|
version 1.1.1.2, 2013/07/22 10:46:12
|
version 1.1.1.3, 2013/10/14 07:56:34
|
|
Line 14
|
Line 14
|
| .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| .\" |
.\" |
| .Dd April 25, 2013 | .Dd August 30, 2013 |
| .Dt SUDOERS.LDAP @mansectsu@ |
.Dt SUDOERS.LDAP @mansectsu@ |
| .Os Sudo @PACKAGE_VERSION@ |
.Os Sudo @PACKAGE_VERSION@ |
| .Sh NAME |
.Sh NAME |
|
Line 482 are honored.
|
Line 482 are honored.
|
| Configuration options are listed below in upper case but are parsed |
Configuration options are listed below in upper case but are parsed |
| in a case-independent manner. |
in a case-independent manner. |
| .Pp |
.Pp |
| |
The pound sign |
| |
.Pq Ql # |
| |
is used to indicate a comment. |
| |
Both the comment character and any text after it, up to the end of |
| |
the line, are ignored. |
| Long lines can be continued with a backslash |
Long lines can be continued with a backslash |
| .Pq Ql \e |
.Pq Ql \e |
| as the last character on the line. |
as the last character on the line. |
|
Line 760 The key type depends on the LDAP libraries used.
|
Line 765 The key type depends on the LDAP libraries used.
|
| .It Netscape-derived: |
.It Netscape-derived: |
| .Li tls_key /var/ldap/key3.db |
.Li tls_key /var/ldap/key3.db |
| .It Tivoli Directory Server: |
.It Tivoli Directory Server: |
| .Li tls_cert /usr/ldap/ldapkey.kdb | .Li tls_key /usr/ldap/ldapkey.kdb |
| .El |
.El |
| When using Tivoli LDAP libraries, this file may also contain |
When using Tivoli LDAP libraries, this file may also contain |
| Certificate Authority and client certificates and may be encrypted. |
Certificate Authority and client certificates and may be encrypted. |
|
Line 769 The
|
Line 774 The
|
| .Sy TLS_KEYPW |
.Sy TLS_KEYPW |
| contains the password used to decrypt the key database on clients |
contains the password used to decrypt the key database on clients |
| using the Tivoli Directory Server LDAP library. |
using the Tivoli Directory Server LDAP library. |
| |
This should be a simple string without quotes. |
| |
The password may not include the comment character |
| |
.Pq Ql # |
| |
and escaping of special characters with a backslash |
| |
.Pq Ql \e |
| |
is not supported. |
| |
If this option is used, |
| |
.Pa @ldap_conf@ |
| |
must not be world-readable to avoid exposing the password. |
| |
Alternately, a |
| |
.Em stash file |
| |
can be used to store the password in encrypted form (see below). |
| |
.Pp |
| If no |
If no |
| .Sy TLS_KEYPW |
.Sy TLS_KEYPW |
| is specified, a |
is specified, a |
|
Line 788 The default
|
Line 806 The default
|
| .Li ldapkey.kdb |
.Li ldapkey.kdb |
| that ships with Tivoli Directory Server is encrypted with the password |
that ships with Tivoli Directory Server is encrypted with the password |
| .Li ssl_password . |
.Li ssl_password . |
| |
The |
| |
.Em gsk8capicmd |
| |
utility can be used to manage the key database and create a |
| |
.Em stash file . |
| This option is only supported by the Tivoli LDAP libraries. |
This option is only supported by the Tivoli LDAP libraries. |
| .It Sy TLS_RANDFILE Ar file name |
.It Sy TLS_RANDFILE Ar file name |
| The |
The |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudoers.ldap.mdoc.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc