1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
|
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
<!ENTITY legal SYSTEM "legal.xml">
<!ENTITY GFDL SYSTEM "fdl-appendix.xml">
<!ENTITY appversion "0.10">
<!ENTITY manrevision "0.1">
<!ENTITY date "May 2009">
<!ENTITY app "Kerberos Network Authentication Dialog">
<!ENTITY application "<application>&app;</application>">
]>
<!--
(Do not remove this comment block.)
Template Maintained by the GNOME Documentation Project:
http://developer.gnome.org/projects/gdp
Template version: 2.0 beta
Template last modified Feb 12, 2002
-->
<!--
(Do not remove this comment block.)
Version: 0.0.1
Last modified: May 22, 2009
Maintainers:
Guido Günther <agx@sigxcpu.org>
Translators:
(translators put your name and email here)
-->
<!-- =============Document Header ============================= -->
<article id="index" lang="sl">
<!-- please do not change the id; for translations, change lang to -->
<!-- appropriate code -->
<articleinfo>
<title lang="en"><application>Kerberos Network Authentication Dialog</application> Manual</title>
<abstract role="description">
<para lang="en">
Kerberos Network Authentication Dialog is a small helper that monitors and refreshes your Kerberos ticket.
</para>
</abstract>
<copyright lang="en">
<year>2009</year>
<holder>Guido Günther</holder>
</copyright>
<!-- translators: uncomment this:
<copyright>
<year>2000</year>
<holder>ME-THE-TRANSLATOR (Latin translation)</holder>
</copyright>
-->
<!-- An address can be added to the publisher information. If a role is
not specified, the publisher/author is the same for all versions of the
document. -->
<publisher role="maintainer">
<publishername>Guido Günther</publishername>
</publisher>
<legalnotice id="legalnotice">
<para lang="en">
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation
License (GFDL), Version 1.1 or any later version published
by the Free Software Foundation with no Invariant Sections,
no Front-Cover Texts, and no Back-Cover Texts. You can find
a copy of the GFDL at this <ulink type="help" url="ghelp:fdl">link</ulink> or in the file COPYING-DOCS
distributed with this manual.
</para>
<para lang="en"> This manual is part of a collection of GNOME manuals
distributed under the GFDL. If you want to distribute this
manual separately from the collection, you can do so by
adding a copy of the license to the manual, as described in
section 6 of the license.
</para>
<para lang="en">
Many of the names used by companies to distinguish their
products and services are claimed as trademarks. Where those
names appear in any GNOME documentation, and the members of
the GNOME Documentation Project are made aware of those
trademarks, then the names are in capital letters or initial
capital letters.
</para>
<para lang="en">
DOCUMENT AND MODIFIED VERSIONS OF THE DOCUMENT ARE PROVIDED
UNDER THE TERMS OF THE GNU FREE DOCUMENTATION LICENSE
WITH THE FURTHER UNDERSTANDING THAT:
<orderedlist>
<listitem>
<para lang="en">DOCUMENT IS PROVIDED ON AN "AS IS" BASIS,
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR
IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES
THAT THE DOCUMENT OR MODIFIED VERSION OF THE
DOCUMENT IS FREE OF DEFECTS MERCHANTABLE, FIT FOR
A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE
RISK AS TO THE QUALITY, ACCURACY, AND PERFORMANCE
OF THE DOCUMENT OR MODIFIED VERSION OF THE
DOCUMENT IS WITH YOU. SHOULD ANY DOCUMENT OR
MODIFIED VERSION PROVE DEFECTIVE IN ANY RESPECT,
YOU (NOT THE INITIAL WRITER, AUTHOR OR ANY
CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY
SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER
OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS
LICENSE. NO USE OF ANY DOCUMENT OR MODIFIED
VERSION OF THE DOCUMENT IS AUTHORIZED HEREUNDER
EXCEPT UNDER THIS DISCLAIMER; AND
</para>
</listitem>
<listitem>
<para lang="en">UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL
THEORY, WHETHER IN TORT (INCLUDING NEGLIGENCE),
CONTRACT, OR OTHERWISE, SHALL THE AUTHOR,
INITIAL WRITER, ANY CONTRIBUTOR, OR ANY
DISTRIBUTOR OF THE DOCUMENT OR MODIFIED VERSION
OF THE DOCUMENT, OR ANY SUPPLIER OF ANY OF SUCH
PARTIES, BE LIABLE TO ANY PERSON FOR ANY
DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR
CONSEQUENTIAL DAMAGES OF ANY CHARACTER
INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS
OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR
MALFUNCTION, OR ANY AND ALL OTHER DAMAGES OR
LOSSES ARISING OUT OF OR RELATING TO USE OF THE
DOCUMENT AND MODIFIED VERSIONS OF THE DOCUMENT,
EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF
THE POSSIBILITY OF SUCH DAMAGES.
