10Sstevel@tonic-gate /*
20Sstevel@tonic-gate  * CDDL HEADER START
30Sstevel@tonic-gate  *
40Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
50Sstevel@tonic-gate  * Common Development and Distribution License, Version 1.0 only
60Sstevel@tonic-gate  * (the "License").  You may not use this file except in compliance
70Sstevel@tonic-gate  * with the License.
80Sstevel@tonic-gate  *
90Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
100Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
110Sstevel@tonic-gate  * See the License for the specific language governing permissions
120Sstevel@tonic-gate  * and limitations under the License.
130Sstevel@tonic-gate  *
140Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
150Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
160Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
170Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
180Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
190Sstevel@tonic-gate  *
200Sstevel@tonic-gate  * CDDL HEADER END
210Sstevel@tonic-gate  */
220Sstevel@tonic-gate /*
230Sstevel@tonic-gate  * ident	"%Z%%M%	%I%	%E% SMI"
240Sstevel@tonic-gate  *
25*96Ssemery  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
26*96Ssemery  * Use is subject to license terms.
270Sstevel@tonic-gate  */
280Sstevel@tonic-gate 
290Sstevel@tonic-gate import java.util.ListResourceBundle;
300Sstevel@tonic-gate 
310Sstevel@tonic-gate // On-line spot help.  Defined as strings of a "contents" object.
320Sstevel@tonic-gate 
330Sstevel@tonic-gate public class HelpData extends ListResourceBundle {
340Sstevel@tonic-gate     public Object [][] getContents() {
350Sstevel@tonic-gate         return contents;
360Sstevel@tonic-gate     }
370Sstevel@tonic-gate 
380Sstevel@tonic-gate     static final Object [][] contents = {
390Sstevel@tonic-gate 
400Sstevel@tonic-gate         //
410Sstevel@tonic-gate         //  Main Login Panel
420Sstevel@tonic-gate         //
430Sstevel@tonic-gate 
440Sstevel@tonic-gate         {"MainLoginPanel",
450Sstevel@tonic-gate 	 // Not currently available in GUI
460Sstevel@tonic-gate 	 "This window enables you to log in and use the SEAM Administration"
470Sstevel@tonic-gate 	 +"Tool. The default information that initially fills in the fields"
480Sstevel@tonic-gate 	 +" is read from the system's /etc/krb5/krb5.conf file (except"
490Sstevel@tonic-gate 	 +" for the principal name)."},
500Sstevel@tonic-gate 
510Sstevel@tonic-gate 
520Sstevel@tonic-gate         {"LoginName",
530Sstevel@tonic-gate 	 "The principal name to log in with (without realm included)."
540Sstevel@tonic-gate 	 +"In order to use the SEAM Administration Tool, your principal"
550Sstevel@tonic-gate 	 +" must have the appropriate privileges specified in the master"
560Sstevel@tonic-gate 	 +" KDC's kadm5.acl"
570Sstevel@tonic-gate 	 +" file.\n"
580Sstevel@tonic-gate 	 +" \n"
590Sstevel@tonic-gate 	 +"The default principal name consists of your user name with the"
600Sstevel@tonic-gate 	 +" 'admin' instance appended. For example, 'jdb/admin'."},
610Sstevel@tonic-gate 
620Sstevel@tonic-gate 
630Sstevel@tonic-gate         {"LoginPass",
640Sstevel@tonic-gate 	 "The password for the principal."},
650Sstevel@tonic-gate 
660Sstevel@tonic-gate 
670Sstevel@tonic-gate         {"LoginRealm",
680Sstevel@tonic-gate 	 "The Kerberos realm, which is similar to a DNS domain."
690Sstevel@tonic-gate 	 +"In most cases, the realm name is your domain name, and it should"
700Sstevel@tonic-gate 	 +" be upper-case. For example, 'MTN.ACME.COM'.\n"
710Sstevel@tonic-gate 	 +" \n"
720Sstevel@tonic-gate 	 +"Each realm has one master KDC and may include slave"
730Sstevel@tonic-gate 	 +" KDCs that contain read-only copies of the master."
740Sstevel@tonic-gate 	 +"The default realm is read from the system's"
750Sstevel@tonic-gate 	 +" /etc/krb5/krb5.conf file."},
760Sstevel@tonic-gate 
770Sstevel@tonic-gate 
780Sstevel@tonic-gate         {"LoginServer",
790Sstevel@tonic-gate 	 "The master KDC where the Kerberos administration server, kadmind,"
800Sstevel@tonic-gate 	 +" is running and where the KDC (Key Distribution Center) is located."
810Sstevel@tonic-gate 	 +"You must provide a fully-qualified host name for the master KDC.\n"
820Sstevel@tonic-gate 	 +" \n"
830Sstevel@tonic-gate 	 +"The default admin server is read from the"
840Sstevel@tonic-gate 	 +" system's /etc/krb5/krb5.conf file."},
850Sstevel@tonic-gate 
860Sstevel@tonic-gate 
870Sstevel@tonic-gate         {"LoginOK",
880Sstevel@tonic-gate 	 "Checks the information"
890Sstevel@tonic-gate 	 +" in this window, and if valid, logs you into the tool."},
900Sstevel@tonic-gate 
910Sstevel@tonic-gate 
920Sstevel@tonic-gate         {"LoginStartOver",
930Sstevel@tonic-gate 	 "Resets all fields in this window to their initial"
940Sstevel@tonic-gate 	 +" settings (when the tool was started)."},
950Sstevel@tonic-gate 
960Sstevel@tonic-gate 
970Sstevel@tonic-gate         //
980Sstevel@tonic-gate         // Panel Tabs
990Sstevel@tonic-gate         //
1000Sstevel@tonic-gate 
1010Sstevel@tonic-gate 
1020Sstevel@tonic-gate         {"PrincipalTab",
1030Sstevel@tonic-gate 	 "Sends you to the list of principals. If you are currently"
1040Sstevel@tonic-gate 	 +" working on a principal or policy and you've made"
1050Sstevel@tonic-gate 	 +" changes, you'll be prompted to cancel or save"
1060Sstevel@tonic-gate 	 +" the changes before being sent to Principal List panel."},
1070Sstevel@tonic-gate 
1080Sstevel@tonic-gate 
1090Sstevel@tonic-gate         {"PolicyTab",
1100Sstevel@tonic-gate 	 "Sends you to the list of policies. If you are currently working on a"
1110Sstevel@tonic-gate 	 +" principal or policy and you've made changes, you'll be prompted to"
1120Sstevel@tonic-gate 	 +" cancel or save the changes before being sent to Policy"
1130Sstevel@tonic-gate 	 +" List panel."},
1140Sstevel@tonic-gate 
1150Sstevel@tonic-gate 
1160Sstevel@tonic-gate 
1170Sstevel@tonic-gate         //
1180Sstevel@tonic-gate         // Principal List Panel
1190Sstevel@tonic-gate         //
1200Sstevel@tonic-gate 
1210Sstevel@tonic-gate 
1220Sstevel@tonic-gate         {"PrinListPanel",
1230Sstevel@tonic-gate 	 // Not currently available in GUI
1240Sstevel@tonic-gate 	 "This panel enables you to select a principal from the list to modify,"
1250Sstevel@tonic-gate 	 +" delete, and duplicate. You can also create a new principal.\n"
1260Sstevel@tonic-gate 	 +" \n"
1270Sstevel@tonic-gate 	 +"  principal is an entity to which tickets may be assigned, generally"
1280Sstevel@tonic-gate 	 +" of the form <primary>/<instance>@<REALM>. For example,"
1290Sstevel@tonic-gate 	 +" jdb/admin@MTN.ACME.COM.\n"
1300Sstevel@tonic-gate 	 +" \n"
1310Sstevel@tonic-gate 	 +" display a specific principal or"
1320Sstevel@tonic-gate 	 +" sublist of principals, enter a filter string in the Filter Pattern"
1330Sstevel@tonic-gate 	 +" field and press"
1340Sstevel@tonic-gate 	 +" return.\n"
1350Sstevel@tonic-gate 	 +" \n"
1360Sstevel@tonic-gate 	 +"To perform an operation on a principal, select it from the list and"
1370Sstevel@tonic-gate 	 +" click the appropriate button. To create a new principal, click"
1380Sstevel@tonic-gate 	 +" Create New."},
1390Sstevel@tonic-gate 
1400Sstevel@tonic-gate 
1410Sstevel@tonic-gate         {"PrList",
1420Sstevel@tonic-gate 	 "Displays all the available principals in the specified realm.\n"
1430Sstevel@tonic-gate 	 +" \n"
1440Sstevel@tonic-gate 	 +"To select a principal, click on its name in the list;"
1450Sstevel@tonic-gate 	 +" double-clicking on a principal is equivalent to selecting"
1460Sstevel@tonic-gate 	 +" the principal and clicking Modify."},
1470Sstevel@tonic-gate 
1480Sstevel@tonic-gate 
1490Sstevel@tonic-gate         {"PrNoList",
1500Sstevel@tonic-gate 	 "This list panel is blank when you don't have list privileges"
1510Sstevel@tonic-gate 	 +" or you've chosen not to show lists."},
1520Sstevel@tonic-gate 
1530Sstevel@tonic-gate 
1540Sstevel@tonic-gate         {"PrListPattern",
1550Sstevel@tonic-gate 	 "Enables you to apply a filter on the available principals to"
1560Sstevel@tonic-gate 	 +" display a particular principal or sublist of principals."
