mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-08-30 13:37:55 +00:00
Code Issues Releases Wiki Activity

[2189] various minor changes

Browse Source 
minor grammar or wording changes

use mdash xml entity instead of unicode character

fix typo for Trac

fix example out of the configuration name

use xref tag instead of link tag (so reference is not lost in non-hyperlink
document)

keyring to key ring

fix punctuation (mistake in original)

minor grammar (mistake also in original)
This commit is contained in:
Jeremy C. Reed
2012-09-26 09:31:51 -05:00
parent d0a5d03e21
commit 10da91d4dc
1 changed files with 19 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
doc/guide/bind10-guide.xml
View File

@@ -1332,14 +1332,14 @@ TODO
<para> <para>
Each key has three attributes. One is a name by which it is referred Each key has three attributes. One is a name by which it is referred
both in DNS packets and the rest of the configuration. Another is the both in DNS packets and the rest of the configuration. Another is the
algorithm used to compute the signature. And the last part is base64 algorithm used to compute the signature. And the last part is a
encoded secret, which might be any blob of data. base64 encoded secret, which might be any blob of data.
</para> </para>
<para> <para>
The parts are written into a string, concatenated together by colons. The parts are written into a string, concatenated together by colons.
So if you wanted to have a key called "example.key", used as HMAC-MD5 So if you wanted to have a key called "example.key", used as a
key with secret "secret", you'd write it as: HMAC-MD5 key with secret "secret", you'd write it as:
<screen>"example.key.:c2VjcmV0:hmac-md5"</screen> <screen>"example.key.:c2VjcmV0:hmac-md5"</screen>
</para> </para>
@@ -1370,25 +1370,25 @@ TODO
<title>Key ring</title> <title>Key ring</title>
<para> <para>
The key ring lives in the configuration in "tsig_keys/keys". Most of The key ring lives in the configuration in "tsig_keys/keys". Most of
the system uses the keys from there ACLs, authoritative server to the system uses the keys from there &mdash; ACLs, authoritative server to
sign responses to signed queries, the <command>b10-xfrout</command> sign responses to signed queries, and <command>b10-xfrout</command>
to sign transfers. The <command>b10-xfrin</command> uses its own to sign transfers. The <command>b10-xfrin</command> uses its own
configuration for keys, but that will be fixed in track ticket configuration for keys, but that will be fixed in Trac ticket
<ulink url="http://bind10.isc.org/ticket/1351">#1351</ulink>. <ulink url="http://bind10.isc.org/ticket/1351">#1351</ulink>.
</para> </para>
<para> <para>
The key ring is just a list of strings, each describing one key. So, The key ring is just a list of strings, each describing one key. So,
to add a new key, you can do this: to add a new key, you can do this:
<screen>&gt; <userinput>config add tsig_keyring/keys "example.key.:c2VjcmV0"</userinput> <screen>&gt; <userinput>config add tsig_keys/keys "example.key.:c2VjcmV0"</userinput>
&gt; <userinput>config show tsig_keyring/keys</userinput> &gt; <userinput>config show tsig_keys/keys</userinput>
tsig_keys/keys[0] "example.key.:c2VjcmV0" string (modified) tsig_keys/keys[0] "example.key.:c2VjcmV0" string (modified)
&gt; <userinput>config commit</userinput></screen> &gt; <userinput>config commit</userinput></screen>
</para> </para>
<para> <para>
You can keep as many keys as you want in the key ring, but they must You can keep as many keys as you want in the key ring, but each must
have a different name each. have a different name.
</para> </para>
</section> </section>
</section> </section>
@@ -1458,8 +1458,9 @@ AND_MATCH := "ALL": [ RULE_RAW, RULE_RAW, ... ]
<para> <para>
The other is TSIG key by which the message was signed. The ACL The other is TSIG key by which the message was signed. The ACL
contains only the name (under the name "key"), the key itself contains only the name (under the name "key"), the key itself
must be stored in the global <link linkend="tsig-key-ring">key ring</link>. This must be stored in the global key ring (see <xref
property is applicable only to the DNS context. linkend="tsig-key-ring"/>).
This property is applicable only to the DNS context.
</para> </para>
<para> <para>
@@ -2233,7 +2234,7 @@ Xfrout/transfer_acl[0] {"action": "ACCEPT"} any (default)</screen>
<para> <para>
If you want to require TSIG in access control, a system wide TSIG If you want to require TSIG in access control, a system wide TSIG
<link linkend='tsig-key-ring'>key ring</link> must be configured. key ring must be configured (see <xref linkend="tsig-key-ring"/>).
In this example, we allow client matching both the IP address In this example, we allow client matching both the IP address
and key. and key.
</para> </para>
@@ -2243,7 +2244,7 @@ Xfrout/transfer_acl[0] {"action": "ACCEPT"} any (default)</screen>
&gt; <userinput>config commit</userinput></screen> &gt; <userinput>config commit</userinput></screen>
<para>Both <command>b10-xfrout</command> and <command>b10-auth</command> <para>Both <command>b10-xfrout</command> and <command>b10-auth</command>
will use the system wide keyring to check will use the system wide key ring to check
TSIGs in the incoming messages and to sign responses.</para> TSIGs in the incoming messages and to sign responses.</para>
<para> <para>
@@ -2453,11 +2454,12 @@ what is XfroutClient xfr_client??
&gt; <userinput>config commit</userinput> &gt; <userinput>config commit</userinput>
</screen> </screen>
The TSIG key must be configured system wide The TSIG key must be configured system wide
(see <xref linkend="common-tsig"/>.) (see <xref linkend="common-tsig"/>).
</para> </para>
<para> <para>
Full description of ACLs can be found in <xref linkend="common-acl" />. The full description of ACLs can be found in <xref
linkend="common-acl" />.
</para> </para>
<note><simpara> <note><simpara>