mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity

Regen for sudo 1.8.6

Browse Source
This commit is contained in:
Todd C. Miller 2012-06-29 16:11:27 -04:00
parent 80502c3bcf
commit 2e36b1ef2b
12 changed files with 81 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/sudo.cat
View File

@ -624,4 +624,4 @@ DDIISSCCLLAAIIMMEERR
1.8.5 March 15, 2012 SUDO(1m)
1.8.6 June 29, 2012 SUDO(1m)

2
doc/sudo.man.in
View File

@ -149,7 +149,7 @@
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
.TH SUDO @mansectsu@ "March 15, 2012" "1.8.5" "MAINTENANCE COMMANDS"
.TH SUDO @mansectsu@ "June 29, 2012" "1.8.6" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

2
doc/sudo_plugin.cat
View File

@ -1355,4 +1355,4 @@ DDIISSCCLLAAIIMMEERR
1.8.5 April 23, 2012 SUDO_PLUGIN(1m)
1.8.6 June 29, 2012 SUDO_PLUGIN(1m)

2
doc/sudo_plugin.man.in
View File

@ -139,7 +139,7 @@
.\" ========================================================================
.\"
.IX Title "SUDO_PLUGIN @mansectsu@"
.TH SUDO_PLUGIN @mansectsu@ "April 23, 2012" "1.8.5" "MAINTENANCE COMMANDS"
.TH SUDO_PLUGIN @mansectsu@ "June 29, 2012" "1.8.6" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

8
doc/sudoers.cat
View File

@ -210,11 +210,11 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
below). For instance, the QAS AD plugin supports the following
formats:
o Group in the same domain: "Group Name"
o Group in the same domain: "%:Group Name"
o Group in any domain: "Group Name@FULLY.QUALIFIED.DOMAIN"
o Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN"
o Group SID: "S-1-2-34-5678901234-5678901234-5678901234-567"
o Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567"
Note that quotes around group names are optional. Unquoted strings
must use a backslash (\) to escape spaces and special characters. See
@ -1814,4 +1814,4 @@ DDIISSCCLLAAIIMMEERR
1.8.5 March 28, 2012 SUDOERS(4)
1.8.6 June 29, 2012 SUDOERS(4)