1570Sstevel@tonic-gate 	 +"The filter string you enter may consist of one or more"
1580Sstevel@tonic-gate 	 +" characters. And, because the filter mechanism is case"
1590Sstevel@tonic-gate 	 +" sensitive, you need to use the appropriate upper-case and"
1600Sstevel@tonic-gate 	 +" lower-case letters for the filter.\n"
1610Sstevel@tonic-gate 	 +" \n"
1620Sstevel@tonic-gate 	 +"For example, entering 'user' for the filter would match"
1630Sstevel@tonic-gate 	 +" and display principals such as 'enguser', 'user1',"
1640Sstevel@tonic-gate 	 +" and 'useradmin'.\n"
1650Sstevel@tonic-gate 	 +" '\n"
1660Sstevel@tonic-gate 	 +"To display a particular principal or sublist of"
1670Sstevel@tonic-gate 	 +" principals, enter a filter string and press return.\n"
1680Sstevel@tonic-gate 	 +" \n"
1690Sstevel@tonic-gate 	 +"To display the entire list of principals, click Clear"
1700Sstevel@tonic-gate 	 +" Filter(or clear the Filter Pattern field and press return)."},
1710Sstevel@tonic-gate 
1720Sstevel@tonic-gate 
1730Sstevel@tonic-gate         {"PrNameNoList",
1740Sstevel@tonic-gate 	 "When the principal list is not displayed,"
1750Sstevel@tonic-gate 	 +" you must enter principal names in this field to perform"
1760Sstevel@tonic-gate 	 +" operations on them. Entering a name is equivalent to selecting"
1770Sstevel@tonic-gate 	 +" an item from the principal list in normal operation.\n"
1780Sstevel@tonic-gate 	 +" \n"
1790Sstevel@tonic-gate 	 +"To clear the principal entry, click Clear Name (or clear the"
1800Sstevel@tonic-gate 	 +" Name field and press return)."},
1810Sstevel@tonic-gate 
1820Sstevel@tonic-gate 
1830Sstevel@tonic-gate         {"PrListClear",
1840Sstevel@tonic-gate 	 "Clears the filter and displays the full list of available",
1850Sstevel@tonic-gate 	 " principals."},
1860Sstevel@tonic-gate 
1870Sstevel@tonic-gate 
1880Sstevel@tonic-gate         {"PrNoListClear",
1890Sstevel@tonic-gate 	 "Clears the Name field."},
1900Sstevel@tonic-gate 
1910Sstevel@tonic-gate 
1920Sstevel@tonic-gate         {"PrListModify",
1930Sstevel@tonic-gate 	 "Opens a series of panels that enable you to modify the selected"
1940Sstevel@tonic-gate 	 +" principal, such as the principal's password, expiry date,"
1950Sstevel@tonic-gate 	 +" and policy."},
1960Sstevel@tonic-gate 
1970Sstevel@tonic-gate 
1980Sstevel@tonic-gate         {"PrListAdd",
1990Sstevel@tonic-gate 	 "Opens a series of panels that enable you to create a new principal."
2000Sstevel@tonic-gate 	 +" The panels will have some of the fields already filled in with"
2010Sstevel@tonic-gate 	 +" default values, which you can set up by choosing Properties from"
2020Sstevel@tonic-gate 	 +" the Edit menu.\n"
2030Sstevel@tonic-gate 	 +" \n"
2040Sstevel@tonic-gate 	 +"The Duplicate button performs the same function; however,"
2050Sstevel@tonic-gate 	 +" instead of the fields filled in with default values, the fields"
2060Sstevel@tonic-gate 	 +" are filled in with the same values as the selected principal."},
2070Sstevel@tonic-gate 
2080Sstevel@tonic-gate 
2090Sstevel@tonic-gate         {"PrListDelete",
2100Sstevel@tonic-gate 	 "Deletes the selected principal from the Kerberos realm.  The deleted"
2110Sstevel@tonic-gate 	 +" principal can no longer be assigned Kerberos tickets."},
2120Sstevel@tonic-gate 
2130Sstevel@tonic-gate 
2140Sstevel@tonic-gate         {"PrListDuplicate",
2150Sstevel@tonic-gate 	 "Opens a series of panels that enable you to duplicate the selected"
2160Sstevel@tonic-gate 	 +" principal. The panels will have the fields already filled in"
2170Sstevel@tonic-gate 	 +" with the same values as the selected principal,"
2180Sstevel@tonic-gate 	 +" except for the principal's name and password."
2190Sstevel@tonic-gate 	 +"You can use this button to quickly create a new principal using "
2200Sstevel@tonic-gate 	 +" another principal as a template.\n"
2210Sstevel@tonic-gate 	 +" \n"
2220Sstevel@tonic-gate 	 +"The Create New button performs the same function; however,"
2230Sstevel@tonic-gate 	 +" instead of"
2240Sstevel@tonic-gate 	 +" the fields filled in with the same values as the selected"
2250Sstevel@tonic-gate 	 +" principal, the fields are filled in with default values."},
2260Sstevel@tonic-gate 
2270Sstevel@tonic-gate 
2280Sstevel@tonic-gate 
2290Sstevel@tonic-gate         //
2300Sstevel@tonic-gate         //  Principal Basics Panel
2310Sstevel@tonic-gate         //
2320Sstevel@tonic-gate 
2330Sstevel@tonic-gate 
2340Sstevel@tonic-gate         {"PrincipalBasicsPanel",
2350Sstevel@tonic-gate 	 // Not currently available in GUI
2360Sstevel@tonic-gate 	 "This panel enables you to specify the basic attributes for a"
2370Sstevel@tonic-gate 	 +" principal."},
2380Sstevel@tonic-gate 
2390Sstevel@tonic-gate 
2400Sstevel@tonic-gate         {"PrName",
2410Sstevel@tonic-gate 	 "The name of the principal (the <primary>/<instance> part of a"
2420Sstevel@tonic-gate 	 +" fully-qualified principal name).  A principal is a unique identity"
2430Sstevel@tonic-gate 	 +" to which the KDC can assign tickets.\n"
2440Sstevel@tonic-gate 	 +" \n"
2450Sstevel@tonic-gate 	 +"If you are modifying a principal,"
2460Sstevel@tonic-gate 	 +" you cannot edit a principal's name.\n"
2470Sstevel@tonic-gate 	 +" \n"
2480Sstevel@tonic-gate 	 +"For service (or host) principal names, the <primary> part must be"
2490Sstevel@tonic-gate 	 +" the name of a service, such as 'host' for telnet and rsh"
2500Sstevel@tonic-gate 	 +" services,'ftp', or 'nfs'."
2510Sstevel@tonic-gate 	 +"The < instance > part must be the name of the system"
2520Sstevel@tonic-gate 	 +" that requires Kerberos authentication for that service."
2530Sstevel@tonic-gate 	 +"For example, 'host/denver.mtn.acme.com'.\n"
2540Sstevel@tonic-gate 	 +" \n"
2550Sstevel@tonic-gate 	 +"For user principal names, the < primary > part must be"
2560Sstevel@tonic-gate 	 +" the name of the"
2570Sstevel@tonic-gate 	 +" user."
2580Sstevel@tonic-gate 	 +"The < instance > part is optional, but it can be a term used to"
2590Sstevel@tonic-gate 	 +" describe the intended use for the principals, such as 'admin', or"
2600Sstevel@tonic-gate 	 +" it can be the name of a system, which enables you to create"
2610Sstevel@tonic-gate 	 +" different"
2620Sstevel@tonic-gate 	 +" principals for the same user on a per-system basis."
2630Sstevel@tonic-gate 	 +" For example, 'jdb/admin', 'jdb/denver@acme.com', or 'jdb'."},
2640Sstevel@tonic-gate 
2650Sstevel@tonic-gate 
2660Sstevel@tonic-gate         {"PrComments",
2670Sstevel@tonic-gate 	 "Comments related to the principal (for example,"
2680Sstevel@tonic-gate 	 +" 'Temporary Account')."},
2690Sstevel@tonic-gate 
2700Sstevel@tonic-gate 
2710Sstevel@tonic-gate         {"PrPolicy",
2720Sstevel@tonic-gate 	 "A menu of available policies for the principal."},
2730Sstevel@tonic-gate 
2740Sstevel@tonic-gate 
2750Sstevel@tonic-gate         {"PrPassword",
2760Sstevel@tonic-gate 	 "The password for the principal."},
2770Sstevel@tonic-gate 
2780Sstevel@tonic-gate 
2790Sstevel@tonic-gate         {"PrBasicRandomPw",
2800Sstevel@tonic-gate 	 "Creates a random password for the principal and copies it into"
2810Sstevel@tonic-gate 	 +" the Password field."},
2820Sstevel@tonic-gate 
2830Sstevel@tonic-gate 
2840Sstevel@tonic-gate         {"PrinBasLastPrincipalChange",
2850Sstevel@tonic-gate 	 "The date on which information for the principal was"
2860Sstevel@tonic-gate 	 +" last modified."},
2870Sstevel@tonic-gate 
2880Sstevel@tonic-gate 
2890Sstevel@tonic-gate         {"PrinBasLastChangedBy",
2900Sstevel@tonic-gate 	 "The name of the principal who last modified the account for this"
2910Sstevel@tonic-gate 	 +" principal."},
2920Sstevel@tonic-gate 
293*96Ssemery         {"EncList",
294*96Ssemery 	 "The encryption types that the principal's keys will be created with."
