default admin server is read from the"
84 	 +" system's /etc/krb5/krb5.conf file."},
85 
86 
87         {"LoginOK",
88 	 "Checks the information"
89 	 +" in this window, and if valid, logs you into the tool."},
90 
91 
92         {"LoginStartOver",
93 	 "Resets all fields in this window to their initial"
94 	 +" settings (when the tool was started)."},
95 
96 
97         //
98         // Panel Tabs
99         //
100 
101 
102         {"PrincipalTab",
103 	 "Sends you to the list of principals. If you are currently"
104 	 +" working on a principal or policy and you've made"
105 	 +" changes, you'll be prompted to cancel or save"
106 	 +" the changes before being sent to Principal List panel."},
107 
108 
109         {"PolicyTab",
110 	 "Sends you to the list of policies. If you are currently working on a"
111 	 +" principal or policy and you've made changes, you'll be prompted to"
112 	 +" cancel or save the changes before being sent to Policy"
113 	 +" List panel."},
114 
115 
116 
117         //
118         // Principal List Panel
119         //
120 
121 
122         {"PrinListPanel",
123 	 // Not currently available in GUI
124 	 "This panel enables you to select a principal from the list to modify,"
125 	 +" delete, and duplicate. You can also create a new principal.\n"
126 	 +" \n"
127 	 +"  principal is an entity to which tickets may be assigned, generally"
128 	 +" of the form <primary>/<instance>@<REALM>. For example,"
129 	 +" jdb/admin@MTN.ACME.COM.\n"
130 	 +" \n"
131 	 +" display a specific principal or"
132 	 +" sublist of principals, enter a filter string in the Filter Pattern"
133 	 +" field and press"
134 	 +" return.\n"
135 	 +" \n"
136 	 +"To perform an operation on a principal, select it from the list and"
137 	 +" click the appropriate button. To create a new principal, click"
138 	 +" Create New."},
139 
140 
141         {"PrList",
142 	 "Displays all the available principals in the specified realm.\n"
143 	 +" \n"
144 	 +"To select a principal, click on its name in the list;"
145 	 +" double-clicking on a principal is equivalent to selecting"
146 	 +" the principal and clicking Modify."},
147 
148 
149         {"PrNoList",
150 	 "This list panel is blank when you don't have list privileges"
151 	 +" or you've chosen not to show lists."},
152 
153 
154         {"PrListPattern",
155 	 "Enables you to apply a filter on the available principals to"
156 	 +" display a particular principal or sublist of principals."
157 	 +"The filter string you enter may consist of one or more"
158 	 +" characters. And, because the filter mechanism is case"
159 	 +" sensitive, you need to use the appropriate upper-case and"
160 	 +" lower-case letters for the filter.\n"
161 	 +" \n"
162 	 +"For example, entering 'user' for the filter would match"
163 	 +" and display principals such as 'enguser', 'user1',"
164 	 +" and 'useradmin'.\n"
165 	 +" '\n"
166 	 +"To display a particular principal or sublist of"
167 	 +" principals, enter a filter string and press return.\n"
168 	 +" \n"
169 	 +"To display the entire list of principals, click Clear"
170 	 +" Filter(or clear the Filter Pattern field and press return)."},
171 
172 
173         {"PrNameNoList",
174 	 "When the principal list is not displayed,"
175 	 +" you must enter principal names in this field to perform"
176 	 +" operations on them. Entering a name is equivalent to selecting"
177 	 +" an item from the principal list in normal operation.\n"
178 	 +" \n"
179 	 +"To clear the principal entry, click Clear Name (or clear the"
180 	 +" Name field and press return)."},
181 
182 
183         {"PrListClear",
184 	 "Clears the filter and displays the full list of available",
185 	 " principals."},
186 
187 
188         {"PrNoListClear",
189 	 "Clears the Name field."},
190 
191 
192         {"PrListModify",
193 	 "Opens a series of panels that enable you to modify the selected"
194 	 +" principal, such as the principal's password, expiry date,"
195 	 +" and policy."},
196 
197 
198         {"PrListAdd",
199 	 "Opens a series of panels that enable you to create a new principal."
200 	 +" The panels will have some of the fields already filled in with"
201 	 +" default values, which you can set up by choosing Properties from"
202 	 +" the Edit menu.\n"
203 	 +" \n"
204 	 +"The Duplicate button performs the same function; however,"
205 	 +" instead of the fields filled in with default values, the fields"
206 	 +" are filled in with the same values as the selected principal."},
207 
208 
209         {"PrListDelete",
210 	 "Deletes the selected principal from the Kerberos realm.  The deleted"
211 	 +" principal can no longer be assigned Kerberos tickets."},
212 
213 
214         {"PrListDuplicate",
215 	 "Opens a series of panels that enable you to duplicate the selected"
216 	 +" principal. The panels will have the fields already filled in"
217 	 +" with the same values as the selected principal,"
218 	 +" except for the principal's name and password."
