From 9dd925cd205f4680c9015b9776f78ba2e4742dac Mon Sep 17 00:00:00 2001
From: Tom Rhodes <trhodes@FreeBSD.org>
Date: Wed, 10 Sep 2003 19:31:36 +0000
Subject: [PATCH] Clean up the <indexterms> so that they are in a logical
 order.  This will index the KerberosIV entries under KerberosIV and Kerberos5
 entries under Kerberos5.

---
 .../books/handbook/security/chapter.sgml      | 64 +++++++++++++++----
 1 file changed, 52 insertions(+), 12 deletions(-)

diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
index 375fa2b3d4..6d82620fe3 100644
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@@ -419,7 +419,7 @@
 	vast majority of break-ins occur remotely, over a network, from
 	people who do not have physical access to your workstation or
 	servers.</para>
-      <indexterm><primary>Kerberos</primary></indexterm>
+      <indexterm><primary>KerberosIV</primary></indexterm>
 
       <para>Using something like Kerberos also gives you the ability to
 	disable or change the password for a staff account in one place,
@@ -916,7 +916,7 @@
     <sect2>
       <title>Access Issues with Kerberos and SSH</title>
       <indexterm><primary><command>ssh</command></primary></indexterm>
-      <indexterm><primary>Kerberos</primary></indexterm>
+      <indexterm><primary>KerberosIV</primary></indexterm>
 
       <para>There are a few issues with both Kerberos and
 	ssh that need to be addressed if
@@ -1457,8 +1457,7 @@ permit port ttyd0</programlisting>
     </sect1info>
 
     <title>KerberosIV</title>
-    <indexterm><primary>KerberosIV</primary></indexterm>
-    
+
     <para>Kerberos is a network add-on system/protocol that allows users to
       authenticate themselves through the services of a secure server.
       Services such as remote login, remote copy, secure inter-system file
@@ -1470,12 +1469,12 @@ permit port ttyd0</programlisting>
       relevant manual pages for a complete description.</para>
 
     <sect2>
-      <title>Installing Kerberos</title>
+      <title>Installing KerberosIV</title>
 
       <indexterm><primary>MIT</primary></indexterm>
       <indexterm>
-	<primary>Kerberos</primary>
-	<secondary>installing</secondary>
+	<primary>KerberosIV</primary>
+	<secondary>Installing</secondary>
       </indexterm>
       <para>Kerberos is an optional component of &os;.  The easiest
         way to install this software is by selecting the <literal>krb4</literal> or
@@ -1577,7 +1576,7 @@ It is important that you NOT FORGET this password.
       <para>Now we have to save the key so that servers on the local machine
 	can pick it up.  Use the <command>kstash</command> command to do
 	this:</para>
-	  
+	
       <screen>&prompt.root; <userinput>kstash</userinput>
 	      
 <prompt>Enter Kerberos master key:</prompt>
@@ -1585,14 +1584,19 @@ It is important that you NOT FORGET this password.
 Current Kerberos master key version is 1.
 
 Master key entered. BEWARE!</screen>
-	  
+	
       <para>This saves the encrypted master password in
 	<filename>/etc/kerberosIV/master_key</filename>.</para>
     </sect2>
     
     <sect2>
       <title>Making It All Run</title>
-	  
+	
+      <indexterm>
+	<primary>KerberosIV</primary>
+	<secondary>Inital Startup</secondary>
+      </indexterm>
+
       <para>Two principals need to be added to the database for
 	<emphasis>each</emphasis> system that will be secured with Kerberos.
 	Their names are <literal>kpasswd</literal> and <literal>rcmd</literal>.
@@ -1945,8 +1949,6 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
 
     <title><application>Kerberos5</application></title>
 
-    <indexterm><primary>Kerberos5</primary></indexterm>
-
     <para>Every &os; release beyond &os;-5.1 includes support
       only for <application>Kerberos5</application>.  Hence
       <application>Kerberos5</application> is the only version
@@ -2011,6 +2013,10 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
 