295*96Ssemery 	 +" Use a white space to separate encryption types."
296*96Ssemery 	 +" Leave blank if the default set of encryption types is desired."
297*96Ssemery 	 +" Refer to krb5.conf for the available encryption types supported."
298*96Ssemery 	 +" The default set of dialog choices can be over-ridden by defining"
299*96Ssemery 	 +" supported_enctypes with the desired list of encryption types in"
300*96Ssemery 	 +" the realm's section of krb5.conf."
301*96Ssemery 	 +" \n"
302*96Ssemery 	 +"Changing encryption types is only applicable when creating a"
303*96Ssemery 	 +" principal or when changing a password.  So a password must be"
304*96Ssemery 	 +" accompanied with any encryption type changes."},
3050Sstevel@tonic-gate 
3060Sstevel@tonic-gate         {"PrExpiry",
3070Sstevel@tonic-gate 	 "The date and time on which the principal's account expires. When the"
3080Sstevel@tonic-gate 	 +" account expires, the principal can no longer"
3090Sstevel@tonic-gate 	 +" get a ticket-granting ticket (TGT) and may not be able to log in.\n"
3100Sstevel@tonic-gate 	 +" \n"
3110Sstevel@tonic-gate 	 +"To set up the account with no expiration date,"
3120Sstevel@tonic-gate 	 +" enter the word 'never' in the field.\n"
3130Sstevel@tonic-gate 	 +" \n"
3140Sstevel@tonic-gate 	 +"To help create a formatted date and time entry, click the adjacent"
3150Sstevel@tonic-gate 	 +" '...' button to bring up a helper."},
3160Sstevel@tonic-gate 
3170Sstevel@tonic-gate 
3180Sstevel@tonic-gate         {"PrSave",
3190Sstevel@tonic-gate 	 "Saves any changes you've made to the current principal."},
3200Sstevel@tonic-gate 
3210Sstevel@tonic-gate 
3220Sstevel@tonic-gate         {"PrCancel",
3230Sstevel@tonic-gate 	 "Discards all the changes you've made to the current principal"
3240Sstevel@tonic-gate 	 +" and sends you back to the list of principals."},
3250Sstevel@tonic-gate 
3260Sstevel@tonic-gate 
3270Sstevel@tonic-gate         {"PrBasicPrevious",
3280Sstevel@tonic-gate 	 "Sends you back to the list of principals.\n"
3290Sstevel@tonic-gate 	 +" \n"
3300Sstevel@tonic-gate 	 +"Note that you must save or cancel any changes you've made to"
3310Sstevel@tonic-gate 	 +" the current principal before you can go back to the list."},
3320Sstevel@tonic-gate 
3330Sstevel@tonic-gate 
3340Sstevel@tonic-gate         {"PrBasicNext",
3350Sstevel@tonic-gate 	 "Sends you to the next Principal Details panel that contains"
3360Sstevel@tonic-gate 	 +" the password and ticket lifetime attributes for the principal."},
3370Sstevel@tonic-gate 
3380Sstevel@tonic-gate 
3390Sstevel@tonic-gate 
3400Sstevel@tonic-gate         //
3410Sstevel@tonic-gate         // Principal Detail Panel
3420Sstevel@tonic-gate         //
3430Sstevel@tonic-gate 
3440Sstevel@tonic-gate 
3450Sstevel@tonic-gate         {"PrincipalDetailPanel",
3460Sstevel@tonic-gate 	 // Not currently available in GUI
3470Sstevel@tonic-gate 	 "This panel enables you to specify the password and"
3480Sstevel@tonic-gate 	 +" ticket lifetime attributes for the principal principal."},
3490Sstevel@tonic-gate 
3500Sstevel@tonic-gate 
3510Sstevel@tonic-gate         {"PrinDetLastSuccess",
3520Sstevel@tonic-gate 	 "The date and time when the principal last logged in successfully."},
3530Sstevel@tonic-gate 
3540Sstevel@tonic-gate 
3550Sstevel@tonic-gate         {"PrinDetLastFailure",
3560Sstevel@tonic-gate 	 "The date and time when the last login failure for the"
3570Sstevel@tonic-gate 	 +" principal occurred."},
3580Sstevel@tonic-gate 
3590Sstevel@tonic-gate 
3600Sstevel@tonic-gate         {"PrinDetFailureCount",
3610Sstevel@tonic-gate 	 "The number of times that there has been a login failure"
3620Sstevel@tonic-gate 	 +" for the principal."},
3630Sstevel@tonic-gate 
3640Sstevel@tonic-gate 
3650Sstevel@tonic-gate         {"PrinDetLastPasswordChange",
3660Sstevel@tonic-gate 	 "The date and time when the principal's password was "
3670Sstevel@tonic-gate 	 +" last changed."},
3680Sstevel@tonic-gate 
3690Sstevel@tonic-gate 
3700Sstevel@tonic-gate         {"PrPwExpiry",
3710Sstevel@tonic-gate 	 "The date and time when the principal's current password"
3720Sstevel@tonic-gate 	 +" will expire.\n"
3730Sstevel@tonic-gate 	 +" \n"
3740Sstevel@tonic-gate 	 +"To set up the password with no expiration date, enter the"
3750Sstevel@tonic-gate 	 +" word 'never'in the field.\n"
3760Sstevel@tonic-gate 	 +" \n"
3770Sstevel@tonic-gate 	 +"To help create a formatted date and time entry, click the adjacent"
3780Sstevel@tonic-gate 	 +" '...' button to bring up a helper."},
3790Sstevel@tonic-gate 
3800Sstevel@tonic-gate 
3810Sstevel@tonic-gate         {"PrKvno",
3820Sstevel@tonic-gate 	 "The key version number for the principal; this is normally"
3830Sstevel@tonic-gate 	 +" changed only when a password has been compromised."},
3840Sstevel@tonic-gate 
3850Sstevel@tonic-gate 
3860Sstevel@tonic-gate         {"PrMaxLifetime",
3870Sstevel@tonic-gate 	 "The maximum length of time for which a ticket can be"
3880Sstevel@tonic-gate 	 +" granted for the principal (without renewal).\n"
3890Sstevel@tonic-gate 	 +" \n"
3900Sstevel@tonic-gate 	 +"To help create a time duration in seconds, click the adjacent"
3910Sstevel@tonic-gate 	 +" '...' button to bring up a helper."},
3920Sstevel@tonic-gate 
3930Sstevel@tonic-gate 
3940Sstevel@tonic-gate         {"PrMaxRenewal",
3950Sstevel@tonic-gate 	 "The maximum length of time for which an existing"
3960Sstevel@tonic-gate 	 +" ticket may be renewed for the principal.\n"
3970Sstevel@tonic-gate 	 +" \n"
3980Sstevel@tonic-gate 	 +"To help create a time duration in seconds, click the adjacent"
3990Sstevel@tonic-gate 	 +" '...' button to bring up a helper."},
4000Sstevel@tonic-gate 
4010Sstevel@tonic-gate 
4020Sstevel@tonic-gate         {"PrDetailPrevious",
4030Sstevel@tonic-gate 	 "Sends you back to the previous Principal Basics panel."},
4040Sstevel@tonic-gate 
4050Sstevel@tonic-gate 
4060Sstevel@tonic-gate         {"PrDetailNext",
4070Sstevel@tonic-gate 	 "Sends you to the next Principal Flags panel that contains"
4080Sstevel@tonic-gate 	 +" security, ticket control, and miscellaneous attributes for"
4090Sstevel@tonic-gate 	 +" the principal."},
4100Sstevel@tonic-gate 
4110Sstevel@tonic-gate 
4120Sstevel@tonic-gate 
4130Sstevel@tonic-gate         //
4140Sstevel@tonic-gate         // Principal Flags Panel
4150Sstevel@tonic-gate         //
4160Sstevel@tonic-gate 
4170Sstevel@tonic-gate 
4180Sstevel@tonic-gate 
4190Sstevel@tonic-gate         {"PrincipalFlagsPanel",
4200Sstevel@tonic-gate 	 // Not currently available in GUI
4210Sstevel@tonic-gate 	 "This panel enables you to specify the security, ticket control, and"
4220Sstevel@tonic-gate 	 +" miscellaneous attributes for the principal."},
4230Sstevel@tonic-gate 
4240Sstevel@tonic-gate 
4250Sstevel@tonic-gate         {"PrLockAcct",
4260Sstevel@tonic-gate 	 "When checked, prevents the principal from logging in."
4270Sstevel@tonic-gate 	 +" This is a easy way to temporarily freeze"
4280Sstevel@tonic-gate 	 +" a principal account for any reason."},
4290Sstevel@tonic-gate 
4300Sstevel@tonic-gate 
4310Sstevel@tonic-gate         {"PrForcePwChange",
4320Sstevel@tonic-gate 	 "When checked, expires the principal's current password, forcing the"
4330Sstevel@tonic-gate 	 +" user to use the kpasswd command to create a new password."