39
doc/sudoers.ldap.cat
View File

@ -254,7 +254,7 @@ DDEESSCCRRIIPPTTIIOONN
Typically, this file is shared amongst different LDAP-aware clients.
As such, most of the settings are not ssuuddoo-specific. Note that ssuuddoo
parses _/_e_t_c_/_l_d_a_p_._c_o_n_f itself and may support options that differ from
those described in the _l_d_a_p_._c_o_n_f(4) manual.
those described in the system's _l_d_a_p_._c_o_n_f(4) manual.
Also note that on systems using the OpenLDAP libraries, default values
specified in _/_e_t_c_/_o_p_e_n_l_d_a_p_/_l_d_a_p_._c_o_n_f or the user's _._l_d_a_p_r_c files are
@ -273,9 +273,9 @@ DDEESSCCRRIIPPTTIIOONN
ssuuddoo will connect to llooccaallhhoosstt. Multiple UURRII lines are treated
identically to a UURRII line containing multiple entries. Only
systems using the OpenSSL libraries support the mixing of ldap://
and ldaps:// URIs. The Netscape-derived libraries used on most
commercial versions of Unix are only capable of supporting one or
the other.
and ldaps:// URIs. Both the Netscape-derived and Tivoli LDAP
libraries used on most commercial versions of Unix are only capable
of supporting one or the other.
HHOOSSTT name[:port] ...
If no UURRII is specified, the HHOOSSTT parameter specifies a whitespace-
@ -379,7 +379,8 @@ DDEESSCCRRIIPPTTIIOONN
the check creates an opportunity for man-in-the-middle attacks
since the server's identity will not be authenticated. If
possible, the CA's certificate should be installed locally so it
can be verified.
can be verified. This option is not supported by the Tivoli
Directory Server LDAP libraries.
TTLLSS__CCAACCEERRTT file name
An alias for TTLLSS__CCAACCEERRTTFFIILLEE for OpenLDAP compatibility.
@ -410,6 +411,10 @@ DDEESSCCRRIIPPTTIIOONN
Netscape-derived:
tls_cert /var/ldap/cert7.db
Tivoli Directory Server:
Unused, the key database specified by TTLLSS__KKEEYY contains both
keys and certificates.
When using Netscape-derived libraries, this file may also contain
Certificate Authority certificates.
@ -425,6 +430,23 @@ DDEESSCCRRIIPPTTIIOONN
Netscape-derived:
tls_key /var/ldap/key3.db
Tivoli Directory Server:
tls_cert /usr/ldap/ldapkey.kdb
When using Tivoli LDAP libraries, this file may also contain
Certificate Authority and client certificates and may be encrypted.
TTLLSS__KKEEYYPPWW secret
The TTLLSS__KKEEYYPPWW contains the password used to decrypt the key
database on clients using the Tivoli Directory Server LDAP library.
If no TTLLSS__KKEEYYPPWW is specified, a _s_t_a_s_h _f_i_l_e will be used if it
exists. The _s_t_a_s_h _f_i_l_e must have the same path as the file
specified by TTLLSS__KKEEYY, but use a .sth file extension instead of
.kdb, e.g. ldapkey.sth. The default ldapkey.kdb that ships with
Tivoli Directory Server is encrypted with the password
ssl_password. This option is only supported by the Tivoli LDAP
libraries.
TTLLSS__RRAANNDDFFIILLEE file name
The TTLLSS__RRAANNDDFFIILLEE parameter specifies the path to an entropy source
for systems that lack a random device. It is generally used in
@ -434,8 +456,9 @@ DDEESSCCRRIIPPTTIIOONN
TTLLSS__CCIIPPHHEERRSS cipher list
The TTLLSS__CCIIPPHHEERRSS parameter allows the administer to restrict which
encryption algorithms may be used for TLS (SSL) connections. See
the OpenSSL manual for a list of valid ciphers. This option is
only supported by the OpenLDAP libraries.
the OpenLDAP or Tivoli Directory Server manual for a list of valid
ciphers. This option is not supported by Netscape-derived
libraries.
UUSSEE__SSAASSLL on/true/yes/off/false/no
Enable UUSSEE__SSAASSLL for LDAP servers that support SASL authentication.
@ -747,4 +770,4 @@ DDIISSCCLLAAIIMMEERR
1.8.5 March 14, 2012 SUDOERS.LDAP(4)
1.8.6 June 29, 2012 SUDOERS.LDAP(4)

