X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=doc%2Fman%2Fman8%2Fslappasswd.8;h=2b8d01f003c10d32fece4d0095484a5c8bd599b3;hb=9cdb7b18a929d546a7681d3ac0f830821069c5a5;hp=420778a21735263f5dc84cc7567966f9d8617f4a;hpb=3c5068bc1fa84fc5daf1e50d4f1a929cec91b7e9;p=openldap

diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8
index 420778a217..2b8d01f003 100644
--- a/doc/man/man8/slappasswd.8
+++ b/doc/man/man8/slappasswd.8
@@ -1,29 +1,39 @@
 .TH SLAPPASSWD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP$
-.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2013 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
 .SH NAME
 slappasswd \- OpenLDAP password utility
 .SH SYNOPSIS
 .B SBINDIR/slappasswd
-.B [\-v]
-.B [\-u]
-.B [\-g|\-s secret|\-T file]
-.B [\-h hash]
-.B [\-c salt-format]
-.B [\-n]
-.B 
+[\c
+.BR \-v ]
+[\c
+.BR \-u ]
+[\c
+.BR \-g \||\| \-s \ \fIsecret\fR \||\| \fB\-T \ \fIfile\fR]
+[\c
+.BI \-h \ hash\fR]
+[\c
+.BI \-c \ salt-format\fR]
+[\c
+.BR \-n ]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
 .LP
 .SH DESCRIPTION
 .LP
 .B Slappasswd
 is used to generate an userPassword value
 suitable for use with
-.BR ldapmodify (1)
-or
+.BR ldapmodify (1),
 .BR slapd.conf (5)
 .I rootpw
+configuration directive or the 
+.BR slapd\-config (5) 
+.I olcRootPW
 configuration directive.
+.
 .SH OPTIONS
 .TP
 .B \-v
@@ -34,7 +44,7 @@ Generate RFC 2307 userPassword values (the default).  Future
 versions of this program may generate alternative syntaxes
 by default.  This option is provided for forward compatibility.
 .TP
-.BI \-s " secret"
+.BI \-s \ secret
 The secret to hash.
 If this,
 .B \-g
@@ -45,7 +55,7 @@ are absent, the user will be prompted for the secret to hash.
 .B \-g
 and
 .B \-T
-and mutually exclusive flags.
+are mutually exclusive flags.
 .TP
 .BI \-g
 Generate the secret.
@@ -58,7 +68,7 @@ are absent, the user will be prompted for the secret to hash.
 .B \-g
 and
 .B \-T
-and mutually exclusive flags.
+are mutually exclusive flags.
 If this is present,
 .I {CLEARTEXT}
 is used as scheme.
@@ -67,7 +77,7 @@ and
 .B \-h
 are mutually exclusive flags.
 .TP
-.BI \-T " file"
+.BI \-T \ "file"
 Hash the contents of the file.
 If this,
 .B \-g
@@ -80,16 +90,16 @@ and
 .B \-T
 and mutually exclusive flags.
 .TP
-.BI \-h " scheme"
-If -h is specified, one of the following RFC 2307 schemes may
+.BI \-h \ "scheme"
+If \fB\-h\fP is specified, one of the following RFC 2307 schemes may
 be specified:
-.IR {CRYPT} ,
-.IR {MD5} ,
-.IR {SMD5} ,
-.IR {SSHA} ", and"
-.IR {SHA} .
+.BR {CRYPT} ,
+.BR {MD5} ,
+.BR {SMD5} ,
+.BR {SSHA} ", and"
+.BR {SHA} .
 The default is 
-.IR {SSHA} .
+.BR {SSHA} .
 
 Note that scheme names may need to be protected, due to
 .B {
@@ -116,26 +126,50 @@ indicates that the new password should be added to userPassword as
 clear text.
 Unless
 .I {CLEARTEXT}
-is used, this flag is incompatible with
+is used, this flag is incompatible with option
 .BR \-g .
 .TP
-.BI \-c " crypt-salt-format"
+.BI \-c \ crypt-salt-format
 Specify the format of the salt passed to
 .BR crypt (3)
 when generating {CRYPT} passwords.  
 This string needs to be in
 .BR sprintf (3)
-format and may include one (and only one) %s conversion.
-This conversion will be substituted with a string random
-characters from [A\-Za\-z0\-9./].  For example, '%.2s'
-provides a two character salt and '$1$%.8s' tells some
-versions of crypt(3) to use an MD5 algorithm and provides
-8 random characters of salt.  The default is '%s', which
-provides 31 characters of salt.
+format and may include one (and only one)
+.B %s
+conversion.
+This conversion will be substituted with a string of random
+characters from [A\-Za\-z0\-9./].  For example,
+.RB ' %.2s '
+provides a two character salt and
+.RB ' $1$%.8s '
+tells some
+versions of
+.BR crypt (3)
+to use an MD5 algorithm and provides
+8 random characters of salt.
+The default is
+.RB ' %s ' ,
+which provides 31 characters of salt.
 .TP
 .BI \-n
 Omit the trailing newline; useful to pipe the credentials
 into a command.
+.TP
+.BI \-o \ option\fR[ = value\fR]
+Specify an
+.I option
+with a(n optional)
+.IR value .
+Possible generic options/values are:
+.LP
+.nf
+              module\-path=<pathspec> (see `\fBmodulepath\fP' in slapd.conf(5))
+              module\-load=<filename> (see `\fBmoduleload\fP' in slapd.conf(5))
+
+.in
+You can load a dynamically loadable password hash module by
+using this option.
 .SH LIMITATIONS
 The practice of storing hashed passwords in userPassword violates
 Standard Track (RFC 4519) schema specifications and may hinder
@@ -150,17 +184,18 @@ is platform specific.
 .SH "SECURITY CONSIDERATIONS"
 Use of hashed passwords does not protect passwords during
 protocol transfer.  TLS or other eavesdropping protections
-should be in\-place before using LDAP simple bind.
+should be in-place before using LDAP simple bind.
 .LP
 The hashed password values should be protected as if they
 were clear text passwords.
 .SH "SEE ALSO"
 .BR ldappasswd (1),
 .BR ldapmodify (1),
-.BR slapd (8)
-.BR slapd.conf (5)
-.B RFC 2307
-.B RFC 4519
+.BR slapd (8),
+.BR slapd.conf (5),
+.BR slapd\-config (5),
+.B RFC 2307\fP,
+.B RFC 4519\fP,
 .B RFC 3112
 .LP
 "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)