1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435
|
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
<!ENTITY legal SYSTEM "legal.xml">
<!ENTITY GFDL SYSTEM "fdl-appendix.xml">
<!ENTITY appversion "0.10">
<!ENTITY manrevision "0.1">
<!ENTITY date "May 2009">
<!ENTITY app "Kerberos Network Authentication Dialog">
<!ENTITY application "<application>&app;</application>">
]>
<!--
(Do not remove this comment block.)
Template Maintained by the GNOME Documentation Project:
http://developer.gnome.org/projects/gdp
Template version: 2.0 beta
Template last modified Feb 12, 2002
-->
<!--
(Do not remove this comment block.)
Version: 0.0.1
Last modified: May 22, 2009
Maintainers:
Guido Günther <agx@sigxcpu.org>
Translators:
(translators put your name and email here)
-->
<!-- =============Document Header ============================= -->
<article id="index" lang="sl">
<!-- please do not change the id; for translations, change lang to -->
<!-- appropriate code -->
<articleinfo>
<title><application>Kerberos Network Authentication Dialog</application> Manual</title>
<abstract role="description">
<para>
Kerberos Network Authentication Dialog is a small helper that monitors and refreshes your Kerberos ticket.
</para>
</abstract>
<copyright>
<year>2009</year>
<holder>Guido Günther</holder>
</copyright>
<!-- translators: uncomment this:
<copyright>
<year>2000</year>
<holder>ME-THE-TRANSLATOR (Latin translation)</holder>
</copyright>
-->
<!-- An address can be added to the publisher information. If a role is
not specified, the publisher/author is the same for all versions of the
document. -->
<publisher role="maintainer">
<publishername>Guido Günther</publishername>
</publisher>
<legalnotice id="legalnotice">
<para>
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation
License (GFDL), Version 1.1 or any later version published
by the Free Software Foundation with no Invariant Sections,
no Front-Cover Texts, and no Back-Cover Texts. You can find
a copy of the GFDL at this <ulink type="help" url="ghelp:fdl">link</ulink> or in the file COPYING-DOCS
distributed with this manual.
</para>
<para> This manual is part of a collection of GNOME manuals
distributed under the GFDL. If you want to distribute this
manual separately from the collection, you can do so by
adding a copy of the license to the manual, as described in
section 6 of the license.
</para>
<para>
Many of the names used by companies to distinguish their
products and services are claimed as trademarks. Where those
names appear in any GNOME documentation, and the members of
the GNOME Documentation Project are made aware of those
trademarks, then the names are in capital letters or initial
capital letters.
</para>
<para>
DOCUMENT AND MODIFIED VERSIONS OF THE DOCUMENT ARE PROVIDED
UNDER THE TERMS OF THE GNU FREE DOCUMENTATION LICENSE
WITH THE FURTHER UNDERSTANDING THAT:
<orderedlist>
<listitem>
<para>DOCUMENT IS PROVIDED ON AN "AS IS" BASIS,
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR
IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES
THAT THE DOCUMENT OR MODIFIED VERSION OF THE
DOCUMENT IS FREE OF DEFECTS MERCHANTABLE, FIT FOR
A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE
RISK AS TO THE QUALITY, ACCURACY, AND PERFORMANCE
OF THE DOCUMENT OR MODIFIED VERSION OF THE
DOCUMENT IS WITH YOU. SHOULD ANY DOCUMENT OR
MODIFIED VERSION PROVE DEFECTIVE IN ANY RESPECT,
YOU (NOT THE INITIAL WRITER, AUTHOR OR ANY
CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY
SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER
OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS
LICENSE. NO USE OF ANY DOCUMENT OR MODIFIED
VERSION OF THE DOCUMENT IS AUTHORIZED HEREUNDER
EXCEPT UNDER THIS DISCLAIMER; AND
</para>
</listitem>
<listitem>
<para>UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL
THEORY, WHETHER IN TORT (INCLUDING NEGLIGENCE),
CONTRACT, OR OTHERWISE, SHALL THE AUTHOR,
INITIAL WRITER, ANY CONTRIBUTOR, OR ANY
DISTRIBUTOR OF THE DOCUMENT OR MODIFIED VERSION
OF THE DOCUMENT, OR ANY SUPPLIER OF ANY OF SUCH
PARTIES, BE LIABLE TO ANY PERSON FOR ANY
DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR
CONSEQUENTIAL DAMAGES OF ANY CHARACTER
INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS
OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR
MALFUNCTION, OR ANY AND ALL OTHER DAMAGES OR
LOSSES ARISING OUT OF OR RELATING TO USE OF THE
DOCUMENT AND MODIFIED VERSIONS OF THE DOCUMENT,
EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF
THE POSSIBILITY OF SUCH DAMAGES.
