Date: Fri, 18 Apr 2014 19:49:21 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44607 - head/en_US.ISO8859-1/books/handbook/security Message-ID: <201404181949.s3IJnMAX017642@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Fri Apr 18 19:49:21 2014 New Revision: 44607 URL: http://svnweb.freebsd.org/changeset/doc/44607 Log: White space fix only. Translators can ignore. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Apr 18 19:42:57 2014 (r44606) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Apr 18 19:49:21 2014 (r44607) @@ -972,9 +972,9 @@ ALL : ALL \ : twist /bin/echo "You are not welcome to use %d from %h."</programlisting> <para>In this example, the message <quote>You are not allowed to - use <replaceable>daemon name</replaceable> from - <replaceable>hostname</replaceable>.</quote> will be returned - for any daemon not configured in + use <replaceable>daemon name</replaceable> from + <replaceable>hostname</replaceable>.</quote> will be + returned for any daemon not configured in <filename>hosts.allow</filename>. This is useful for sending a reply back to the connection initiator right after the established connection is dropped. Any message returned @@ -1103,7 +1103,7 @@ sendmail : PARANOID : deny</programlisti <itemizedlist> <listitem> <para>The <acronym>DNS</acronym> domain (zone) will be - <systemitem + <systemitem class="fqdomainname">example.org</systemitem>.</para> </listitem> @@ -1822,14 +1822,15 @@ kadmind5_server_enable="YES"</programlis </indexterm> <para>To generate a certificate that will be signed by an - external <acronym>CA</acronym>, issue the following command and - input the information requested at the prompts. This input - information will be written to the certificate. At the + external <acronym>CA</acronym>, issue the following command + and input the information requested at the prompts. This + input information will be written to the certificate. At the <literal>Common Name</literal> prompt, input the fully qualified name for the system that will use the certificate. - If this name does not match the server, the application verifying the - certificate will issue a warning to the user, rendering the - verification provided by the certificate as useless.</para> + If this name does not match the server, the application + verifying the certificate will issue a warning to the user, + rendering the verification provided by the certificate as + useless.</para> <screen>&prompt.root; <userinput>openssl req -new -nodes -out req.pem -keyout cert.pem</userinput> Generating a 1024 bit RSA private key @@ -1856,23 +1857,22 @@ Please enter the following 'extra' attri to be sent with your certificate request A challenge password []:<userinput><replaceable>SOME PASSWORD</replaceable></userinput> An optional company name []:<userinput><replaceable>Another Name</replaceable></userinput></screen> - - <para>Other options, such as the expire - time and alternate encryption algorithms, are available when - creating a certificate. A - complete list of options is described in + + <para>Other options, such as the expire time and alternate + encryption algorithms, are available when creating a + certificate. A complete list of options is described in &man.openssl.1;.</para> - <para>This command will create two files in the current directory. - The certificate request, + <para>This command will create two files in the current + directory. The certificate request, <filename>req.pem</filename>, can be sent to a <acronym>CA</acronym> who will validate the entered credentials, sign the request, and return the signed certificate. The second file, <filename>cert.pem</filename>, is the private key for the - certificate and should be stored in a secure location. If this - falls in the hands of others, it can be used to impersonate - the user or the server.</para> + certificate and should be stored in a secure location. If + this falls in the hands of others, it can be used to + impersonate the user or the server.</para> <para>Alternately, if a signature from a <acronym>CA</acronym> is not required, a self-signed certificate can be created. @@ -1922,8 +1922,9 @@ Email Address []:<userinput><replaceable <filename>new.crt</filename>. These should be placed in a directory, preferably under <filename>/etc</filename>, which is readable only by <systemitem - class="username">root</systemitem>. Permissions of <literal>0700</literal> are - appropriate for these files and can be set using <command>chmod</command>.</para> + class="username">root</systemitem>. Permissions of + <literal>0700</literal> are appropriate for these files and + can be set using <command>chmod</command>.</para> </sect2> <sect2> @@ -1934,9 +1935,9 @@ Email Address []:<userinput><replaceable prevent the use of clear text authentication.</para> <note> - <para>Some mail clients will display an error if the - user has not installed a local copy of the certificate. Refer to - the documentation included with the software for more + <para>Some mail clients will display an error if the user has + not installed a local copy of the certificate. Refer to the + documentation included with the software for more information on certificate installation.</para> </note> @@ -1954,8 +1955,7 @@ sendmail_cert_cn="<replaceable>localhost <acronym>CA</acronym> certificate, <filename>/etc/mail/certs/cacert.pem</filename>. The certificate will use the <literal>Common Name</literal> - specified in <option>sendmail_cert_cn</option>. - After saving + specified in <option>sendmail_cert_cn</option>. After saving the edits, restart <application>Sendmail</application>:</para> <screen>&prompt.root; <userinput>service sendmail restart</userinput></screen>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404181949.s3IJnMAX017642>