219 	 +"You can use this button to quickly create a new principal using "
220 	 +" another principal as a template.\n"
221 	 +" \n"
222 	 +"The Create New button performs the same function; however,"
223 	 +" instead of"
224 	 +" the fields filled in with the same values as the selected"
225 	 +" principal, the fields are filled in with default values."},
226 
227 
228 
229         //
230         //  Principal Basics Panel
231         //
232 
233 
234         {"PrincipalBasicsPanel",
235 	 // Not currently available in GUI
236 	 "This panel enables you to specify the basic attributes for a"
237 	 +" principal."},
238 
239 
240         {"PrName",
241 	 "The name of the principal (the <primary>/<instance> part of a"
242 	 +" fully-qualified principal name).  A principal is a unique identity"
243 	 +" to which the KDC can assign tickets.\n"
244 	 +" \n"
245 	 +"If you are modifying a principal,"
246 	 +" you cannot edit a principal's name.\n"
247 	 +" \n"
248 	 +"For service (or host) principal names, the <primary> part must be"
249 	 +" the name of a service, such as 'host' for telnet and rsh"
250 	 +" services,'ftp', or 'nfs'."
251 	 +"The < instance > part must be the name of the system"
252 	 +" that requires Kerberos authentication for that service."
253 	 +"For example, 'host/denver.mtn.acme.com'.\n"
254 	 +" \n"
255 	 +"For user principal names, the < primary > part must be"
256 	 +" the name of the"
257 	 +" user."
258 	 +"The < instance > part is optional, but it can be a term used to"
259 	 +" describe the intended use for the principals, such as 'admin', or"
260 	 +" it can be the name of a system, which enables you to create"
261 	 +" different"
262 	 +" principals for the same user on a per-system basis."
263 	 +" For example, 'jdb/admin', 'jdb/denver@acme.com', or 'jdb'."},
264 
265 
266         {"PrComments",
267 	 "Comments related to the principal (for example,"
268 	 +" 'Temporary Account')."},
269 
270 
271         {"PrPolicy",
272 	 "A menu of available policies for the principal."},
273 
274 
275         {"PrPassword",
276 	 "The password for the principal."},
277 
278 
279         {"PrBasicRandomPw",
280 	 "Creates a random password for the principal and copies it into"
281 	 +" the Password field."},
282 
283 
284         {"PrinBasLastPrincipalChange",
285 	 "The date on which information for the principal was"
286 	 +" last modified."},
287 
288 
289         {"PrinBasLastChangedBy",
290 	 "The name of the principal who last modified the account for this"
291 	 +" principal."},
292 
293         {"EncList",
294 	 "The encryption types that the principal's keys will be created with."
295 	 +" Use a white space to separate encryption types."
296 	 +" Leave blank if the default set of encryption types is desired."
297 	 +" Refer to krb5.conf for the available encryption types supported."
298 	 +" The default set of dialog choices can be over-ridden by defining"
299 	 +" supported_enctypes with the desired list of encryption types in"
300 	 +" the realm's section of krb5.conf."
301 	 +" \n"
302 	 +"Changing encryption types is only applicable when creating a"
303 	 +" principal or when changing a password.  So a password must be"
304 	 +" accompanied with any encryption type changes."},
305 
306         {"PrExpiry",
307 	 "The date and time on which the principal's account expires. When the"
308 	 +" account expires, the principal can no longer"
309 	 +" get a ticket-granting ticket (TGT) and may not be able to log in.\n"
310 	 +" \n"
311 	 +"To set up the account with no expiration date,"
312 	 +" enter the word 'never' in the field.\n"
313 	 +" \n"
314 	 +"To help create a formatted date and time entry, click the adjacent"
315 	 +" '...' button to bring up a helper."},
316 
317 
318         {"PrSave",
319 	 "Saves any changes you've made to the current principal."},
320 
321 
322         {"PrCancel",
323 	 "Discards all the changes you've made to the current principal"
324 	 +" and sends you back to the list of principals."},
325 
326 
327         {"PrBasicPrevious",
328 	 "Sends you back to the list of principals.\n"
329 	 +" \n"
330 	 +"Note that you must save or cancel any changes you've made to"
331 	 +" the current principal before you can go back to the list."},
332 
333 
334         {"PrBasicNext",
335 	 "Sends you to the next Principal Details panel that contains"
336 	 +" the password and ticket lifetime attributes for the principal."},
337 
338 
339 
340         //
341         // Principal Detail Panel
342         //
343 
344 
345         {"PrincipalDetailPanel",
346 	 // Not currently available in GUI
347 	 "This panel enables you to specify the password and"