4340Sstevel@tonic-gate 	 +" This is useful if"
4350Sstevel@tonic-gate 	 +" there is a security breach and you need to make sure that old"
4360Sstevel@tonic-gate 	 +" passwords are replaced."},
4370Sstevel@tonic-gate 
4380Sstevel@tonic-gate 
4390Sstevel@tonic-gate         {"PrAllowPostdated",
4400Sstevel@tonic-gate 	 "When checked, allows the principal to obtain postdated tickets.\n"
4410Sstevel@tonic-gate 	 +" \n"
4420Sstevel@tonic-gate 	 +"For example, you may need to use postdated tickets for cron jobs"
4430Sstevel@tonic-gate 	 +" that need to run after hours and can't obtain tickets in"
4440Sstevel@tonic-gate 	 +" advance because of short ticket lifetimes."},
4450Sstevel@tonic-gate 
4460Sstevel@tonic-gate 
4470Sstevel@tonic-gate         {"PrAllowRenewable",
4480Sstevel@tonic-gate 	 "When checked, allows the principal to obtain renewable tickets.\n"
4490Sstevel@tonic-gate 	 +" \n"
4500Sstevel@tonic-gate 	 +"A principal can automatically extend the expiration date or time of"
4510Sstevel@tonic-gate 	 +" a ticket that is renewable (rather than having to get a new"
4520Sstevel@tonic-gate 	 +" ticket after the first one expires). Currently, the NFS service"
4530Sstevel@tonic-gate 	 +" is the only service that can renew tickets."},
4540Sstevel@tonic-gate 
4550Sstevel@tonic-gate 
4560Sstevel@tonic-gate         {"PrAllowSvr",
4570Sstevel@tonic-gate 	 "When checked, allows service tickets to be issued for"
4580Sstevel@tonic-gate 	 +" the principal.\n"
4590Sstevel@tonic-gate 	 +" \n"
4600Sstevel@tonic-gate 	 +"You should not allow service tickets to be issued for the"
4610Sstevel@tonic-gate 	 +" 'kadmin/admin' and 'changepw/admin' principals."
4620Sstevel@tonic-gate 	 +"  This will ensure that these"
4630Sstevel@tonic-gate 	 +" principals can only update the KDC database." },
4640Sstevel@tonic-gate 
4650Sstevel@tonic-gate 
4660Sstevel@tonic-gate         {"PrAllowForwardable",
4670Sstevel@tonic-gate 	 "When checked, allows the principal to obtain forwardable"
4680Sstevel@tonic-gate 	 +" tickets.\n"
4690Sstevel@tonic-gate 	 +" \n"
4700Sstevel@tonic-gate 	 +"Forwardable tickets are tickets that are forwarded to the"
4710Sstevel@tonic-gate 	 +" remote host to provide a single-sign-on session."
4720Sstevel@tonic-gate 	 +"For example, if you are using forwardable tickets and you"
4730Sstevel@tonic-gate 	 +" authenticate yourself through ftp or rsh, other services,"
4740Sstevel@tonic-gate 	 +" such as NFS, are available without you being prompted"
4750Sstevel@tonic-gate 	 +" for another password."},
4760Sstevel@tonic-gate 
4770Sstevel@tonic-gate 
4780Sstevel@tonic-gate         {"PrAllowProxiable",
4790Sstevel@tonic-gate 	 "When checked, allows the principal to obtain proxiable tickets.\n"
4800Sstevel@tonic-gate 	 +" \n"
4810Sstevel@tonic-gate 	 +"A proxiable ticket is a ticket that can be used by a service"
4820Sstevel@tonic-gate 	 +" on behalf  of a client to perform an operation for the client."
4830Sstevel@tonic-gate 	 +" With a proxiable ticket, a service can take on the identity"
4840Sstevel@tonic-gate 	 +" of a client and obtain a ticket for another service, but it"
4850Sstevel@tonic-gate 	 +" cannot obtain a ticket-granting ticket."},
4860Sstevel@tonic-gate 
4870Sstevel@tonic-gate 
4880Sstevel@tonic-gate         {"PrEnforcePolicy",
4890Sstevel@tonic-gate 	 "When checked, the policy selected for this principal"
4900Sstevel@tonic-gate 	 +" will be enforced."},
4910Sstevel@tonic-gate 
4920Sstevel@tonic-gate 
4930Sstevel@tonic-gate         {"PrAllowTGT",
4940Sstevel@tonic-gate 	 "When checked, allows the service principal to provide services"
4950Sstevel@tonic-gate 	 +" to another principal. More specifically, it allows the KDC to"
4960Sstevel@tonic-gate 	 +" issue a service ticket for the service principal.\n"
4970Sstevel@tonic-gate 	 +" \n"
4980Sstevel@tonic-gate 	 +"This attribute is valid only for service principals."
4990Sstevel@tonic-gate 	 +"When not checked, service tickets cannot be issued for"
5000Sstevel@tonic-gate 	 +" the service principal."},
5010Sstevel@tonic-gate 
5020Sstevel@tonic-gate 
5030Sstevel@tonic-gate         {"PrRequirePreAuth",
5040Sstevel@tonic-gate 	 "When checked, the KDC will not send a requested ticket-granting"
5050Sstevel@tonic-gate 	 +" ticket(TGT) to the principal until it can"
5060Sstevel@tonic-gate 	 +" authenticate (through software) that it is really the principal"
5070Sstevel@tonic-gate 	 +" requesting the TGT. This preauthentication is usually done"
5080Sstevel@tonic-gate 	 +" through an  extra password, for example, from a DES card.\n"
5090Sstevel@tonic-gate 	 +" \n"
5100Sstevel@tonic-gate 	 +"When not checked, the KDC will not need to preauthenticate"
5110Sstevel@tonic-gate 	 +" the principal before it sends a requested TGT to it."},
5120Sstevel@tonic-gate 
5130Sstevel@tonic-gate 
5140Sstevel@tonic-gate         {"PrAllowDupAuth",
5150Sstevel@tonic-gate 	 "When checked, allows the user principal to obtain service tickets for"
5160Sstevel@tonic-gate 	 +" other user principals.\n"
5170Sstevel@tonic-gate 	 +" \n"
5180Sstevel@tonic-gate 	 +"This attribute is valid only for user principals. When not checked,"
5190Sstevel@tonic-gate 	 +" the user principal can still obtain service tickets for"
5200Sstevel@tonic-gate 	 +" service principals, but not for other user principals."},
5210Sstevel@tonic-gate 
5220Sstevel@tonic-gate 
5230Sstevel@tonic-gate         {"PrRequireHwPreAuth",
5240Sstevel@tonic-gate 	 "When checked, the KDC will not send a requested ticket-granting"
5250Sstevel@tonic-gate 	 +" ticket(TGT) to the principal until"
5260Sstevel@tonic-gate 	 +" it can authenticate (through hardware) that it is really the"
5270Sstevel@tonic-gate 	 +" principal requesting the TGT. Hardware preauthentication could"
5280Sstevel@tonic-gate 	 +" be something like a Java ring reader.\n"
5290Sstevel@tonic-gate 	 +" \n"
5300Sstevel@tonic-gate 	 +"When not checked, the KDC will not need to preauthenticate"
5310Sstevel@tonic-gate 	 +" the principal before it sends a requested TGT to it."},
5320Sstevel@tonic-gate 
5330Sstevel@tonic-gate 
5340Sstevel@tonic-gate         {"PrFlagsPrevious",
5350Sstevel@tonic-gate 	 "Sends you back to the previous Principal Details panel."},
5360Sstevel@tonic-gate 
5370Sstevel@tonic-gate         //
5380Sstevel@tonic-gate         // Done Button
5390Sstevel@tonic-gate         //
5400Sstevel@tonic-gate 
5410Sstevel@tonic-gate         {"PrFlagsNext",
5420Sstevel@tonic-gate 	 "Saves any changes you've made to the current principal and"
5430Sstevel@tonic-gate 	 +" sends you back to list of principals."},
5440Sstevel@tonic-gate 
5450Sstevel@tonic-gate 
5460Sstevel@tonic-gate 
5470Sstevel@tonic-gate         //
5480Sstevel@tonic-gate         // Policies Panel
5490Sstevel@tonic-gate         //
5500Sstevel@tonic-gate 
5510Sstevel@tonic-gate 
5520Sstevel@tonic-gate 
5530Sstevel@tonic-gate         {"PoliciesPanel",
5540Sstevel@tonic-gate 	 // Not currently available in GUI
5550Sstevel@tonic-gate 	 "This panel enables you to select a policy from the list to"
5560Sstevel@tonic-gate 	 +" modify, delete, or duplicate. You can also create a new policy.\n"
5570Sstevel@tonic-gate 	 +" \n"
5580Sstevel@tonic-gate 	 +"A policy is a set of behaviors regarding"
5590Sstevel@tonic-gate 	 +" passwords and tickets that can be applied to a principal."
5600Sstevel@tonic-gate 	 +" For example, the principals for system administrators might"
5610Sstevel@tonic-gate 	 +" all have the same policy."
5620Sstevel@tonic-gate 	 +" \n"
5630Sstevel@tonic-gate 	 +"To display a specific policy or sublist of policy,"
5640Sstevel@tonic-gate 	 +" enter a filter string in the Filter Pattern field and press"
5650Sstevel@tonic-gate 	 +" return.\n"
5660Sstevel@tonic-gate 	 +" \n"
5670Sstevel@tonic-gate 	 +"To perform an operation on a policy, select it from the list and"
5680Sstevel@tonic-gate 	 +" click the appropriate button. To add a new policy, click New."},
5690Sstevel@tonic-gate 
5700Sstevel@tonic-gate 
5710Sstevel@tonic-gate         {"Pollist",
5720Sstevel@tonic-gate 	 "Displays the all the available policies in the specified realm.\n"
5730Sstevel@tonic-gate 	 +" \n"
5740Sstevel@tonic-gate 	 +"To select a policy, click on its name in the list; double-clicking"
5750Sstevel@tonic-gate 	 +" on a policy is equivalent to selecting the policy and clicking"
5760Sstevel@tonic-gate 	 +" Modify"},
5770Sstevel@tonic-gate 
5780Sstevel@tonic-gate         {"PolNoList",
5790Sstevel@tonic-gate 	 "This list panel is blank when you don't have list privileges"
5800Sstevel@tonic-gate 	 +" or you've chosen not to show lists."},
5810Sstevel@tonic-gate 
5820Sstevel@tonic-gate         {"PoListPattern",
5830Sstevel@tonic-gate 	 "Enables you to apply a filter on the available policies to display a"
5840Sstevel@tonic-gate 	 +" particular policy or sublist of policies. The filter string you"
5850Sstevel@tonic-gate 	 +" enter may consist of one or more characters, And, because"
5860Sstevel@tonic-gate 	 +" the filter mechanism is case-sensitive, you need to use the"
5870Sstevel@tonic-gate 	 +" appropriate upper-case and lower-case letters for the filter.\n"
5880Sstevel@tonic-gate 	 +" \n"
5890Sstevel@tonic-gate 	 +"For example, entering 'adm' for the filter would match and display,"
5900Sstevel@tonic-gate 	 +" policies such as 'admpol', 'adm1', and 'poladmin'.\n"
5910Sstevel@tonic-gate 	 +" \n"
5920Sstevel@tonic-gate 	 +"To display a particular policy or sublist of"
5930Sstevel@tonic-gate 	 +" policies, enter a filter string and press"
5940Sstevel@tonic-gate 	 +" return.\n"
5950Sstevel@tonic-gate 	 +" \n"
5960Sstevel@tonic-gate 	 +"To display the entire list of policies, click Clear"
5970Sstevel@tonic-gate 	 +" Filter (or clear the Filter Pattern field and press return)."},
5980Sstevel@tonic-gate 
5990Sstevel@tonic-gate 
6000Sstevel@tonic-gate         {"PoNameNoList",
6010Sstevel@tonic-gate 	 "When the policy list is not displayed,"
6020Sstevel@tonic-gate 	 +" you must enter policy names in this field to perform"
6030Sstevel@tonic-gate 	 +" operations on them. Entering a name is equivalent to selecting"
6040Sstevel@tonic-gate 	 +" an item from the list in normal operation.\n"
6050Sstevel@tonic-gate 	 +" \n"
6060Sstevel@tonic-gate 	 +"To clear the policy entry, click Clear Name (or clear the"
6070Sstevel@tonic-gate 	 +" Name field and press return)."},
6080Sstevel@tonic-gate 
6090Sstevel@tonic-gate 
6100Sstevel@tonic-gate         {"PoListClear",
6110Sstevel@tonic-gate 	 "Clears the filter and displays the full list of available policies."},
6120Sstevel@tonic-gate 
6130Sstevel@tonic-gate 
6140Sstevel@tonic-gate         {"PoNoListClear",
6150Sstevel@tonic-gate 	 "Clears the Name field."},
6160Sstevel@tonic-gate 
6170Sstevel@tonic-gate 
6180Sstevel@tonic-gate         {"PoListModify",
6190Sstevel@tonic-gate 	 "Opens the Policy Details panel that enables you to modify the"
6200Sstevel@tonic-gate 	 +" selected policy attributes, such as the policy's minimum password"
6210Sstevel@tonic-gate 	 +" length and the minimum ticket lifetime."},
6220Sstevel@tonic-gate 
6230Sstevel@tonic-gate 
6240Sstevel@tonic-gate 
6250Sstevel@tonic-gate         {"PoListAdd",
6260Sstevel@tonic-gate 	 "Opens the Policy Details panel that enables you to create a new"
6270Sstevel@tonic-gate 	 +" policy.  The panel will have some of the fields already filled"
6280Sstevel@tonic-gate 	 +" in with default values.\n"
6290Sstevel@tonic-gate 	 +" \n"
6300Sstevel@tonic-gate 	 +"The Duplicate button performs the same function; however,"
6310Sstevel@tonic-gate 	 +" instead of the fields filled in with default values, the"
6320Sstevel@tonic-gate 	 +" fields are filled in with the same values as the selected policy."},
6330Sstevel@tonic-gate 
6340Sstevel@tonic-gate 
6350Sstevel@tonic-gate         {"PoListDelete",
6360Sstevel@tonic-gate 	 "Deletes the selected policy from the Kerberos realm."},
6370Sstevel@tonic-gate 
6380Sstevel@tonic-gate 
6390Sstevel@tonic-gate 
6400Sstevel@tonic-gate         {"PoListDuplicate",
6410Sstevel@tonic-gate 	 "Opens the Policy Details panel that enables you to duplicate"
6420Sstevel@tonic-gate 	 +" the selected policy. The panels will have the fields already"
6430Sstevel@tonic-gate 	 +" filled in with the same values as the selected policy,"
6440Sstevel@tonic-gate 	 +" except for the policy's name."
6450Sstevel@tonic-gate 	 +"You can use this button to quickly create a new policy using"
6460Sstevel@tonic-gate 	 +" another policy as a template.\n"
6470Sstevel@tonic-gate 	 +" \n"
6480Sstevel@tonic-gate 	 +"The Create New button performs the same function; however,"
6490Sstevel@tonic-gate 	 +" the fields are filled in with default values."},
6500Sstevel@tonic-gate 
6510Sstevel@tonic-gate 
6520Sstevel@tonic-gate 
6530Sstevel@tonic-gate         //
6540Sstevel@tonic-gate         // Policy.Detail
6550Sstevel@tonic-gate         //
6560Sstevel@tonic-gate 
6570Sstevel@tonic-gate 
6580Sstevel@tonic-gate         {"PoName",
6590Sstevel@tonic-gate 	 "The name of the policy. A policy is set of rules governing a"
6600Sstevel@tonic-gate 	 +" principal's password and tickets.\n"
6610Sstevel@tonic-gate 	 +" \n"
6620Sstevel@tonic-gate 	 +"If you are modifying a policy, you cannot edit a policy's name."},
6630Sstevel@tonic-gate 
6640Sstevel@tonic-gate 
6650Sstevel@tonic-gate 
6660Sstevel@tonic-gate         {"PoMinPwLength",
6670Sstevel@tonic-gate 	 "The minimum length for the principal's password."},
6680Sstevel@tonic-gate 
6690Sstevel@tonic-gate 
6700Sstevel@tonic-gate         {"PoMinPwClass",
6710Sstevel@tonic-gate 	 "The minimum number of different character types required in the"
6720Sstevel@tonic-gate 	 +"  principal's    password."
6730Sstevel@tonic-gate 	 +"For example, a minimum classes value of 2 means that the"
6740Sstevel@tonic-gate 	 +" password must have at least two different character types,"
6750Sstevel@tonic-gate 	 +" such as letters and numbers(hi2mom). A value of 3 means that"
6760Sstevel@tonic-gate 	 +" the password must have at least three different character"
6770Sstevel@tonic-gate 	 +" types, such as letters, numbers, and punctuation (hi2mom!)."