     <sect2>
       <title>History</title>
+      <indexterm>
+	<primary>Kerberos5</primary>
+	<secondary>History</secondary>
+      </indexterm>
 
       <para><application>Kerberos</application> was created by
 	<acronym>MIT</acronym> as a solution to network security problems.
@@ -2053,6 +2059,10 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
 
     <sect2>
       <title>Setting up a Heimdal <acronym>KDC</acronym></title>
+      <indexterm>
+	<primary>Kerberos5</primary>
+	<secondary>Key Distribution Center Configuration</secondary>
+      </indexterm>
 
       <para>The Key Distribution Center (<acronym>KDC</acronym>) is the
 	centralized authentication service that
@@ -2187,6 +2197,11 @@ _kerberos           IN  TXT     EXAMPLE.ORG.</programlisting></note>
 	<title><application>Kerberos</application> enabling a server with
 	  Heimdal services</title>
 
+        <indexterm>
+	  <primary>Kerberos5</primary>
+	  <secondary>Enabling Services</secondary>
+        </indexterm>
+
 	<para>First, we need a copy of the <application>Kerberos</application>
 	  configuration file, <filename>/etc/krb5.conf</filename>.  To do
 	  so, simply copy it over to the client computer from the
@@ -2286,6 +2301,11 @@ _kerberos           IN  TXT     EXAMPLE.ORG.</programlisting></note>
       <sect2>
 	<title><application>Kerberos</application> enabling a client with Heimdal</title>
 
+	<indexterm>
+	  <primary>Kerberos5</primary>
+	  <secondary>Client Configuration</secondary>
+	</indexterm>
+
 	<para>Setting up a client computer is almost trivially easy.  As
 	  far as <application>Kerberos</application> configuration goes,
 	  you only need the <application>Kerberos</application>
@@ -2339,6 +2359,11 @@ _kerberos           IN  TXT     EXAMPLE.ORG.</programlisting></note>
       <sect2>
 	<title>User configuration files: <filename>.k5login</filename> and <filename>.k5users</filename></title>
 
+	<indexterm>
+	  <primary>Kerberos5</primary>
+	  <secondary>User Configuration Files</secondary>
+	</indexterm>
+
 	<para>Users within a realm typically have their
 	  <application>Kerberos</application> principal (such as
 	  <username>tillman@EXAMPLE.ORG</username>) mapped to a local
@@ -2379,6 +2404,11 @@ _kerberos           IN  TXT     EXAMPLE.ORG.</programlisting></note>
       <sect2>
 	<title><application>Kerberos</application> Tips, Tricks, and Troubleshooting</title>
 
+	<indexterm>
+	  <primary>Kerberos5</primary>
+	  <secondary>Troubleshooting</secondary>
+	</indexterm>
+
 	<itemizedlist>
 	  <listitem>
 	    <para>When using either the Heimdal or <acronym>MIT</acronym>
@@ -2549,6 +2579,11 @@ _kerberos           IN  TXT     EXAMPLE.ORG.</programlisting></note>
       <sect2>
 	<title>Mitigating limitations found in <application>Kerberos</application></title>
 
+	<indexterm>
+	  <primary>Kerberos5</primary>
+	  <secondary>Limitations and Shortcomings</secondary>
+	</indexterm>
+
 	<sect3>
 	 <title><application>Kerberos</application> is an all-or-nothing approach</title>
 
@@ -2633,6 +2668,11 @@ _kerberos           IN  TXT     EXAMPLE.ORG.</programlisting></note>
       <sect2>
 	<title>Resources and further information</title>
 
+	<indexterm>
+	  <primary>Kerberos5</primary>
+	  <secondary>External Resources</secondary>
+	</indexterm>
+
 	<itemizedlist>
 	  <listitem>
 	  <para><ulink