ITS#4225 added proxyCacheQueries keyword

[openldap] / doc / man / man8 / slappasswd.8

diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8
index 41fd51e277a8c4f744cfc9135b744af29a959df1..8cd7d8a58773cb22a2c26dc8a47e4689829d902e 100644 (file)
--- a/doc/man/man8/slappasswd.8
+++ b/doc/man/man8/slappasswd.8
@@ -1,6 +1,6 @@
 .TH SLAPPASSWD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
 .\" $OpenLDAP$
-.\" Copyright 1998-2003 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slappasswd \- OpenLDAP password utility
@@ -8,7 +8,7 @@ slappasswd \- OpenLDAP password utility
 .B SBINDIR/slappasswd
 .B [\-v]
 .B [\-u]
-.B [\-s secret]
+.B [\-s secret|\-T file]
 .B [\-h hash]
 .B [\-c salt-format]
 .B 
@@ -34,8 +34,24 @@ versions of this program may generate alternative syntaxes
 by default.  This option is provided for forward compatibility.
 .TP
 .BI \-s " secret"
-The secret to hash.  If not provided, the user will be prompted
-for the secret to hash.
+The secret to hash.
+If this and
+.B \-T
+are absent, the user will be prompted for the secret to hash.
+.B \-s
+and
+.B \-T
+and mutually exclusive flags.
+.TP
+.BI \-T " file"
+Hash the contents of the file.
+If this and
+.B \-s
+are absent, the user will be prompted for the secret to hash.
+.B \-s
+and
+.B \-T
+and mutually exclusive flags.
 .TP
 .BI \-h " scheme"
 If -h is specified, one of the following RFC 2307 schemes may
@@ -48,6 +64,12 @@ be specified:
 The default is 
 .IR {SSHA} .
 
+Note that scheme names may need to be protected, due to
+.B {
+and
+.BR } ,
+from expansion by the user's command interpreter.
+
 .B {SHA}
 and
 .B {SSHA}
@@ -74,10 +96,10 @@ This string needs to be in
 .BR sprintf (3)
 format and may include one (and only one) %s conversion.
 This conversion will be substituted with a string random
-characters from [A\-Za\-z0\-9./].  For example, "%.2s"
-provides a two character salt and "$1$%.8s" tells some
+characters from [A\-Za\-z0\-9./].  For example, '%.2s'
+provides a two character salt and '$1$%.8s' tells some
 versions of crypt(3) to use an MD5 algorithm and provides
-8 random characters of salt.  The default is "%s", which
+8 random characters of salt.  The default is '%s', which
 provides 31 characters of salt.
 .SH LIMITATIONS
 The practice storing hashed passwords in userPassword violates
@@ -86,11 +108,16 @@ interoperability.  A new attribute type, authPassword, to hold
 hashed passwords has been defined (RFC 3112), but is not yet
 implemented in
 .BR slapd (8).
+.TP
+It should also be noted that the behavior of
+.BR crypt (3)
+is platform specific.
 .SH "SECURITY CONSIDERATIONS"
 Use of hashed passwords does not protect passwords during
 protocol transfer.  TLS or other eavesdropping protections
-should be inplace before using LDAP simple bind.  The
-hashed password values should be protected as if they
+should be in\-place before using LDAP simple bind.
+.TP
+The hashed password values should be protected as if they
 were clear text passwords.
 .SH "SEE ALSO"
 .BR ldappasswd (1),