348 	 +" ticket lifetime attributes for the principal principal."},
349 
350 
351         {"PrinDetLastSuccess",
352 	 "The date and time when the principal last logged in successfully."},
353 
354 
355         {"PrinDetLastFailure",
356 	 "The date and time when the last login failure for the"
357 	 +" principal occurred."},
358 
359 
360         {"PrinDetFailureCount",
361 	 "The number of times that there has been a login failure"
362 	 +" for the principal."},
363 
364 
365         {"PrinDetLastPasswordChange",
366 	 "The date and time when the principal's password was "
367 	 +" last changed."},
368 
369 
370         {"PrPwExpiry",
371 	 "The date and time when the principal's current password"
372 	 +" will expire.\n"
373 	 +" \n"
374 	 +"To set up the password with no expiration date, enter the"
375 	 +" word 'never'in the field.\n"
376 	 +" \n"
377 	 +"To help create a formatted date and time entry, click the adjacent"
378 	 +" '...' button to bring up a helper."},
379 
380 
381         {"PrKvno",
382 	 "The key version number for the principal; this is normally"
383 	 +" changed only when a password has been compromised."},
384 
385 
386         {"PrMaxLifetime",
387 	 "The maximum length of time for which a ticket can be"
388 	 +" granted for the principal (without renewal).\n"
389 	 +" \n"
390 	 +"To help create a time duration in seconds, click the adjacent"
391 	 +" '...' button to bring up a helper."},
392 
393 
394         {"PrMaxRenewal",
395 	 "The maximum length of time for which an existing"
396 	 +" ticket may be renewed for the principal.\n"
397 	 +" \n"
398 	 +"To help create a time duration in seconds, click the adjacent"
399 	 +" '...' button to bring up a helper."},
400 
401 
402         {"PrDetailPrevious",
403 	 "Sends you back to the previous Principal Basics panel."},
404 
405 
406         {"PrDetailNext",
407 	 "Sends you to the next Principal Flags panel that contains"
408 	 +" security, ticket control, and miscellaneous attributes for"
409 	 +" the principal."},
410 
411 
412 
413         //
414         // Principal Flags Panel
415         //
416 
417 
418 
419         {"PrincipalFlagsPanel",
420 	 // Not currently available in GUI
421 	 "This panel enables you to specify the security, ticket control, and"
422 	 +" miscellaneous attributes for the principal."},
423 
424 
425         {"PrLockAcct",
426 	 "When checked, prevents the principal from logging in."
427 	 +" This is a easy way to temporarily freeze"
428 	 +" a principal account for any reason."},
429 
430 
431         {"PrForcePwChange",
432 	 "When checked, expires the principal's current password, forcing the"
433 	 +" user to use the kpasswd command to create a new password."
434 	 +" This is useful if"
435 	 +" there is a security breach and you need to make sure that old"
436 	 +" passwords are replaced."},
437 
438 
439         {"PrAllowPostdated",
440 	 "When checked, allows the principal to obtain postdated tickets.\n"
441 	 +" \n"
442 	 +"For example, you may need to use postdated tickets for cron jobs"
443 	 +" that need to run after hours and can't obtain tickets in"
444 	 +" advance because of short ticket lifetimes."},
445 
446 
447         {"PrAllowRenewable",
448 	 "When checked, allows the principal to obtain renewable tickets.\n"
449 	 +" \n"
450 	 +"A principal can automatically extend the expiration date or time of"
451 	 +" a ticket that is renewable (rather than having to get a new"
452 	 +" ticket after the first one expires). Currently, the NFS service"
453 	 +" is the only service that can renew tickets."},
454 
455 
456         {"PrAllowSvr",
457 	 "When checked, allows service tickets to be issued for"
458 	 +" the principal.\n"
459 	 +" \n"
460 	 +"You should not allow service tickets to be issued for the"
461 	 +" 'kadmin/admin' and 'changepw/admin' principals."
462 	 +"  This will ensure that these"
463 	 +" principals can only update the KDC database." },
464 
465 
466         {"PrAllowForwardable",
467 	 "When checked, allows the principal to obtain forwardable"
468 	 +" tickets.\n"
469 	 +" \n"
470 	 +"Forwardable tickets are tickets that are forwarded to the"
471 	 +" remote host to provide a single-sign-on session."
472 	 +"For example, if you are using forwardable tickets and you"
473 	 +" authenticate yourself through ftp or rsh, other services,"
474 	 +" such as NFS, are available without you being prompted"
475 	 +" for another password."},
476 
477 
478         {"PrAllowProxiable",
479 	 "When checked, allows the principal to obtain proxiable tickets.\n"
480 	 +" \n"
481 	 +"A proxiable ticket is a ticket that can be used by a service"
482 	 +" on behalf  of a client to perform an operation for the client."