46
doc/sudoers.ldap.man.in
View File

@ -1,4 +1,4 @@
.\" Copyright (c) 2003-2011
.\" Copyright (c) 2003-2012
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@ -140,7 +140,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOERS.LDAP @mansectform@"
.TH SUDOERS.LDAP @mansectform@ "March 14, 2012" "1.8.5" "MAINTENANCE COMMANDS"
.TH SUDOERS.LDAP @mansectform@ "June 29, 2012" "1.8.6" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@ -405,8 +405,8 @@ section.
Sudo reads the \fI@ldap_conf@\fR file for LDAP-specific configuration.
Typically, this file is shared amongst different LDAP-aware clients.
As such, most of the settings are not \fBsudo\fR\-specific. Note that
\&\fBsudo\fR parses \fI@ldap_conf@\fR itself and may support options
that differ from those described in the \fIldap.conf\fR\|(@mansectform@) manual.
\&\fBsudo\fR parses \fI@ldap_conf@\fR itself and may support options that
differ from those described in the system's \fIldap.conf\fR\|(@mansectform@) manual.
.PP
Also note that on systems using the OpenLDAP libraries, default
values specified in \fI/etc/openldap/ldap.conf\fR or the user's
@ -425,9 +425,9 @@ the \s-1LDAP\s0 server(s) to connect to. The \fIprotocol\fR may be either
is specified, \fBsudo\fR will connect to \fBlocalhost\fR. Multiple \fB\s-1URI\s0\fR
lines are treated identically to a \fB\s-1URI\s0\fR line containing multiple
entries. Only systems using the OpenSSL libraries support the
mixing of \f(CW\*(C`ldap://\*(C'\fR and \f(CW\*(C`ldaps://\*(C'\fR URIs. The Netscape-derived
libraries used on most commercial versions of Unix are only capable
of supporting one or the other.
mixing of \f(CW\*(C`ldap://\*(C'\fR and \f(CW\*(C`ldaps://\*(C'\fR URIs. Both the Netscape-derived
and Tivoli \s-1LDAP\s0 libraries used on most commercial versions of Unix
are only capable of supporting one or the other.
.IP "\fB\s-1HOST\s0\fR name[:port] ..." 4
.IX Item "HOST name[:port] ..."
If no \fB\s-1URI\s0\fR is specified, the \fB\s-1HOST\s0\fR parameter specifies a
@ -528,7 +528,8 @@ authority), \fBsudo\fR will be unable to connect to it. If \fB\s-1TLS_CHECKPEER
is disabled, no check is made. Note that disabling the check creates
an opportunity for man-in-the-middle attacks since the server's
identity will not be authenticated. If possible, the \s-1CA\s0's certificate
should be installed locally so it can be verified.
should be installed locally so it can be verified. This option is
not supported by the Tivoli Directory Server \s-1LDAP\s0 libraries.
.IP "\fB\s-1TLS_CACERT\s0\fR file name" 4
.IX Item "TLS_CACERT file name"
An alias for \fB\s-1TLS_CACERTFILE\s0\fR for OpenLDAP compatibility.
@ -560,6 +561,10 @@ OpenLDAP:
Netscape-derived:
\f(CW\*(C`tls_cert /var/ldap/cert7.db\*(C'\fR
.Sp
Tivoli Directory Server:
Unused, the key database specified by \fB\s-1TLS_KEY\s0\fR contains both
keys and certificates.
.Sp
When using Netscape-derived libraries, this file may also contain
Certificate Authority certificates.
.IP "\fB\s-1TLS_KEY\s0\fR file name" 4
@ -574,6 +579,23 @@ OpenLDAP:
.Sp
Netscape-derived:
\f(CW\*(C`tls_key /var/ldap/key3.db\*(C'\fR
.Sp
Tivoli Directory Server:
\f(CW\*(C`tls_cert /usr/ldap/ldapkey.kdb\*(C'\fR
.Sp
When using Tivoli \s-1LDAP\s0 libraries, this file may also contain
Certificate Authority and client certificates and may be encrypted.
.IP "\fB\s-1TLS_KEYPW\s0\fR secret" 4
.IX Item "TLS_KEYPW secret"
The \fB\s-1TLS_KEYPW\s0\fR contains the password used to decrypt the key
database on clients using the Tivoli Directory Server \s-1LDAP\s0 library.
If no \fB\s-1TLS_KEYPW\s0\fR is specified, a \fIstash file\fR will be used if
it exists. The \fIstash file\fR must have the same path as the file
specified by \fB\s-1TLS_KEY\s0\fR, but use a \f(CW\*(C`.sth\*(C'\fR file extension instead
of \f(CW\*(C`.kdb\*(C'\fR, e.g. \f(CW\*(C`ldapkey.sth\*(C'\fR. The default \f(CW\*(C`ldapkey.kdb\*(C'\fR that
ships with Tivoli Directory Server is encrypted with the password
\&\f(CW\*(C`ssl_password\*(C'\fR. This option is only supported by the Tivoli \s-1LDAP\s0
libraries.
.IP "\fB\s-1TLS_RANDFILE\s0\fR file name" 4
.IX Item "TLS_RANDFILE file name"
The \fB\s-1TLS_RANDFILE\s0\fR parameter specifies the path to an entropy
@ -582,10 +604,10 @@ in conjunction with \fIprngd\fR or \fIegd\fR.
This option is only supported by the OpenLDAP libraries.
.IP "\fB\s-1TLS_CIPHERS\s0\fR cipher list" 4
.IX Item "TLS_CIPHERS cipher list"
The \fB\s-1TLS_CIPHERS\s0\fR parameter allows the administer to restrict
which encryption algorithms may be used for \s-1TLS\s0 (\s-1SSL\s0) connections.
See the OpenSSL manual for a list of valid ciphers.
This option is only supported by the OpenLDAP libraries.
The \fB\s-1TLS_CIPHERS\s0\fR parameter allows the administer to restrict which
encryption algorithms may be used for \s-1TLS\s0 (\s-1SSL\s0) connections. See
the OpenLDAP or Tivoli Directory Server manual for a list of valid
ciphers. This option is not supported by Netscape-derived libraries.
.IP "\fB\s-1USE_SASL\s0\fR on/true/yes/off/false/no" 4
.IX Item "USE_SASL on/true/yes/off/false/no"
Enable \fB\s-1USE_SASL\s0\fR for \s-1LDAP\s0 servers that support \s-1SASL\s0 authentication.

