svn commit: r44607 - head/en_US.ISO8859-1/books/handbook/security
Dru Lavigne
dru at FreeBSD.org
Fri Apr 18 19:49:22 UTC 2014
Author: dru
Date: Fri Apr 18 19:49:21 2014
New Revision: 44607
URL: http://svnweb.freebsd.org/changeset/doc/44607
Log:
White space fix only. Translators can ignore.
Sponsored by: iXsystems
Modified:
head/en_US.ISO8859-1/books/handbook/security/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Apr 18 19:42:57 2014 (r44606)
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Apr 18 19:49:21 2014 (r44607)
@@ -972,9 +972,9 @@ ALL : ALL \
: twist /bin/echo "You are not welcome to use %d from %h."</programlisting>
<para>In this example, the message <quote>You are not allowed to
- use <replaceable>daemon name</replaceable> from
- <replaceable>hostname</replaceable>.</quote> will be returned
- for any daemon not configured in
+ use <replaceable>daemon name</replaceable> from
+ <replaceable>hostname</replaceable>.</quote> will be
+ returned for any daemon not configured in
<filename>hosts.allow</filename>. This is useful for sending
a reply back to the connection initiator right after the
established connection is dropped. Any message returned
@@ -1103,7 +1103,7 @@ sendmail : PARANOID : deny</programlisti
<itemizedlist>
<listitem>
<para>The <acronym>DNS</acronym> domain (zone) will be
- <systemitem
+ <systemitem
class="fqdomainname">example.org</systemitem>.</para>
</listitem>
@@ -1822,14 +1822,15 @@ kadmind5_server_enable="YES"</programlis
</indexterm>
<para>To generate a certificate that will be signed by an
- external <acronym>CA</acronym>, issue the following command and
- input the information requested at the prompts. This input
- information will be written to the certificate. At the
+ external <acronym>CA</acronym>, issue the following command
+ and input the information requested at the prompts. This
+ input information will be written to the certificate. At the
<literal>Common Name</literal> prompt, input the fully
qualified name for the system that will use the certificate.
- If this name does not match the server, the application verifying the
- certificate will issue a warning to the user, rendering the
- verification provided by the certificate as useless.</para>
+ If this name does not match the server, the application
+ verifying the certificate will issue a warning to the user,
+ rendering the verification provided by the certificate as
+ useless.</para>
<screen>&prompt.root; <userinput>openssl req -new -nodes -out req.pem -keyout cert.pem</userinput>
Generating a 1024 bit RSA private key
@@ -1856,23 +1857,22 @@ Please enter the following 'extra' attri
to be sent with your certificate request
A challenge password []:<userinput><replaceable>SOME PASSWORD</replaceable></userinput>
An optional company name []:<userinput><replaceable>Another Name</replaceable></userinput></screen>
-
- <para>Other options, such as the expire
- time and alternate encryption algorithms, are available when
- creating a certificate. A
- complete list of options is described in
+
+ <para>Other options, such as the expire time and alternate
+ encryption algorithms, are available when creating a
+ certificate. A complete list of options is described in
&man.openssl.1;.</para>
- <para>This command will create two files in the current directory.
- The certificate request,
+ <para>This command will create two files in the current
+ directory. The certificate request,
<filename>req.pem</filename>, can be sent to a
<acronym>CA</acronym> who will validate the entered
credentials, sign the request, and return the signed
certificate. The second file,
<filename>cert.pem</filename>, is the private key for the
- certificate and should be stored in a secure location. If this
- falls in the hands of others, it can be used to impersonate
- the user or the server.</para>
+ certificate and should be stored in a secure location. If
+ this falls in the hands of others, it can be used to
+ impersonate the user or the server.</para>
<para>Alternately, if a signature from a <acronym>CA</acronym>
is not required, a self-signed certificate can be created.
@@ -1922,8 +1922,9 @@ Email Address []:<userinput><replaceable
<filename>new.crt</filename>. These should be placed in a
directory, preferably under <filename>/etc</filename>, which
is readable only by <systemitem
- class="username">root</systemitem>. Permissions of <literal>0700</literal> are
- appropriate for these files and can be set using <command>chmod</command>.</para>
+ class="username">root</systemitem>. Permissions of
+ <literal>0700</literal> are appropriate for these files and
+ can be set using <command>chmod</command>.</para>
</sect2>
<sect2>
@@ -1934,9 +1935,9 @@ Email Address []:<userinput><replaceable
prevent the use of clear text authentication.</para>
<note>
- <para>Some mail clients will display an error if the
- user has not installed a local copy of the certificate. Refer to
- the documentation included with the software for more
+ <para>Some mail clients will display an error if the user has
+ not installed a local copy of the certificate. Refer to the
+ documentation included with the software for more
information on certificate installation.</para>
</note>
@@ -1954,8 +1955,7 @@ sendmail_cert_cn="<replaceable>localhost
<acronym>CA</acronym> certificate,
<filename>/etc/mail/certs/cacert.pem</filename>. The
certificate will use the <literal>Common Name</literal>
- specified in <option>sendmail_cert_cn</option>.
- After saving
+ specified in <option>sendmail_cert_cn</option>. After saving
the edits, restart <application>Sendmail</application>:</para>
<screen>&prompt.root; <userinput>service sendmail restart</userinput></screen>
More information about the svn-doc-all
mailing list