rename

[openldap] / doc / man / man8 / slappasswd.8

diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8
index d8a504e75bcd8f54d616110eec89559b52abce65..ee83f09d09e98d98dd70c1604440552b4bbe4e1c 100644 (file)
--- a/doc/man/man8/slappasswd.8
+++ b/doc/man/man8/slappasswd.8
@@ -1,6 +1,6 @@
 .TH SLAPPASSWD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
 .\" $OpenLDAP$
-.\" Copyright 1998-2002 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slappasswd \- OpenLDAP password utility
@@ -8,7 +8,7 @@ slappasswd \- OpenLDAP password utility
 .B SBINDIR/slappasswd
 .B [\-v]
 .B [\-u]
-.B [\-s secret]
+.B [\-s secret|\-T file]
 .B [\-h hash]
 .B [\-c salt-format]
 .B 
@@ -29,16 +29,32 @@ configuration directive.
 enable verbose mode.
 .TP
 .B \-u
-Generate RFC2307 userPassword values (the default).  Future
+Generate RFC 2307 userPassword values (the default).  Future
 versions of this program may generate alternative syntaxes
 by default.  This option is provided for forward compatibility.
 .TP
 .BI \-s " secret"
-The secret to hash.  If not provided, the user will be prompted
-for the secret to hash.
+The secret to hash.
+If this and
+.B \-T
+are absent, the user will be prompted for the secret to hash.
+.B \-s
+and
+.B \-T
+and mutually exclusive flags.
+.TP
+.BI \-T " file"
+Hash the contents of the file.
+If this and
+.B \-s
+are absent, the user will be prompted for the secret to hash.
+.B \-s
+and
+.B \-T
+and mutually exclusive flags.
 .TP
 .BI \-h " scheme"
-If -h is specified, one of the following RFC2307 schemes may
+If -h is specified, one of the following RFC 2307 schemes may
 be specified:
 .IR {CRYPT} ,
 .IR {MD5} ,
@@ -47,21 +63,27 @@ be specified:
 .IR {SHA} .
 The default is 
 .IR {SSHA} .
-.TP
+
+Note that scheme names may need to be protected, due to
+.B {
+and
+.BR } ,
+from expansion by the user's command interpreter.
+
 .B {SHA}
 and
 .B {SSHA}
 use the SHA-1 algorithm (FIPS 160-1), the latter with a seed.
-.TP
+
 .B {MD5}
 and
 .B {SMD5}
 use the MD5 algorithm (RFC 1321), the latter with a seed.
-.TP
+
 .B {CRYPT}
 uses the
 .BR crypt (3).
-.TP
+
 .B {CLEARTEXT}
 indicates that the new password should be added to userPassword as
 clear text.
@@ -81,20 +103,30 @@ versions of crypt(3) to use an MD5 algorithm and provides
 provides 31 characters of salt.
 .SH LIMITATIONS
 The practice storing hashed passwords in userPassword violates
-Standard Track (RFC2256) schema specifications and may hinder
-interoperability.  A new attribute type to hold hashed
-passwords is needed.
+Standard Track (RFC 2256) schema specifications and may hinder
+interoperability.  A new attribute type, authPassword, to hold
+hashed passwords has been defined (RFC 3112), but is not yet
+implemented in
+.BR slapd (8).
+.TP
+It should also be noted that the behavior of
+.BR crypt (3)
+is platform specific.
 .SH "SECURITY CONSIDERATIONS"
 Use of hashed passwords does not protect passwords during
 protocol transfer.  TLS or other eavesdropping protections
-should be inplace before using LDAP simple bind.  The
-hashed password values should be protected as if they
+should be in\-place before using LDAP simple bind.
+.TP
+The hashed password values should be protected as if they
 were clear text passwords.
 .SH "SEE ALSO"
 .BR ldappasswd (1),
 .BR ldapmodify (1),
 .BR slapd (8)
 .BR slapd.conf (5)
+.B RFC 2307
+.B RFC 2256
+.B RFC 3112
 .LP
 "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
 .SH ACKNOWLEDGEMENTS