version 1.1.1.2, 2013/07/22 10:46:12
|
version 1.1.1.3, 2013/10/14 07:56:34
|
Line 14
|
Line 14
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" |
.\" |
.Dd April 25, 2013 | .Dd August 30, 2013 |
.Dt SUDOERS.LDAP @mansectsu@ |
.Dt SUDOERS.LDAP @mansectsu@ |
.Os Sudo @PACKAGE_VERSION@ |
.Os Sudo @PACKAGE_VERSION@ |
.Sh NAME |
.Sh NAME |
Line 482 are honored.
|
Line 482 are honored.
|
Configuration options are listed below in upper case but are parsed |
Configuration options are listed below in upper case but are parsed |
in a case-independent manner. |
in a case-independent manner. |
.Pp |
.Pp |
|
The pound sign |
|
.Pq Ql # |
|
is used to indicate a comment. |
|
Both the comment character and any text after it, up to the end of |
|
the line, are ignored. |
Long lines can be continued with a backslash |
Long lines can be continued with a backslash |
.Pq Ql \e |
.Pq Ql \e |
as the last character on the line. |
as the last character on the line. |
Line 760 The key type depends on the LDAP libraries used.
|
Line 765 The key type depends on the LDAP libraries used.
|
.It Netscape-derived: |
.It Netscape-derived: |
.Li tls_key /var/ldap/key3.db |
.Li tls_key /var/ldap/key3.db |
.It Tivoli Directory Server: |
.It Tivoli Directory Server: |
.Li tls_cert /usr/ldap/ldapkey.kdb | .Li tls_key /usr/ldap/ldapkey.kdb |
.El |
.El |
When using Tivoli LDAP libraries, this file may also contain |
When using Tivoli LDAP libraries, this file may also contain |
Certificate Authority and client certificates and may be encrypted. |
Certificate Authority and client certificates and may be encrypted. |
Line 769 The
|
Line 774 The
|
.Sy TLS_KEYPW |
.Sy TLS_KEYPW |
contains the password used to decrypt the key database on clients |
contains the password used to decrypt the key database on clients |
using the Tivoli Directory Server LDAP library. |
using the Tivoli Directory Server LDAP library. |
|
This should be a simple string without quotes. |
|
The password may not include the comment character |
|
.Pq Ql # |
|
and escaping of special characters with a backslash |
|
.Pq Ql \e |
|
is not supported. |
|
If this option is used, |
|
.Pa @ldap_conf@ |
|
must not be world-readable to avoid exposing the password. |
|
Alternately, a |
|
.Em stash file |
|
can be used to store the password in encrypted form (see below). |
|
.Pp |
If no |
If no |
.Sy TLS_KEYPW |
.Sy TLS_KEYPW |
is specified, a |
is specified, a |
Line 788 The default
|
Line 806 The default
|
.Li ldapkey.kdb |
.Li ldapkey.kdb |
that ships with Tivoli Directory Server is encrypted with the password |
that ships with Tivoli Directory Server is encrypted with the password |
.Li ssl_password . |
.Li ssl_password . |
|
The |
|
.Em gsk8capicmd |
|
utility can be used to manage the key database and create a |
|
.Em stash file . |
This option is only supported by the Tivoli LDAP libraries. |
This option is only supported by the Tivoli LDAP libraries. |
.It Sy TLS_RANDFILE Ar file name |
.It Sy TLS_RANDFILE Ar file name |
The |
The |