</para>
</listitem>
</orderedlist>
</para>
</legalnotice>
<authorgroup>
<author>
<firstname>Jonathan</firstname>
<surname>Blandford</surname>
<email>rjb@redhat.com</email>
</author>
<author role="maintainer">
<firstname>Guido</firstname>
<surname>Günther</surname>
<email>agx@sigxcpu.org</email>
</author>
<!-- This is appropriate place for other contributors: translators,
maintainers, etc. Commented out by default.
<othercredit role="translator">
<firstname>Latin</firstname>
<surname>Translator 1</surname>
<affiliation>
<orgname>Latin Translation Team</orgname>
<address> <email>translator@gnome.org</email> </address>
</affiliation>
<contrib>Latin translation</contrib>
</othercredit>
-->
</authorgroup>
<!-- The revision numbering system for GNOME manuals is as follows: -->
<!-- * the revision number consists of two components -->
<!-- * the first component of the revision number reflects the release version of the GNOME desktop. -->
<!-- * the second component of the revision number is a decimal unit that is incremented with each revision of the manual. -->
<!-- For example, if the GNOME desktop release is V2.x, the first version of the manual that -->
<!-- is written in that desktop timeframe is V2.0, the second version of the manual is V2.1, etc. -->
<!-- When the desktop release version changes to V3.x, the revision number of the manual changes -->
<!-- to V3.0, and so on. -->
<revhistory>
<revision>
<revnumber>2.0</revnumber>
<date>May 2009</date>
<revdescription>
<para role="author">Guido Günther <email>agx@sigxcpu.org</email></para>
</revdescription>
</revision>
</revhistory>
<releaseinfo>This manual describes how to use the Kerberos Network Authentication Dialog
to manage your Kerberos tickets.
</releaseinfo>
<legalnotice>
<title>Odziv</title>
<para>To report a bug or make a suggestion regarding this package or
this manual, use
<ulink url="http://bugzilla.gnome.org" type="http">GNOME's Bugzilla</ulink>.
</para>
<!-- Translators may also add here feedback address for translations -->
</legalnotice>
</articleinfo>
<!-- ============= Document Body ============================= -->
<!-- ============= Introduction ============================== -->
<section id="intro">
<title>Uvod</title>
<indexterm>
<primary><application>Kerberos Network Authentication Dialog</application></primary>
<secondary>Priročnik</secondary>
<tertiary>krb5-auth-dialog</tertiary>
</indexterm>
<para>
Kerberos Network Authentication Dialog is an applet for the <systemitem>GNOME desktop</systemitem> that monitors
and refreshes your Kerberos ticket. It pops up reminders when the ticket
is about to expire.
</para>
<para>
Once you have acquired a Kerberos ticket - be it via GDM or via the applet itself - the applet will handle the ticket's renewal until it expires. It can also be used to destroy (remove) the credential cache, to acquire a ticket with different options or to switch to another principal.</para>
</section>
<section id="using">
<title>Usage</title>
<para>
<application>Kerberos Network Authentication Dialog</application> is usually started in GNOME startup, but
you can manually start <application>Kerberos Network Authentication Dialog</application> by doing:
</para>
<variablelist>
<varlistentry>
<term>Command line</term>
<listitem>
<para>
Type <command>krb5-auth-dialog</command>,
then press <keycap>Return</keycap>:
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
The tray icon will indicate one of three states:
</para>
<section id="trayicon-valid">
<title>Valid Kerberos ticket</title>
<para>You have a valid Kerberos ticket that can be used to authenticate to network services.</para>
<figure>
<title>Valid Kerberos ticket</title>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="figures/trayicon-valid.png" format="PNG"/>
</imageobject>
</mediaobject>
</screenshot>
</figure>
</section>
<section id="trayicon-expiring">
<title>Kerberos ticket expiring</title>
<para>The Kerberos ticket is about to expire but it can still be used to authenticate to network services.</para>
<figure>
<title>Kerberos ticket expiring</title>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="figures/trayicon-expiring.png" format="PNG"/>
</imageobject>
</mediaobject>
</screenshot>
</figure>
</section>
<section id="trayicon-expired">
<title>Kerberos ticket expired</title>
<para>Your Kerberos became invalid (e.g. expired). It can no longer be used to authenticate to network services. This is not a problem if the application that requires Kerberos knows how to request a new ticket via <application>Kerberos Network Authentication Dialog</application>. In case it doesn't you can just left click on the applet an reenter your password.
</para>
<figure>
<title>Kerberos ticket expired</title>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="figures/trayicon-expired.png" format="PNG"/>
</imageobject>
</mediaobject>
</screenshot>
</figure>
</section>
</section>
<section id="notify">
<title>Notification Messages</title>
<para>
When Kerberos Network Authentication Dialog has started, the following notifications may be displayed.
</para>
<section id="notify-valid">
<title>Kerberos credentials valid</title>
<para>You just acquired a valid Kerberos ticket that can be used to authenticate to network services.</para>
<figure>
<title>Notification when Kerberos credentials become valid</title>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="figures/ka-valid.png" format="PNG"/>
</imageobject>
</mediaobject>
</screenshot>
</figure>
</section>
<section id="notify-expiring">
<title>Kerberos credentials expiring</title>
<para>Your Kerberos credentials are about to expire. You can left click on the tray applet to refresh them.</para>
<figure>
<title>Notification when Kerberos credentials expiring</title>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="figures/ka-expiring.png" format="PNG"/>
</imageobject>
</mediaobject>
</screenshot>
</figure>
</section>
<section id="notify-expired">
<title>Kerberos credentials expired</title>
<para>Your Kerberos credentials just expired. They can no longer be used to authenticate to network services.</para>
<figure>
<title>Notification when Kerberos credentials expired</title>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="figures/ka-expired.png" format="PNG"/>
</imageobject>
</mediaobject>
</screenshot>
</figure>
</section>
</section>
<section id="preferences">
<title>Preferences</title>
<para>
You can set preferences by selecting "Preferences" from the applets context menu or by selecting "Network Authentication" in the <application>Control Center</application>.
<table frame="topbot" id="tbl-principal-prefs">
<title>Kerberos Principal Preferences</title>
<tgroup cols="2" colsep="1" rowsep="1"> <colspec colwidth="19.21*"/> <colspec colwidth="46.79*"/>
<thead>
<row>
<entry colsep="0" rowsep="1">
<para>Dialog Element</para>
</entry>
<entry colsep="0" rowsep="1">
<para>Description</para>
</entry>
</row>
</thead>
<tbody>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para>
<guilabel>Kerberos Principal</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para>The Kerberos principal to use. Leave blank to use you current username. If you change this setting you have to destroy the credential cache before these setting takes effect.</para>
</entry>
</row>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para>
<guilabel>PKINIT Userid</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para>The principals public/private/certificate identifier. Leave empty if not using PKINIT. To enable using a security token add the path to the pkcs11 Library here, e.g. "PKCS11:/usr/lib/opensc/opensc-pkcs11.so"</para>
</entry>
</row>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para>
<guilabel>PKINIT anchors</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para>Path to CA certificates used as trust anchors for pkinit. You only need to set this if it hasn't been set up globally in <filename>/etc/krb5.conf</filename></para>
</entry>
</row>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para>
<guilabel>forwardable</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para>Whether the requested Kerberos ticket should be forwardable. Changing this setting requires to you to reauthenticate by left clicking on the tray icon and entering your password.</para>
</entry>
</row>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para>
<guilabel>renewable</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para>Whether the requested Kerberos ticket should be renewable. Changing this setting requires to you to reauthenticate by left clicking on the tray icon and entering your password.</para>
</entry>
</row>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para>
<guilabel>proxiable</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para>Whether the requested Kerberos ticket should be proxiable. Changing this setting requires to you to reauthenticate by left clicking on the tray icon and entering your password.</para>
</entry>
</row>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para>
<guilabel>Warn .. minutes before expiry</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para>Notifications that your credentials are about to expire will be sent that many minutes before expiry.</para>
</entry>
</row>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para>
<guilabel>Show tray icon</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para>Whether to show the tray icon. Disabling the tray icon will also disable notifications, the password dialog will be brought up instead.</para>
</entry>
</row>
</tbody>
</tgroup>
</table>
</para>
</section>
</article>
|