</para>
</listitem>
</orderedlist>
</para>
</legalnotice>
<authorgroup>
<author lang="en">
<firstname>Jonathan</firstname>
<surname>Blandford</surname>
<email>rjb@redhat.com</email>
</author>
<author role="maintainer" lang="en">
<firstname>Guido</firstname>
<surname>Günther</surname>
<email>agx@sigxcpu.org</email>
</author>
<!-- This is appropriate place for other contributors: translators,
maintainers, etc. Commented out by default.
<othercredit role="translator">
<firstname>Latin</firstname>
<surname>Translator 1</surname>
<affiliation>
<orgname>Latin Translation Team</orgname>
<address> <email>translator@gnome.org</email> </address>
</affiliation>
<contrib>Latin translation</contrib>
</othercredit>
-->
</authorgroup>
<!-- The revision numbering system for GNOME manuals is as follows: -->
<!-- * the revision number consists of two components -->
<!-- * the first component of the revision number reflects the release version of the GNOME desktop. -->
<!-- * the second component of the revision number is a decimal unit that is incremented with each revision of the manual. -->
<!-- For example, if the GNOME desktop release is V2.x, the first version of the manual that -->
<!-- is written in that desktop timeframe is V2.0, the second version of the manual is V2.1, etc. -->
<!-- When the desktop release version changes to V3.x, the revision number of the manual changes -->
<!-- to V3.0, and so on. -->
<revhistory>
<revision lang="en">
<revnumber>2.0</revnumber>
<date>May 2009</date>
<revdescription>
<para role="author" lang="en">Guido Günther
<email>agx@sigxcpu.org</email>
</para>
</revdescription>
</revision>
</revhistory>
<releaseinfo lang="en">This manual describes how to use the Kerberos Network Authentication Dialog
to manage your Kerberos tickets.
</releaseinfo>
<legalnotice>
<title>Odziv</title>
<para lang="en">To report a bug or make a suggestion regarding this package or
this manual, use
<ulink url="http://bugzilla.gnome.org" type="http">GNOME's Bugzilla</ulink>.
</para>
<!-- Translators may also add here feedback address for translations -->
</legalnotice>
</articleinfo>
<!-- ============= Document Body ============================= -->
<!-- ============= Introduction ============================== -->
<section id="intro">
<title>Uvod</title>
<indexterm lang="en">
<primary><application>Kerberos Network Authentication Dialog</application></primary>
<secondary>Manual</secondary>
<tertiary>krb5-auth-dialog</tertiary>
</indexterm>
<para lang="en">
Kerberos Network Authentication Dialog is an applet for the <systemitem>GNOME desktop</systemitem> that monitors
and refreshes your Kerberos ticket. It pops up reminders when the ticket
is about to expire.
</para>
<para lang="en">
Once you have acquired a Kerberos ticket - be it via GDM or via the applet itself - the applet will handle the ticket's renewal until it expires. It can also be used to destroy (remove) the credential cache, to acquire a ticket with different options or to switch to another principal.</para>
</section>
<section id="using">
<title lang="en">Usage</title>
<para lang="en">
<application>Kerberos Network Authentication Dialog</application> is usually started in GNOME startup, but
you can manually start <application>Kerberos Network Authentication Dialog</application> by doing:
</para>
<variablelist>
<varlistentry>
<term lang="en">Command line</term>
<listitem>
<para lang="en">
Type <command>krb5-auth-dialog</command>,
then press <keycap>Return</keycap>:
</para>
</listitem>
</varlistentry>
</variablelist>
<para lang="en">
The tray icon will indicate one of three states:
</para>
<section id="trayicon-valid">
<title lang="en">Valid Kerberos ticket</title>
<para lang="en">You have a valid Kerberos ticket that can be used to authenticate to network services.</para>
<figure>
<title lang="en">Valid Kerberos ticket</title>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="figures/trayicon-valid.png" format="PNG"/>
</imageobject>
</mediaobject>
</screenshot>
</figure>
</section>
<section id="trayicon-expiring">
<title lang="en">Kerberos ticket expiring</title>
<para lang="en">The Kerberos ticket is about to expire but it can still be used to authenticate to network services.</para>
<figure>
<title lang="en">Kerberos ticket expiring</title>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="figures/trayicon-expiring.png" format="PNG"/>
</imageobject>
</mediaobject>
</screenshot>
</figure>
</section>
<section id="trayicon-expired">
<title lang="en">Kerberos ticket expired</title>
<para lang="en">Your Kerberos became invalid (e.g. expired). It can no longer be used to authenticate to network services. This is not a problem if the application that requires Kerberos knows how to request a new ticket via <application>Kerberos Network Authentication Dialog</application>. In case it doesn't you can just left click on the applet an reenter your password.