8
doc/sudoers.man.in
View File

@ -148,7 +148,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
.TH SUDOERS @mansectform@ "March 28, 2012" "1.8.5" "MAINTENANCE COMMANDS"
.TH SUDOERS @mansectform@ "June 29, 2012" "1.8.6" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@ -382,11 +382,11 @@ the underlying group provider plugin (see the \fIgroup_plugin\fR
description below). For instance, the \s-1QAS\s0 \s-1AD\s0 plugin supports the
following formats:
.IP "\(bu" 4
Group in the same domain: \*(L"Group Name\*(R"
Group in the same domain: \*(L"%:Group Name\*(R"
.IP "\(bu" 4
Group in any domain: \*(L"Group Name@FULLY.QUALIFIED.DOMAIN\*(R"
Group in any domain: \*(L"%:Group Name@FULLY.QUALIFIED.DOMAIN\*(R"
.IP "\(bu" 4
Group \s-1SID:\s0 \*(L"S\-1\-2\-34\-5678901234\-5678901234\-5678901234\-567\*(R"
Group \s-1SID:\s0 \*(L"%:S\-1\-2\-34\-5678901234\-5678901234\-5678901234\-567\*(R"
.PP
Note that quotes around group names are optional. Unquoted strings
must use a backslash (\e) to escape spaces and special characters.

2
doc/sudoreplay.cat
View File

@ -261,4 +261,4 @@ DDIISSCCLLAAIIMMEERR
1.8.5 April 16, 2012 SUDOREPLAY(1m)
1.8.6 June 29, 2012 SUDOREPLAY(1m)

2
doc/sudoreplay.man.in
View File

@ -139,7 +139,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOREPLAY @mansectsu@"
.TH SUDOREPLAY @mansectsu@ "April 16, 2012" "1.8.5" "MAINTENANCE COMMANDS"
.TH SUDOREPLAY @mansectsu@ "June 29, 2012" "1.8.6" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

2
doc/visudo.cat
View File

@ -151,4 +151,4 @@ DDIISSCCLLAAIIMMEERR
1.8.5 March 14, 2012 VISUDO(1m)
1.8.6 June 29, 2012 VISUDO(1m)

2
doc/visudo.man.in
View File

@ -144,7 +144,7 @@
.\" ========================================================================
.\"
.IX Title "VISUDO @mansectsu@"
.TH VISUDO @mansectsu@ "March 14, 2012" "1.8.5" "MAINTENANCE COMMANDS"
.TH VISUDO @mansectsu@ "June 29, 2012" "1.8.6" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l