6780Sstevel@tonic-gate 	 +"And so on. \n"
6790Sstevel@tonic-gate 	 +" \n"
6800Sstevel@tonic-gate 	 +"A value of 1 basically sets no restriction on the number of password"
6810Sstevel@tonic-gate 	 +" character types."},
6820Sstevel@tonic-gate 
6830Sstevel@tonic-gate 
6840Sstevel@tonic-gate         {"PoSavedPasswords",
6850Sstevel@tonic-gate 	 "The number of previous passwords that have been used by the principal"
6860Sstevel@tonic-gate 	 +" and cannot be reused."},
6870Sstevel@tonic-gate 
6880Sstevel@tonic-gate 
6890Sstevel@tonic-gate         {"PoMinTicketLifetime",
6900Sstevel@tonic-gate 	 "The minimum time that the password must be used before it can be"
6910Sstevel@tonic-gate 	 +" changed.\n"
6920Sstevel@tonic-gate 	 +" \n"
6930Sstevel@tonic-gate 	 +"To help create a time duration in seconds, click the adjacent"
6940Sstevel@tonic-gate 	 +" '...' button to bring up a helper."},
6950Sstevel@tonic-gate 
6960Sstevel@tonic-gate 
6970Sstevel@tonic-gate         {"PoMaxTicketLifetime",
6980Sstevel@tonic-gate 	 "The maximum time that the password can be used before it must be"
6990Sstevel@tonic-gate 	 +" changed.\n"
7000Sstevel@tonic-gate 	 +" \n"
7010Sstevel@tonic-gate 	 +"To help create a time duration in seconds, click the adjacent"
7020Sstevel@tonic-gate 	 +" '...' button to bring up a helper."},
7030Sstevel@tonic-gate 
7040Sstevel@tonic-gate 
7050Sstevel@tonic-gate         {"PolDetPrincipalsUsingThisPolicy",
7060Sstevel@tonic-gate 	 "The number of principals to which this policy currently applies."},
7070Sstevel@tonic-gate 
7080Sstevel@tonic-gate 
7090Sstevel@tonic-gate         {"PoSave",
7100Sstevel@tonic-gate 	 "Saves any changes you've made to the current policy."},
7110Sstevel@tonic-gate 
7120Sstevel@tonic-gate 
7130Sstevel@tonic-gate         {"PoCancel",
7140Sstevel@tonic-gate 	 "Discards all the changes you've made to the current policy and sends"
7150Sstevel@tonic-gate 	 +" you back to the list of policies."},
7160Sstevel@tonic-gate 
7170Sstevel@tonic-gate 
7180Sstevel@tonic-gate         {"PoDetailPrevious",
7190Sstevel@tonic-gate 	 "Sends you back to the list of policies.\n"
7200Sstevel@tonic-gate 	 +" \n"
7210Sstevel@tonic-gate 	 +"Note that you must save or cancel any changes you've made to the"
7220Sstevel@tonic-gate 	 +" current policy before you can go back to the list."},
7230Sstevel@tonic-gate 
7240Sstevel@tonic-gate 
7250Sstevel@tonic-gate         {"PoDetailDone",
7260Sstevel@tonic-gate 	 "Saves any changes you've made to the current policy and sends"
7270Sstevel@tonic-gate 	 +" you back to list of policies."},
7280Sstevel@tonic-gate 
7290Sstevel@tonic-gate 
7300Sstevel@tonic-gate 
7310Sstevel@tonic-gate         //
7320Sstevel@tonic-gate         // Defaults Panel
7330Sstevel@tonic-gate         //
7340Sstevel@tonic-gate 
7350Sstevel@tonic-gate 
7360Sstevel@tonic-gate         {"DefaultsPanel",
7370Sstevel@tonic-gate 	 // Not currently available in GUI
7380Sstevel@tonic-gate 	 "This window enables you to change the default settings for adding new"
7390Sstevel@tonic-gate 	 +" principals."},
7400Sstevel@tonic-gate 
7410Sstevel@tonic-gate 
7420Sstevel@tonic-gate         {"GlobalLockAcct",
7430Sstevel@tonic-gate 	 "When checked, prevents the new principal from logging in."
7440Sstevel@tonic-gate 	 +"This is a easy way to temporarily freeze"
7450Sstevel@tonic-gate 	 +" new principal accounts for any reason. For example, you may want"
7460Sstevel@tonic-gate 	 +" to add a number of new principals in the beginning of the week,"
7470Sstevel@tonic-gate 	 +" but you might not want to activate them until the end of the"
7480Sstevel@tonic-gate 	 +" week."},
7490Sstevel@tonic-gate 
7500Sstevel@tonic-gate 
7510Sstevel@tonic-gate         {"GlobalAllowPostdated",
7520Sstevel@tonic-gate 	 "When checked, allows the new principal to obtain postdated tickets.\n"
7530Sstevel@tonic-gate 	 +" \n"
7540Sstevel@tonic-gate 	 +"For example, you may need to use postdated tickets for cron jobs"
7550Sstevel@tonic-gate 	 +" that need to run after hours and can't obtain tickets in advance"
7560Sstevel@tonic-gate 	 +" because of short ticket lifetimes."},
7570Sstevel@tonic-gate 
7580Sstevel@tonic-gate 
7590Sstevel@tonic-gate         {"GlobalAllowRenewable",
7600Sstevel@tonic-gate 	 "When checked, allows the new principal to obtain renewable tickets.\n"
7610Sstevel@tonic-gate 	 +" \n"
7620Sstevel@tonic-gate 	 +"A principal can automatically extend the expiration date or time of"
7630Sstevel@tonic-gate 	 +" a ticket that is renewable (rather than having to get a new ticket"
7640Sstevel@tonic-gate 	 +" after the first one expires). Currently, the NFS service is the"
7650Sstevel@tonic-gate 	 +" only service that can obtain renewable tickets."},
7660Sstevel@tonic-gate 
7670Sstevel@tonic-gate 
7680Sstevel@tonic-gate         {"GlobalEnforcePolicy",
7690Sstevel@tonic-gate 	 "When checked, the policy selected for the new principal"
7700Sstevel@tonic-gate 	 +" will be enforced."},
7710Sstevel@tonic-gate 
7720Sstevel@tonic-gate         {"GlobalAllowTGT",
7730Sstevel@tonic-gate 	 "When checked, allows the new service principal to provide services to"
7740Sstevel@tonic-gate 	 +" another principal. More specifically, it allows the KDC to issue a"
7750Sstevel@tonic-gate 	 +" service ticket for the new service principal.\n"
7760Sstevel@tonic-gate 	 +" \n"
7770Sstevel@tonic-gate 	 +"This attribute is valid only for service principals."
7780Sstevel@tonic-gate 	 +"When not checked,"
7790Sstevel@tonic-gate 	 +" service tickets cannot be issued for the new service principal."},
7800Sstevel@tonic-gate 
7810Sstevel@tonic-gate 
7820Sstevel@tonic-gate         {"GlobalForcePwChange",
7830Sstevel@tonic-gate 	 "When checked, expires the principal's current password, forcing the"
7840Sstevel@tonic-gate 	 +" user to use the kpasswd command to create a new password. This is"
7850Sstevel@tonic-gate 	 +" is useful if you want to force users with new principals to set"
7860Sstevel@tonic-gate 	 +" up their own passwords."},
7870Sstevel@tonic-gate 
7880Sstevel@tonic-gate 
7890Sstevel@tonic-gate         {"GlobalAllowForwardable",
7900Sstevel@tonic-gate 	 "When checked, allows the new principal to obtain forwardable"
7910Sstevel@tonic-gate 	 +" tickets.\n"
7920Sstevel@tonic-gate 	 +" \n"
7930Sstevel@tonic-gate 	 +"Forwardable tickets are tickets that are forwarded to the remote"
7940Sstevel@tonic-gate 	 +" host to provide a single-sign-on session. For example, if you"
7950Sstevel@tonic-gate 	 +" are using forwardable tickets and you authenticate yourself"
7960Sstevel@tonic-gate 	 +" through ftp or rsh, other services, such as NFS, are available"
7970Sstevel@tonic-gate 	 +" without you being prompted for another password."},
7980Sstevel@tonic-gate 
7990Sstevel@tonic-gate 
8000Sstevel@tonic-gate         {"GlobalAllowSvr",
8010Sstevel@tonic-gate 	 "When checked, allows service tickets to be issued for"
8020Sstevel@tonic-gate 	 +" the new principal.\n"
8030Sstevel@tonic-gate 	 +" \n"
8040Sstevel@tonic-gate 	 +"You should not allow service tickets to be issued for the"
8050Sstevel@tonic-gate 	 +" 'kadmin/admin' and the 'changepw/admin' principals."
8060Sstevel@tonic-gate 	 +" This will ensure that these"
8070Sstevel@tonic-gate 	 +" principals can only update the KDC database." },
8080Sstevel@tonic-gate 
8090Sstevel@tonic-gate 
8100Sstevel@tonic-gate         {"GlobalAllowProxiable",
8110Sstevel@tonic-gate 	 "When checked, allows the new principal to obtain proxiable tickets.\n"
8120Sstevel@tonic-gate 	 +" \n"
8130Sstevel@tonic-gate 	 +"A proxiable ticket is a ticket that can be used by a service on"
8140Sstevel@tonic-gate 	 +" behalf of a client to perform an operation for the client."
8150Sstevel@tonic-gate 	 +"With a proxiable ticket, a service can take on the identity of"
8160Sstevel@tonic-gate 	 +" a client and obtain a ticket for another service, but it cannot"
8170Sstevel@tonic-gate 	 +" obtain a ticket-granting ticket."},
8180Sstevel@tonic-gate 
8190Sstevel@tonic-gate 
8200Sstevel@tonic-gate 
8210Sstevel@tonic-gate         {"GlobalAllowDupAuth",
8220Sstevel@tonic-gate 	 "When checked, allows the new user principal to obtain service"
8230Sstevel@tonic-gate 	 +" tickets for other user principals.\n"
8240Sstevel@tonic-gate 	 +" \n"
8250Sstevel@tonic-gate 	 +"This attribute is valid only for user principals. When not checked,"
8260Sstevel@tonic-gate 	 +" the new user principal can still obtain service tickets for"
8270Sstevel@tonic-gate 	 +" service principals, but not for other user principals."},
8280Sstevel@tonic-gate 
8290Sstevel@tonic-gate 
8300Sstevel@tonic-gate         {"GlobalRequirePreAuth",
8310Sstevel@tonic-gate 	 "When checked, the KDC will not send a requested ticket-granting"
8320Sstevel@tonic-gate 	 +" ticket(TGT)"
8330Sstevel@tonic-gate 	 +" for the new principal until"
8340Sstevel@tonic-gate 	 +" it can authenticate (through software) that it is really the"
8350Sstevel@tonic-gate 	 +" principal requesting the TGT. This preauthentication is usually"
8360Sstevel@tonic-gate 	 +" done through an extra password, for example, from a DES card.\n"
8370Sstevel@tonic-gate 	 +" \n"
8380Sstevel@tonic-gate 	 +"When not checked, the KDC will not need preauthenticate the new"
8390Sstevel@tonic-gate 	 +" principal before it sends a requested TGT for it."},
8400Sstevel@tonic-gate 
8410Sstevel@tonic-gate 
8420Sstevel@tonic-gate         {"GlobalRequireHwPreAuth",
8430Sstevel@tonic-gate 	 "When checked, the KDC will not send a requested ticket-granting"
8440Sstevel@tonic-gate 	 +" ticket(TGT) for the new principal until it can authenticate"
8450Sstevel@tonic-gate 	 +" (through hardware) that it is really the principal"
8460Sstevel@tonic-gate 	 +" requesting the TGT. Hardware preauthentication could be something"
8470Sstevel@tonic-gate 	 +" like a Java ring reader.\n"
8480Sstevel@tonic-gate 	 +" \n"
8490Sstevel@tonic-gate 	 +"When not checked, the KDC will not need to preauthenticate the new"
8500Sstevel@tonic-gate 	 +" principal with hardware before it sends a requested TGT for it."},
8510Sstevel@tonic-gate 
8520Sstevel@tonic-gate         {"GlDefServerSide",
8530Sstevel@tonic-gate 	 "When checked, the ticket lifetime values in the new principal are set"
8540Sstevel@tonic-gate 	 +" such that "
8550Sstevel@tonic-gate 	 +"the maximum value is used. When issuing a ticket the KDC uses the"
8560Sstevel@tonic-gate 	 +" minimum of the value defined in the principal entry, in "
8570Sstevel@tonic-gate 	 +" /etc/krb5/kdc.conf, or whatever the client requests with kinit."},
8580Sstevel@tonic-gate 
8590Sstevel@tonic-gate         {"GlDefLife",
8600Sstevel@tonic-gate 	 "The maximum length of time for which a ticket can be"
8610Sstevel@tonic-gate 	 +" granted for the new principal (without renewal).\n"
8620Sstevel@tonic-gate 	 +" \n"
8630Sstevel@tonic-gate 	 +"To help create a time duration in seconds, click the adjacent"
8640Sstevel@tonic-gate 	 +" '...' button to bring up a helper."},
8650Sstevel@tonic-gate 
8660Sstevel@tonic-gate         {"GlDefRenewableLife",
8670Sstevel@tonic-gate 	 "The maximum length of time for which an existing"
8680Sstevel@tonic-gate 	 +" ticket may be renewed for the new principal.\n"
8690Sstevel@tonic-gate 	 +" \n"
8700Sstevel@tonic-gate 	 +"To help create a time duration in seconds, click the adjacent"
8710Sstevel@tonic-gate 	 +" '...' button to bring up a helper."},
8720Sstevel@tonic-gate 
8730Sstevel@tonic-gate 
8740Sstevel@tonic-gate         {"GlDefExpiry",
8750Sstevel@tonic-gate 	 "The date and time on which the new principal's account expires."
8760Sstevel@tonic-gate 	 +"When the account expires, the principal can no longer"
8770Sstevel@tonic-gate 	 +" get a ticket-granting ticket (TGT) and may not be able to log in.\n"
8780Sstevel@tonic-gate 	 +" \n"
8790Sstevel@tonic-gate 	 +"To set up the new account with no expiration date, enter the word"
8800Sstevel@tonic-gate 	 +"  'never' in the field.\n"
8810Sstevel@tonic-gate 	 +" \n"
8820Sstevel@tonic-gate 	 +"To help create a formatted date and time entry, click the adjacent"
8830Sstevel@tonic-gate 	 +" '...' button to bring up a helper."},
8840Sstevel@tonic-gate 
8850Sstevel@tonic-gate 
8860Sstevel@tonic-gate 
8870Sstevel@tonic-gate         {"GlDefShowLists",
8880Sstevel@tonic-gate 	 "When checked, the principal and policy lists will be loaded and"
8890Sstevel@tonic-gate 	 +" displayed in the list panels. Large lists may produce significant"
8900Sstevel@tonic-gate 	 +" loading times, so it may be more convenient to work without lists"
8910Sstevel@tonic-gate 	 +" when they are very large, or you should cache them."
8920Sstevel@tonic-gate 	 +"The default is on."},
8930Sstevel@tonic-gate 
8940Sstevel@tonic-gate 
8950Sstevel@tonic-gate         {"GlDefStaticLists",
8960Sstevel@tonic-gate 	 "When checked, the principal and policy lists will be cached"
8970Sstevel@tonic-gate 	 +" when they are initially loaded, and the lists will not be refreshed"
8980Sstevel@tonic-gate 	 +" from the server unless you use the Refresh menu. Because large"
8990Sstevel@tonic-gate 	 +" lists may produce significant loading times, you should cache"
9000Sstevel@tonic-gate 	 +" large lists and refresh them when necessary. The default"
9010Sstevel@tonic-gate 	 +" is off."},
9020Sstevel@tonic-gate 
9030Sstevel@tonic-gate 
9040Sstevel@tonic-gate         {"GlDefCacheTime",
9050Sstevel@tonic-gate 	 "The period of time that the principal and policy lists will be"
9060Sstevel@tonic-gate 	 +" cached before being considered stale and refreshed from the"
9070Sstevel@tonic-gate 	 +" server.  The default is 300 seconds (6 minutes)."},
9080Sstevel@tonic-gate 
9090Sstevel@tonic-gate 
9100Sstevel@tonic-gate         {"GlobalSave",
9110Sstevel@tonic-gate 	 "Makes a permanent change to the default values by writing them"
9120Sstevel@tonic-gate 	 +" to ~/.gkadmin, updates the tool, and closes the window."},
9130Sstevel@tonic-gate 
9140Sstevel@tonic-gate 
9150Sstevel@tonic-gate         {"GlobalApply",
9160Sstevel@tonic-gate 	 "Makes a temporary change to the default values in the tool and"
9170Sstevel@tonic-gate 	 +" closes the window. This does not update ~/.gkadmin."},
9180Sstevel@tonic-gate 
9190Sstevel@tonic-gate 
9200Sstevel@tonic-gate         {"GlobalCancel",
9210Sstevel@tonic-gate 	 "Discards all the changes you've made to the current defaults and"
9220Sstevel@tonic-gate 	 +" closes the window."},
9230Sstevel@tonic-gate 
9240Sstevel@tonic-gate         //
9250Sstevel@tonic-gate         // Generic Helper Button Descriptions
9260Sstevel@tonic-gate         //
9270Sstevel@tonic-gate 
9280Sstevel@tonic-gate         {"DateHelperButton",
9290Sstevel@tonic-gate 	 "Opens the Date and Time Helper window to help you create"
9300Sstevel@tonic-gate 	 +" a formatted date and time entry for the associated field."},
9310Sstevel@tonic-gate 
9320Sstevel@tonic-gate         {"DurationHelperButton",
9330Sstevel@tonic-gate 	 "Opens the Time Duration Helper window to help you create a time"
9340Sstevel@tonic-gate 	 +" duration in seconds for the associated field."},
935*96Ssemery 
936*96Ssemery         {"EncListHelperButton",
937*96Ssemery 	 "Opens the Encryption Types Helper window to help you create"
938*96Ssemery 	 +" the principal's keys from the default set."},
939*96Ssemery 
940*96Ssemery 	//
941*96Ssemery 	// EncryptionTypeDialogHelp
942*96Ssemery 	//
943*96Ssemery 
944*96Ssemery 	{"EncryptionTypeDialogHelp",
945*96Ssemery 	 "You can select/deselect encryption types for this principal as"
946*96Ssemery 	 +" needed.  Certain encryption types are similar therefore when"
947*96Ssemery 	 +" one of these encryption types is selected the other type(s)"
948*96Ssemery 	 +" will be deselected.  If no encryption types are selected the"
949*96Ssemery 	 +" default set of types will be used, see krb5.conf(4) for these.\n"
950*96Ssemery 	 +" \n"
951*96Ssemery 	 +"Click OK to copy the encryption list that you've selected to the"
952*96Ssemery 	 +" corresponding field.\n"
953*96Ssemery 	 +" \n"
954*96Ssemery 	 +"Click Clear to unselect all encryption types listed."},
9550Sstevel@tonic-gate 
9560Sstevel@tonic-gate         //
9570Sstevel@tonic-gate         // DateTimeDialog
9580Sstevel@tonic-gate         //
9590Sstevel@tonic-gate 
9600Sstevel@tonic-gate         {"DateTimeDialogHelp",
9610Sstevel@tonic-gate 	 "To change the month, choose from the Month menu.\n "
9620Sstevel@tonic-gate 	 +" \n"
9630Sstevel@tonic-gate 	 +"To change the other date and time fields, click in the field and"
9640Sstevel@tonic-gate 	 +" enter a value, or use the +/- buttons to increment/decrement their"
9650Sstevel@tonic-gate 	 +" value. (Hint: Keeping the buttons pressed makes the value change"
9660Sstevel@tonic-gate 	 +" at a faster rate.)\n"
9670Sstevel@tonic-gate 	 +" \n"
9680Sstevel@tonic-gate 	 +"Click Midnight to change the time to midnight, and click Now to"
9690Sstevel@tonic-gate 	 +" change the time to the current time based on the system's clock.\n"
9700Sstevel@tonic-gate 	 +" \n"
9710Sstevel@tonic-gate 	 +"Click OK to copy the date and time settings you've changed to"
9720Sstevel@tonic-gate 	 +" the corresponding field."},
9730Sstevel@tonic-gate 
9740Sstevel@tonic-gate 
9750Sstevel@tonic-gate         //
9760Sstevel@tonic-gate         // DurationHelper
9770Sstevel@tonic-gate         //
9780Sstevel@tonic-gate 
9790Sstevel@tonic-gate         {"DurationHelperHelp",
9800Sstevel@tonic-gate 	 "To help create a time duration in seconds, choose a unit of time"
9810Sstevel@tonic-gate 	 +" from the Unit menu, enter a number of units under the"
9820Sstevel@tonic-gate 	 +" Value field, and press return (or click '='). The number of"
9830Sstevel@tonic-gate 	 +" seconds based on your input will be displayed.\n"
9840Sstevel@tonic-gate 	 +" \n"
9850Sstevel@tonic-gate 	 +"Click OK to copy the number of seconds you've specified into the"
9860Sstevel@tonic-gate 	 +" corresponding field."},
9870Sstevel@tonic-gate 
9880Sstevel@tonic-gate         //
9890Sstevel@tonic-gate         // PrintUtil
9900Sstevel@tonic-gate         //
9910Sstevel@tonic-gate 
9920Sstevel@tonic-gate         {"PrintUtilHelp",
9930Sstevel@tonic-gate 	 "You can either print to a printer or a file.\n"
9940Sstevel@tonic-gate 	 +" \n"
9950Sstevel@tonic-gate 	 +"To print directly to a printer, click the Print Command"
9960Sstevel@tonic-gate 	 +" radio button, enter a print command (if you don't want the default"
9970Sstevel@tonic-gate 	 +" print command), and click Print.\n"
9980Sstevel@tonic-gate 	 +" \n"
9990Sstevel@tonic-gate 	 +"To print to a file, click the File Name radio button, enter a file"
10000Sstevel@tonic-gate 	 +" name, and click Print. The file name can be an absolute path."