483 	 +" With a proxiable ticket, a service can take on the identity"
484 	 +" of a client and obtain a ticket for another service, but it"
485 	 +" cannot obtain a ticket-granting ticket."},
486 
487 
488         {"PrEnforcePolicy",
489 	 "When checked, the policy selected for this principal"
490 	 +" will be enforced."},
491 
492 
493         {"PrAllowTGT",
494 	 "When checked, allows the service principal to provide services"
495 	 +" to another principal. More specifically, it allows the KDC to"
496 	 +" issue a service ticket for the service principal.\n"
497 	 +" \n"
498 	 +"This attribute is valid only for service principals."
499 	 +"When not checked, service tickets cannot be issued for"
500 	 +" the service principal."},
501 
502 
503         {"PrRequirePreAuth",
504 	 "When checked, the KDC will not send a requested ticket-granting"
505 	 +" ticket(TGT) to the principal until it can"
506 	 +" authenticate (through software) that it is really the principal"
507 	 +" requesting the TGT. This preauthentication is usually done"
508 	 +" through an  extra password, for example, from a DES card.\n"
509 	 +" \n"
510 	 +"When not checked, the KDC will not need to preauthenticate"
511 	 +" the principal before it sends a requested TGT to it."},
512 
513 
514         {"PrAllowDupAuth",
515 	 "When checked, allows the user principal to obtain service tickets for"
516 	 +" other user principals.\n"
517 	 +" \n"
518 	 +"This attribute is valid only for user principals. When not checked,"
519 	 +" the user principal can still obtain service tickets for"
520 	 +" service principals, but not for other user principals."},
521 
522 
523         {"PrRequireHwPreAuth",
524 	 "When checked, the KDC will not send a requested ticket-granting"
525 	 +" ticket(TGT) to the principal until"
526 	 +" it can authenticate (through hardware) that it is really the"
527 	 +" principal requesting the TGT. Hardware preauthentication could"
528 	 +" be something like a Java ring reader.\n"
529 	 +" \n"
530 	 +"When not checked, the KDC will not need to preauthenticate"
531 	 +" the principal before it sends a requested TGT to it."},
532 
533 
534         {"PrFlagsPrevious",
535 	 "Sends you back to the previous Principal Details panel."},
536 
537         //
538         // Done Button
539         //
540 
541         {"PrFlagsNext",
542 	 "Saves any changes you've made to the current principal and"
543 	 +" sends you back to list of principals."},
544 
545 
546 
547         //
548         // Policies Panel
549         //
550 
551 
552 
553         {"PoliciesPanel",
554 	 // Not currently available in GUI
555 	 "This panel enables you to select a policy from the list to"
556 	 +" modify, delete, or duplicate. You can also create a new policy.\n"
557 	 +" \n"
558 	 +"A policy is a set of behaviors regarding"
559 	 +" passwords and tickets that can be applied to a principal."
560 	 +" For example, the principals for system administrators might"
561 	 +" all have the same policy."
562 	 +" \n"
563 	 +"To display a specific policy or sublist of policy,"
564 	 +" enter a filter string in the Filter Pattern field and press"
565 	 +" return.\n"
566 	 +" \n"
567 	 +"To perform an operation on a policy, select it from the list and"
568 	 +" click the appropriate button. To add a new policy, click New."},
569 
570 
571         {"Pollist",
572 	 "Displays the all the available policies in the specified realm.\n"
573 	 +" \n"
574 	 +"To select a policy, click on its name in the list; double-clicking"
575 	 +" on a policy is equivalent to selecting the policy and clicking"
576 	 +" Modify"},
577 
578         {"PolNoList",
579 	 "This list panel is blank when you don't have list privileges"
580 	 +" or you've chosen not to show lists."},
581 
582         {"PoListPattern",
583 	 "Enables you to apply a filter on the available policies to display a"
584 	 +" particular policy or sublist of policies. The filter string you"
585 	 +" enter may consist of one or more characters, And, because"
586 	 +" the filter mechanism is case-sensitive, you need to use the"
587 	 +" appropriate upper-case and lower-case letters for the filter.\n"
588 	 +" \n"
589 	 +"For example, entering 'adm' for the filter would match and display,"
590 	 +" policies such as 'admpol', 'adm1', and 'poladmin'.\n"
591 	 +" \n"
592 	 +"To display a particular policy or sublist of"
593 	 +" policies, enter a filter string and press"
594 	 +" return.\n"
595 	 +" \n"
596 	 +"To display the entire list of policies, click Clear"
597 	 +" Filter (or clear the Filter Pattern field and press return)."},
598 
599 
600         {"PoNameNoList",
601 	 "When the policy list is not displayed,"
