From owner-svn-doc-head@FreeBSD.ORG Fri Apr 18 19:49:22 2014 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 464324D8; Fri, 18 Apr 2014 19:49:22 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 271FD17AA; Fri, 18 Apr 2014 19:49:22 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s3IJnMTp017643; Fri, 18 Apr 2014 19:49:22 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s3IJnMAX017642; Fri, 18 Apr 2014 19:49:22 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201404181949.s3IJnMAX017642@svn.freebsd.org> From: Dru Lavigne Date: Fri, 18 Apr 2014 19:49:21 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44607 - head/en_US.ISO8859-1/books/handbook/security X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2014 19:49:22 -0000 Author: dru Date: Fri Apr 18 19:49:21 2014 New Revision: 44607 URL: http://svnweb.freebsd.org/changeset/doc/44607 Log: White space fix only. Translators can ignore. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Apr 18 19:42:57 2014 (r44606) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Apr 18 19:49:21 2014 (r44607) @@ -972,9 +972,9 @@ ALL : ALL \ : twist /bin/echo "You are not welcome to use %d from %h." In this example, the message You are not allowed to - use daemon name from - hostname. will be returned - for any daemon not configured in + use daemon name from + hostname. will be + returned for any daemon not configured in hosts.allow. This is useful for sending a reply back to the connection initiator right after the established connection is dropped. Any message returned @@ -1103,7 +1103,7 @@ sendmail : PARANOID : deny The DNS domain (zone) will be - example.org. @@ -1822,14 +1822,15 @@ kadmind5_server_enable="YES" To generate a certificate that will be signed by an - external CA, issue the following command and - input the information requested at the prompts. This input - information will be written to the certificate. At the + external CA, issue the following command + and input the information requested at the prompts. This + input information will be written to the certificate. At the Common Name prompt, input the fully qualified name for the system that will use the certificate. - If this name does not match the server, the application verifying the - certificate will issue a warning to the user, rendering the - verification provided by the certificate as useless. + If this name does not match the server, the application + verifying the certificate will issue a warning to the user, + rendering the verification provided by the certificate as + useless. &prompt.root; openssl req -new -nodes -out req.pem -keyout cert.pem Generating a 1024 bit RSA private key @@ -1856,23 +1857,22 @@ Please enter the following 'extra' attri to be sent with your certificate request A challenge password []:SOME PASSWORD An optional company name []:Another Name - - Other options, such as the expire - time and alternate encryption algorithms, are available when - creating a certificate. A - complete list of options is described in + + Other options, such as the expire time and alternate + encryption algorithms, are available when creating a + certificate. A complete list of options is described in &man.openssl.1;. - This command will create two files in the current directory. - The certificate request, + This command will create two files in the current + directory. The certificate request, req.pem, can be sent to a CA who will validate the entered credentials, sign the request, and return the signed certificate. The second file, cert.pem, is the private key for the - certificate and should be stored in a secure location. If this - falls in the hands of others, it can be used to impersonate - the user or the server. + certificate and should be stored in a secure location. If + this falls in the hands of others, it can be used to + impersonate the user or the server. Alternately, if a signature from a CA is not required, a self-signed certificate can be created. @@ -1922,8 +1922,9 @@ Email Address []:new.crt. These should be placed in a directory, preferably under /etc, which is readable only by root. Permissions of 0700 are - appropriate for these files and can be set using chmod. + class="username">root. Permissions of + 0700 are appropriate for these files and + can be set using chmod. @@ -1934,9 +1935,9 @@ Email Address []: - Some mail clients will display an error if the - user has not installed a local copy of the certificate. Refer to - the documentation included with the software for more + Some mail clients will display an error if the user has + not installed a local copy of the certificate. Refer to the + documentation included with the software for more information on certificate installation. @@ -1954,8 +1955,7 @@ sendmail_cert_cn="localhost CA certificate, /etc/mail/certs/cacert.pem. The certificate will use the Common Name - specified in . - After saving + specified in . After saving the edits, restart Sendmail: &prompt.root; service sendmail restart