</para>
<figure>
<title lang="en">Kerberos ticket expired</title>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="figures/trayicon-expired.png" format="PNG"/>
</imageobject>
</mediaobject>
</screenshot>
</figure>
</section>
</section>
<section id="notify">
<title lang="en">Notification Messages</title>
<para lang="en">
When Kerberos Network Authentication Dialog has started, the following notifications may be displayed.
</para>
<section id="notify-valid">
<title lang="en">Kerberos credentials valid</title>
<para lang="en">You just acquired a valid Kerberos ticket that can be used to authenticate to network services.</para>
<figure>
<title lang="en">Notification when Kerberos credentials become valid</title>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="figures/ka-valid.png" format="PNG"/>
</imageobject>
</mediaobject>
</screenshot>
</figure>
</section>
<section id="notify-expiring">
<title lang="en">Kerberos credentials expiring</title>
<para lang="en">Your Kerberos credentials are about to expire. You can left click on the tray applet to refresh them.</para>
<figure>
<title lang="en">Notification when Kerberos credentials expiring</title>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="figures/ka-expiring.png" format="PNG"/>
</imageobject>
</mediaobject>
</screenshot>
</figure>
</section>
<section id="notify-expired">
<title lang="en">Kerberos credentials expired</title>
<para lang="en">Your Kerberos credentials just expired. They can no longer be used to authenticate to network services.</para>
<figure>
<title lang="en">Notification when Kerberos credentials expired</title>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="figures/ka-expired.png" format="PNG"/>
</imageobject>
</mediaobject>
</screenshot>
</figure>
</section>
</section>
<section id="preferences">
<title lang="en">Preferences</title>
<para lang="en">
You can set preferences by selecting "Preferences" from the applets context menu or by selecting "Network Authentication" in the <application>Control Center</application>.
<table frame="topbot" id="tbl-principal-prefs">
<title lang="en">Kerberos Principal Preferences</title>
<tgroup cols="2" colsep="1" rowsep="1"> <colspec colwidth="19.21*"/> <colspec colwidth="46.79*"/>
<thead>
<row>
<entry colsep="0" rowsep="1">
<para lang="en">Dialog Element</para>
</entry>
<entry colsep="0" rowsep="1">
<para lang="en">Description</para>
</entry>
</row>
</thead>
<tbody>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">
<guilabel>Kerberos Principal</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">The Kerberos principal to use. Leave blank to use you current username. If you change this setting you have to destroy the credential cache before these setting takes effect.</para>
</entry>
</row>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">
<guilabel>PKINIT Userid</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">The principals public/private/certificate identifier. Leave empty if not using PKINIT. To enable using a security token add the path to the pkcs11 Library here, e.g. "PKCS11:/usr/lib/opensc/opensc-pkcs11.so"</para>
</entry>
</row>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">
<guilabel>PKINIT anchors</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">Path to CA certificates used as trust anchors for pkinit. You only need to set this if it hasn't been set up globally in <filename>/etc/krb5.conf</filename></para>
</entry>
</row>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">
<guilabel>forwardable</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">Whether the requested Kerberos ticket should be forwardable. Changing this setting requires to you to reauthenticate by left clicking on the tray icon and entering your password.</para>
</entry>
</row>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">
<guilabel>renewable</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">Whether the requested Kerberos ticket should be renewable. Changing this setting requires to you to reauthenticate by left clicking on the tray icon and entering your password.</para>
</entry>
</row>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">
<guilabel>proxiable</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">Whether the requested Kerberos ticket should be proxiable. Changing this setting requires to you to reauthenticate by left clicking on the tray icon and entering your password.</para>
</entry>
</row>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">
<guilabel>Warn .. minutes before expiry</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">Notifications that your credentials are about to expire will be sent that many minutes before expiry.</para>
</entry>
</row>
<row>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">
<guilabel>Show tray icon</guilabel>
</para>
</entry>
<entry colsep="0" rowsep="0" valign="top">
<para lang="en">Whether to show the tray icon. Disabling the tray icon will also disable notifications, the password dialog will be brought up instead.</para>
</entry>
</row>
</tbody>
</tgroup>
</table>
</para>
</section>
</article>
|