602 	 +" you must enter policy names in this field to perform"
603 	 +" operations on them. Entering a name is equivalent to selecting"
604 	 +" an item from the list in normal operation.\n"
605 	 +" \n"
606 	 +"To clear the policy entry, click Clear Name (or clear the"
607 	 +" Name field and press return)."},
608 
609 
610         {"PoListClear",
611 	 "Clears the filter and displays the full list of available policies."},
612 
613 
614         {"PoNoListClear",
615 	 "Clears the Name field."},
616 
617 
618         {"PoListModify",
619 	 "Opens the Policy Details panel that enables you to modify the"
620 	 +" selected policy attributes, such as the policy's minimum password"
621 	 +" length and the minimum ticket lifetime."},
622 
623 
624 
625         {"PoListAdd",
626 	 "Opens the Policy Details panel that enables you to create a new"
627 	 +" policy.  The panel will have some of the fields already filled"
628 	 +" in with default values.\n"
629 	 +" \n"
630 	 +"The Duplicate button performs the same function; however,"
631 	 +" instead of the fields filled in with default values, the"
632 	 +" fields are filled in with the same values as the selected policy."},
633 
634 
635         {"PoListDelete",
636 	 "Deletes the selected policy from the Kerberos realm."},
637 
638 
639 
640         {"PoListDuplicate",
641 	 "Opens the Policy Details panel that enables you to duplicate"
642 	 +" the selected policy. The panels will have the fields already"
643 	 +" filled in with the same values as the selected policy,"
644 	 +" except for the policy's name."
645 	 +"You can use this button to quickly create a new policy using"
646 	 +" another policy as a template.\n"
647 	 +" \n"
648 	 +"The Create New button performs the same function; however,"
649 	 +" the fields are filled in with default values."},
650 
651 
652 
653         //
654         // Policy.Detail
655         //
656 
657 
658         {"PoName",
659 	 "The name of the policy. A policy is set of rules governing a"
660 	 +" principal's password and tickets.\n"
661 	 +" \n"
662 	 +"If you are modifying a policy, you cannot edit a policy's name."},
663 
664 
665 
666         {"PoMinPwLength",
667 	 "The minimum length for the principal's password."},
668 
669 
670         {"PoMinPwClass",
671 	 "The minimum number of different character types required in the"
672 	 +"  principal's    password."
673 	 +"For example, a minimum classes value of 2 means that the"
674 	 +" password must have at least two different character types,"
675 	 +" such as letters and numbers(hi2mom). A value of 3 means that"
676 	 +" the password must have at least three different character"
677 	 +" types, such as letters, numbers, and punctuation (hi2mom!)."
678 	 +"And so on. \n"
679 	 +" \n"
680 	 +"A value of 1 basically sets no restriction on the number of password"
681 	 +" character types."},
682 
683 
684         {"PoSavedPasswords",
685 	 "The number of previous passwords that have been used by the principal"
686 	 +" and cannot be reused."},
687 
688 
689         {"PoMinTicketLifetime",
690 	 "The minimum time that the password must be used before it can be"
691 	 +" changed.\n"
692 	 +" \n"
693 	 +"To help create a time duration in seconds, click the adjacent"
694 	 +" '...' button to bring up a helper."},
695 
696 
697         {"PoMaxTicketLifetime",
698 	 "The maximum time that the password can be used before it must be"
699 	 +" changed.\n"
700 	 +" \n"
701 	 +"To help create a time duration in seconds, click the adjacent"
702 	 +" '...' button to bring up a helper."},
703 
704 
705         {"PolDetPrincipalsUsingThisPolicy",
706 	 "The number of principals to which this policy currently applies."},
707 
708 
709         {"PoSave",
710 	 "Saves any changes you've made to the current policy."},
711 
712 
713         {"PoCancel",
714 	 "Discards all the changes you've made to the current policy and sends"
715 	 +" you back to the list of policies."},
716 
717 
718         {"PoDetailPrevious",
719 	 "Sends you back to the list of policies.\n"
720 	 +" \n"
721 	 +"Note that you must save or cancel any changes you've made to the"
722 	 +" current policy before you can go back to the list."},
723 
724 
725         {"PoDetailDone",
726 	 "Saves any changes you've made to the current policy and sends"
727 	 +" you back to list of policies."},
728 
729 
730 
731         //
732         // Defaults Panel
733         //
734 
735 
736         {"DefaultsPanel",
737 	 // Not currently available in GUI
738 	 "This window enables you to change the default settings for adding new"
739 	 +" principals."},
740 
741 
742         {"GlobalLockAcct",
743 	 "When checked, prevents the new principal from logging in."
