diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml index 8c93423ab7..ac470238ab 100644 --- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml @@ -1728,7 +1728,7 @@ Edit O.K. Testing It All Out - First we have to start the Kerberos daemons. NOTE that if you + First we have to start the Kerberos daemons. Note that if you have correctly edited your /etc/rc.conf then this will happen automatically when you reboot. This is only necessary on the Kerberos server. Kerberos clients will automatically get what @@ -1755,7 +1755,7 @@ Current Kerberos master key version is 1. Master key entered. BEWARE! Now we can try using the kinit command to get a - ticket for the id jane that we created + ticket for the ID jane that we created above: &prompt.user; kinit jane @@ -1773,7 +1773,7 @@ Principal: jane@EXAMPLE.COM Issued Expires Principal Apr 30 11:23:22 Apr 30 19:23:22 krbtgt.EXAMPLE.COM@EXAMPLE.COM - Now try changing the password using passwd to + Now try changing the password using &man.passwd.1; to check if the kpasswd daemon can get authorization to the Kerberos database: @@ -1791,9 +1791,9 @@ Password changed. Kerberos allows us to give each user who needs root privileges their own - separate su password. - We could now add an id which is authorized to - su to root. This is + separate &man.su.1; password. + We could now add an ID which is authorized to + &man.su.1; to root. This is controlled by having an instance of root associated with a principal. Using kdb_edit we can create the entry jane.root in the @@ -1841,7 +1841,7 @@ Kerberos Initialization for "jane.root" &prompt.root; cat /root/.klogin jane.root@EXAMPLE.COM - Now try doing the su: + Now try doing the &man.su.1;: &prompt.user; su Password: @@ -1865,7 +1865,7 @@ May 2 20:43:12 May 3 04:43:12 krbtgt.EXAMPLE.COM@EXAMPLE.COM is a Kerberos default; that a <principal>.<instance> of the form <username>.root will allow - that <username> to su to + that <username> to &man.su.1; to root if the necessary entries are in the .klogin file in root's home directory: @@ -1880,13 +1880,13 @@ jane.root@EXAMPLE.COM jane@EXAMPLE.COM jack@EXAMPLE.COM - This allows anyone in the EXAMPLE.COM realm - who has authenticated themselves to jane or + This allows anyone in the EXAMPLE.COM realm + who has authenticated themselves as jane or jack (via kinit, see above) - access to rlogin to jane's + to access to jane's account or files on this system (grunt) via - rlogin, rsh or - rcp. + &man.rlogin.1;, &man.rsh.1; or + &man.rcp.1;. For example, jane now logs into another system using Kerberos: @@ -1901,11 +1901,11 @@ Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995 - Or Jack logs into Jane's account on the same machine + Or jack logs into jane's account on the same machine (jane having set up the .klogin file as above, and the person in charge of Kerberos having set up principal - jack with a null instance: + jack with a null instance): &prompt.user; kinit &prompt.user; rlogin grunt -l jane