10010Sstevel@tonic-gate 	 +" If no path is given, the file will be saved in the directory"
10020Sstevel@tonic-gate 	 +" where gkadmin was started. Click '...' next to the File Name field"
10030Sstevel@tonic-gate 	 +" to open the File Helper window to help you specify a"
10040Sstevel@tonic-gate 	 +" a location and name for the file."},
10050Sstevel@tonic-gate 
10060Sstevel@tonic-gate         //
10070Sstevel@tonic-gate         // Menubar context sensitive help
10080Sstevel@tonic-gate         //
10090Sstevel@tonic-gate 
10100Sstevel@tonic-gate         {"ContextSensitiveHelp",
10110Sstevel@tonic-gate 	 "Opens the Context-Sensitive Help window and switches the tool into"
10120Sstevel@tonic-gate 	 +" help mode.  In help mode, you can get help on any part of the"
10130Sstevel@tonic-gate 	 +" current window just by clicking on it. To dismiss the Help window"
10140Sstevel@tonic-gate 	 +" and switch back to the normal mode, click Dismiss on the Help"
10150Sstevel@tonic-gate 	 +" window."},
10160Sstevel@tonic-gate 
10170Sstevel@tonic-gate         {"PrintCurrentPrincipal",
10180Sstevel@tonic-gate 	 "Prints the attributes of the currently selected principal in the"
10190Sstevel@tonic-gate 	 +" list or the currently loaded principal."},
10200Sstevel@tonic-gate 
10210Sstevel@tonic-gate         {"PrintCurrentPolicy",
10220Sstevel@tonic-gate 	 "Prints the attributes of the currently selected policy in the"
10230Sstevel@tonic-gate 	 +" list or the currently loaded policy."},
10240Sstevel@tonic-gate 
10250Sstevel@tonic-gate         {"PrintPrincipalList",
10260Sstevel@tonic-gate 	 "Prints the list of all the available principals on the master KDC."},
10270Sstevel@tonic-gate 
10280Sstevel@tonic-gate         {"PrintPolicyList",
10290Sstevel@tonic-gate 	 "Prints the list of all the available policies on the master KDC."},
10300Sstevel@tonic-gate 
10310Sstevel@tonic-gate         {"Logout",
10320Sstevel@tonic-gate 	 "Quits the current session and sends you back to the Login window, so"
10330Sstevel@tonic-gate 	 +" you can change the login fields and log in again."},
10340Sstevel@tonic-gate 
10350Sstevel@tonic-gate         {"EditPreferences",
10360Sstevel@tonic-gate 	 "Opens the Properties window, which enables you to"
10370Sstevel@tonic-gate 	 +" specify the default settings for creating new principals"
10380Sstevel@tonic-gate 	 +" and how the tool should manage the principal"
10390Sstevel@tonic-gate 	 +" and policy lists."},
10400Sstevel@tonic-gate 
10410Sstevel@tonic-gate         {"RefreshPrincipals",
10420Sstevel@tonic-gate 	 "Forces the principal list to be updated from the server."},
10430Sstevel@tonic-gate 
10440Sstevel@tonic-gate         {"RefreshPolicies",
10450Sstevel@tonic-gate 	 "Forces the policy list to be updated from the server."},
10460Sstevel@tonic-gate 
10470Sstevel@tonic-gate         {"Exit",
10480Sstevel@tonic-gate 	 "Quits the SEAM Administration Tool."},
10490Sstevel@tonic-gate 
10500Sstevel@tonic-gate         {"HelpBrowser",
10510Sstevel@tonic-gate 	 "Opens an HTML browser that provides pointers to overview and task"
10520Sstevel@tonic-gate 	 +" information"
10530Sstevel@tonic-gate 	 +" for the SEAM Administration Tool. This provides the same"
10540Sstevel@tonic-gate 	 +" information as the 'Sun Enterprise Authentication Management"
10550Sstevel@tonic-gate 	 +" Guide'."},
10560Sstevel@tonic-gate 
10570Sstevel@tonic-gate         {"About",
10580Sstevel@tonic-gate 	 "Displays the current version of the SEAM Administration Tool."},
10590Sstevel@tonic-gate 
10600Sstevel@tonic-gate         {"DateTime...",
10610Sstevel@tonic-gate 	 "Opens the SEAM Date and Time Helper window, which enables you to"
10620Sstevel@tonic-gate 	 +" set the date and time. After you set the date and time and click"
10630Sstevel@tonic-gate 	 +" OK, the settings are automatically formatted and copied into the"
10640Sstevel@tonic-gate 	 +" corresponding field."},
10650Sstevel@tonic-gate 
10660Sstevel@tonic-gate         {"Duration...",
10670Sstevel@tonic-gate 	 "Opens the SEAM Duration Helper window, which enables you to specify a"
10680Sstevel@tonic-gate 	 +" time duration and have it converted into seconds."
10690Sstevel@tonic-gate 	 +" After you specify the time"
10700Sstevel@tonic-gate 	 +" and click OK, the time duration is copied into the corresponding"
10710Sstevel@tonic-gate 	 +" field."},
1072*96Ssemery 
1073*96Ssemery 	{"EncList...",
1074*96Ssemery 	 "Opens the SEAM Encryption Type List Helper window, which enables you"
1075*96Ssemery 	 +" to specify custom encryption types for the principal. "
1076*96Ssemery 	 +" After you select the encryption types and click OK, the encryption"
1077*96Ssemery 	 +" type list is copied into the corresponding field."},
1078*96Ssemery 
10790Sstevel@tonic-gate         {"Print...",
10800Sstevel@tonic-gate 	 "Opens the SEAM Print Dialog window, which enables you to specify a"
10810Sstevel@tonic-gate 	 +" printer"
10820Sstevel@tonic-gate 	 +" to print the information or a file name in which to save the"
10830Sstevel@tonic-gate 	 +" information."},
10840Sstevel@tonic-gate 
10850Sstevel@tonic-gate         {"Bad Duration",
10860Sstevel@tonic-gate 	 "Please enter the duration (in seconds) correctly."},
10870Sstevel@tonic-gate 
10880Sstevel@tonic-gate         {"Bad Date",
10890Sstevel@tonic-gate 	 "Please enter the date correctly."},
10900Sstevel@tonic-gate 
10910Sstevel@tonic-gate         {"Bad Number",
10920Sstevel@tonic-gate 	 "Please enter the number correctly."}
10930Sstevel@tonic-gate 
10940Sstevel@tonic-gate     }; // end contents object
10950Sstevel@tonic-gate 
10960Sstevel@tonic-gate }
1097