744 	 +"This is a easy way to temporarily freeze"
745 	 +" new principal accounts for any reason. For example, you may want"
746 	 +" to add a number of new principals in the beginning of the week,"
747 	 +" but you might not want to activate them until the end of the"
748 	 +" week."},
749 
750 
751         {"GlobalAllowPostdated",
752 	 "When checked, allows the new principal to obtain postdated tickets.\n"
753 	 +" \n"
754 	 +"For example, you may need to use postdated tickets for cron jobs"
755 	 +" that need to run after hours and can't obtain tickets in advance"
756 	 +" because of short ticket lifetimes."},
757 
758 
759         {"GlobalAllowRenewable",
760 	 "When checked, allows the new principal to obtain renewable tickets.\n"
761 	 +" \n"
762 	 +"A principal can automatically extend the expiration date or time of"
763 	 +" a ticket that is renewable (rather than having to get a new ticket"
764 	 +" after the first one expires). Currently, the NFS service is the"
765 	 +" only service that can obtain renewable tickets."},
766 
767 
768         {"GlobalEnforcePolicy",
769 	 "When checked, the policy selected for the new principal"
770 	 +" will be enforced."},
771 
772         {"GlobalAllowTGT",
773 	 "When checked, allows the new service principal to provide services to"
774 	 +" another principal. More specifically, it allows the KDC to issue a"
775 	 +" service ticket for the new service principal.\n"
776 	 +" \n"
777 	 +"This attribute is valid only for service principals."
778 	 +"When not checked,"
779 	 +" service tickets cannot be issued for the new service principal."},
780 
781 
782         {"GlobalForcePwChange",
783 	 "When checked, expires the principal's current password, forcing the"
784 	 +" user to use the kpasswd command to create a new password. This is"
785 	 +" is useful if you want to force users with new principals to set"
786 	 +" up their own passwords."},
787 
788 
789         {"GlobalAllowForwardable",
790 	 "When checked, allows the new principal to obtain forwardable"
791 	 +" tickets.\n"
792 	 +" \n"
793 	 +"Forwardable tickets are tickets that are forwarded to the remote"
794 	 +" host to provide a single-sign-on session. For example, if you"
795 	 +" are using forwardable tickets and you authenticate yourself"
796 	 +" through ftp or rsh, other services, such as NFS, are available"
797 	 +" without you being prompted for another password."},
798 
799 
800         {"GlobalAllowSvr",
801 	 "When checked, allows service tickets to be issued for"
802 	 +" the new principal.\n"
803 	 +" \n"
804 	 +"You should not allow service tickets to be issued for the"
805 	 +" 'kadmin/admin' and the 'changepw/admin' principals."
806 	 +" This will ensure that these"
807 	 +" principals can only update the KDC database." },
808 
809 
810         {"GlobalAllowProxiable",
811 	 "When checked, allows the new principal to obtain proxiable tickets.\n"
812 	 +" \n"
813 	 +"A proxiable ticket is a ticket that can be used by a service on"
814 	 +" behalf of a client to perform an operation for the client."
815 	 +"With a proxiable ticket, a service can take on the identity of"
816 	 +" a client and obtain a ticket for another service, but it cannot"
817 	 +" obtain a ticket-granting ticket."},
818 
819 
820 
821         {"GlobalAllowDupAuth",
822 	 "When checked, allows the new user principal to obtain service"
823 	 +" tickets for other user principals.\n"
824 	 +" \n"
825 	 +"This attribute is valid only for user principals. When not checked,"
826 	 +" the new user principal can still obtain service tickets for"
827 	 +" service principals, but not for other user principals."},
828 
829 
830         {"GlobalRequirePreAuth",
831 	 "When checked, the KDC will not send a requested ticket-granting"
832 	 +" ticket(TGT)"
833 	 +" for the new principal until"
834 	 +" it can authenticate (through software) that it is really the"
835 	 +" principal requesting the TGT. This preauthentication is usually"
836 	 +" done through an extra password, for example, from a DES card.\n"
837 	 +" \n"
838 	 +"When not checked, the KDC will not need preauthenticate the new"
839 	 +" principal before it sends a requested TGT for it."},
840 
841 
842         {"GlobalRequireHwPreAuth",
843 	 "When checked, the KDC will not send a requested ticket-granting"
844 	 +" ticket(TGT) for the new principal until it can authenticate"
845 	 +" (through hardware) that it is really the principal"
846 	 +" requesting the TGT. Hardware preauthentication could be something"
847 	 +" like a Java ring reader.\n"
848 	 +" \n"
849 	 +"When not checked, the KDC will not need to preauthenticate the new"
850 	 +" principal with hardware before it sends a requested TGT for it."},
851 
852         {"GlDefServerSide",
853 	 "When checked, the ticket lifetime values in the new principal are set"
854 	 +" such that "
855 	 +"the maximum value is used. When issuing a ticket the KDC uses the"
856 	 +" minimum of the value defined in the principal entry, in "
857 	 +" /etc/krb5/kdc.conf, or whatever the client requests with kinit."},
858 
859         {"GlDefLife",
860 	 "The maximum length of time for which a ticket can be"
861 	 +" granted for the new principal (without renewal).\n"
862 	 +" \n"
863 	 +"To help create a time duration in seconds, click the adjacent"
864 	 +" '...' button to bring up a helper."},
865 
866         {"GlDefRenewableLife",
867 	 "The maximum length of time for which an existing"
868 	 +" ticket may be renewed for the new principal.\n"
869 	 +" \n"
870 	 +"To help create a time duration in seconds, click the adjacent"
871 	 +" '...' button to bring up a helper."},
872 
873 
874         {"GlDefExpiry",
875 	 "The date and time on which the new principal's account expires."
876 	 +"When the account expires, the principal can no longer"
877 	 +" get a ticket-granting ticket (TGT) and may not be able to log in.\n"
878 	 +" \n"
879 	 +"To set up the new account with no expiration date, enter the word"
880 	 +"  'never' in the field.\n"
881 	 +" \n"
882 	 +"To help create a formatted date and time entry, click the adjacent"
883 	 +" '...' button to bring up a helper."},
884 
885 
886 
887         {"GlDefShowLists",
888 	 "When checked, the principal and policy lists will be loaded and"
889 	 +" displayed in the list panels. Large lists may produce significant"
890 	 +" loading times, so it may be more convenient to work without lists"
891 	 +" when they are very large, or you should cache them."
892 	 +"The default is on."},
893 
894 
895         {"GlDefStaticLists",
896 	 "When checked, the principal and policy lists will be cached"
897 	 +" when they are initially loaded, and the lists will not be refreshed"
898 	 +" from the server unless you use the Refresh menu. Because large"
899 	 +" lists may produce significant loading times, you should cache"
900 	 +" large lists and refresh them when necessary. The default"
901 	 +" is off."},
902 
903 
904         {"GlDefCacheTime",
905 	 "The period of time that the principal and policy lists will be"
906 	 +" cached before being considered stale and refreshed from the"
907 	 +" server.  The default is 300 seconds (6 minutes)."},
908 
909 
910         {"GlobalSave",
911 	 "Makes a permanent change to the default values by writing them"
912 	 +" to ~/.gkadmin, updates the tool, and closes the window."},
913 
914 
915         {"GlobalApply",
916 	 "Makes a temporary change to the default values in the tool and"
917 	 +" closes the window. This does not update ~/.gkadmin."},
918 
919 
920         {"GlobalCancel",
921 	 "Discards all the changes you've made to the current defaults and"
922 	 +" closes the window."},
923 
924         //
925         // Generic Helper Button Descriptions
926         //
927 
928         {"DateHelperButton",
929 	 "Opens the Date and Time Helper window to help you create"
930 	 +" a formatted date and time entry for the associated field."},
931 
932         {"DurationHelperButton",
933 	 "Opens the Time Duration Helper window to help you create a time"
934 	 +" duration in seconds for the associated field."},
935 
936         {"EncListHelperButton",
937 	 "Opens the Encryption Types Helper window to help you create"
938 	 +" the principal's keys from the default set."},
939 
940 	//
941 	// EncryptionTypeDialogHelp
942 	//
943 
944 	{"EncryptionTypeDialogHelp",
945 	 "You can select/deselect encryption types for this principal as"
946 	 +" needed.  Certain encryption types are similar therefore when"
947 	 +" one of these encryption types is selected the other type(s)"
948 	 +" will be deselected.  If no encryption types are selected the"
949 	 +" default set of types will be used, see krb5.conf(4) for these.\n"
950 	 +" \n"
951 	 +"Click OK to copy the encryption list that you've selected to the"
952 	 +" corresponding field.\n"
953 	 +" \n"
954 	 +"Click Clear to unselect all encryption types listed."},
955 
956         //
957         // DateTimeDialog
958         //
959 
960         {"DateTimeDialogHelp",
961 	 "To change the month, choose from the Month menu.\n "
962 	 +" \n"
963 	 +"To change the other date and time fields, click in the field and"
964 	 +" enter a value, or use the +/- buttons to increment/decrement their"
965 	 +" value. (Hint: Keeping the buttons pressed makes the value change"
966 	 +" at a faster rate.)\n"
967 	 +" \n"
968 	 +"Click Midnight to change the time to midnight, and click Now to"
969 	 +" change the time to the current time based on the system's clock.\n"
970 	 +" \n"
971 	 +"Click OK to copy the date and time settings you've changed to"
972 	 +" the corresponding field."},
973 
974 
975         //
976         // DurationHelper
977         //
978 
979         {"DurationHelperHelp",
980 	 "To help create a time duration in seconds, choose a unit of time"
981 	 +" from the Unit menu, enter a number of units under the"
982 	 +" Value field, and press return (or click '='). The number of"
983 	 +" seconds based on your input will be displayed.\n"
984 	 +" \n"
985 	 +"Click OK to copy the number of seconds you've specified into the"
986 	 +" corresponding field."},
987 
988         //
989         // PrintUtil
990         //
991 
992         {"PrintUtilHelp",
993 	 "You can either print to a printer or a file.\n"
994 	 +" \n"
995 	 +"To print directly to a printer, click the Print Command"
996 	 +" radio button, enter a print command (if you don't want the default"
997 	 +" print command), and click Print.\n"
998 	 +" \n"
999 	 +"To print to a file, click the File Name radio button, enter a file"
1000 	 +" name, and click Print. The file name can be an absolute path."
1001 	 +" If no path is given, the file will be saved in the directory"
1002 	 +" where gkadmin was started. Click '...' next to the File Name field"
1003 	 +" to open the File Helper window to help you specify a"
1004 	 +" a location and name for the file."},
1005 
1006         //
1007         // Menubar context sensitive help
1008         //
1009 
1010         {"ContextSensitiveHelp",
1011 	 "Opens the Context-Sensitive Help window and switches the tool into"
1012 	 +" help mode.  In help mode, you can get help on any part of the"
1013 	 +" current window just by clicking on it. To dismiss the Help window"
1014 	 +" and switch back to the normal mode, click Dismiss on the Help"
1015 	 +" window."},
1016 
1017         {"PrintCurrentPrincipal",
1018 	 "Prints the attributes of the currently selected principal in the"
1019 	 +" list or the currently loaded principal."},
1020 
1021         {"PrintCurrentPolicy",
1022 	 "Prints the attributes of the currently selected policy in the"
1023 	 +" list or the currently loaded policy."},
1024 
1025         {"PrintPrincipalList",
1026 	 "Prints the list of all the available principals on the master KDC."},
1027 
1028         {"PrintPolicyList",
1029 	 "Prints the list of all the available policies on the master KDC."},
1030 
1031         {"Logout",
1032 	 "Quits the current session and sends you back to the Login window, so"
1033 	 +" you can change the login fields and log in again."},
1034 
1035         {"EditPreferences",
1036 	 "Opens the Properties window, which enables you to"
1037 	 +" specify the default settings for creating new principals"
1038 	 +" and how the tool should manage the principal"
1039 	 +" and policy lists."},
1040 
1041         {"RefreshPrincipals",
1042 	 "Forces the principal list to be updated from the server."},
1043 
1044         {"RefreshPolicies",
1045 	 "Forces the policy list to be updated from the server."},
1046 
1047         {"Exit",
1048 	 "Quits the SEAM Administration Tool."},
1049 
1050         {"HelpBrowser",
1051 	 "Opens an HTML browser that provides pointers to overview and task"
1052 	 +" information"
1053 	 +" for the SEAM Administration Tool. This provides the same"
1054 	 +" information as the 'Sun Enterprise Authentication Management"
1055 	 +" Guide'."},
1056 
1057         {"About",
1058 	 "Displays the current version of the SEAM Administration Tool."},
1059 
1060         {"DateTime...",
1061 	 "Opens the SEAM Date and Time Helper window, which enables you to"
1062 	 +" set the date and time. After you set the date and time and click"
1063 	 +" OK, the settings are automatically formatted and copied into the"
1064 	 +" corresponding field."},
1065 
1066         {"Duration...",
1067 	 "Opens the SEAM Duration Helper window, which enables you to specify a"
1068 	 +" time duration and have it converted into seconds."
1069 	 +" After you specify the time"
1070 	 +" and click OK, the time duration is copied into the corresponding"
1071 	 +" field."},
1072 
1073 	{"EncList...",
1074 	 "Opens the SEAM Encryption Type List Helper window, which enables you"
1075 	 +" to specify custom encryption types for the principal. "
1076 	 +" After you select the encryption types and click OK, the encryption"
1077 	 +" type list is copied into the corresponding field."},
1078 
1079         {"Print...",
1080 	 "Opens the SEAM Print Dialog window, which enables you to specify a"
1081 	 +" printer"
1082 	 +" to print the information or a file name in which to save the"
1083 	 +" information."},
1084 
1085         {"Bad Duration",
1086 	 "Please enter the duration (in seconds) correctly."},
1087 
1088         {"Bad Date",
1089 	 "Please enter the date correctly."},
1090 
1091         {"Bad Number",
1092 	 "Please enter the number correctly."}
1093 
1094     }; // end contents object
1095 
1096 }
1097