>From 32c8296725bd02492a8b06b22fe19829fd56914a Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 30 Jun 2015 11:33:02 -0400 Subject: [PATCH] Added pki-audit man page. A new man page has been added for the pki -audit CLI. Due to database upgrade issue the command is currently only available in TPS. https://fedorahosted.org/pki/ticket/1437 --- base/java-tools/man/man1/pki-audit.1 | 104 +++++++++++++++++++++++++++++++++++ base/java-tools/man/man1/pki.1 | 10 +++- specs/pki-core.spec | 1 + 3 files changed, 113 insertions(+), 2 deletions(-) create mode 100644 base/java-tools/man/man1/pki-audit.1 diff --git a/base/java-tools/man/man1/pki-audit.1 b/base/java-tools/man/man1/pki-audit.1 new file mode 100644 index 0000000000000000000000000000000000000000..e1c84885035df9bf831090a916c931b403b53a9c --- /dev/null +++ b/base/java-tools/man/man1/pki-audit.1 @@ -0,0 +1,104 @@ +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH pki-audit 1 "Jun 30, 2015" "version 10.2" "PKI Audit Management Commands" Dogtag Team +.\" Please adjust this date whenever revising the man page. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for man page specific macros, see man(7) +.SH NAME +pki-audit \- Command-Line Interface for managing Certificate System audit configuration. + +.SH SYNOPSIS +.nf +\fBpki\fR [CLI options] \fB-audit\fR +\fBpki\fR [CLI options] \fB-audit-show\fR [command options] +\fBpki\fR [CLI options] \fB-audit-mod --action \fR [command options] +\fBpki\fR [CLI options] \fB-audit-mod --input \fR [command options] +.fi + +.SH DESCRIPTION +.PP +The \fBpki-audit\fR commands provide command-line interfaces to manage audit +configuration in the specified subsystem. Currently the only valid subsystem +is \fBtps\fR. +.PP +\fBpki\fR [CLI options] \fB-audit\fR +.RS 4 +This command is to list the available audit commands the subsystem. +.RE +.PP +\fBpki\fR [CLI options] \fB-audit-show\fR [command options] +.RS 4 +This command is to show the audit configuration in the subsystem. +.RE +.PP +\fBpki\fR [CLI options] \fB-audit-mod --action \fR [command options] +.RS 4 +This command is to the audit status in the subsystem. +.RE +.PP +\fBpki\fR [CLI options] \fB-audit-mod --input \fR [command options] +.RS 4 +This command is to modify the audit configuration in the subsystem. +.RE + +.SH OPTIONS +The CLI options are described in \fBpki\fR(1). + +.SH OPERATIONS +To view available audit commands, type \fBpki -audit\fP. To view +each command's usage, type \fB pki -audit- \-\-help\fP. + +All audit commands must be executed with the subsystem's admin authentication +(the user must be in the Administrators group). See also the Authentication +section in \fBpki\fP(1). + +.SS Viewing audit configuration + +To view the audit configuration in TPS execute the following command: + +.B pki tps-audit-show + +To download the audit configuration from TPS into a file execute the following +command: + +.B pki tps-audit-show --output + +.SS Changing audit status + +To enable/disable audit in TPS execute the following command: + +.B pki tps-audit-mod --action + +where action is enable or disable. + +.SS Modifying audit configuration + +To modify the audit configuration in TPS, download the current configuration +using the above \fBtps-audit-show\fP command, edit the file, then execute the +following command: + +.B pki tps-audit-mod --input + +Optionally, a --output option may be specified to download the +effective configuration after the modification. + +.SH AUTHORS +Endi S. Dewata . + +.SH COPYRIGHT +Copyright (c) 2015 Red Hat, Inc. This is licensed under the GNU General Public +License, version 2 (GPLv2). A copy of this license is available at +http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + +.SH SEE ALSO +.BR pki(1) diff --git a/base/java-tools/man/man1/pki.1 b/base/java-tools/man/man1/pki.1 index 41ee3d3da10adfa77fa94856d9829f5e6c2ecb78..3de8f6e922755f9550d57dcba4695bd5aff1d1ae 100644 --- a/base/java-tools/man/man1/pki.1 +++ b/base/java-tools/man/man1/pki.1 @@ -102,7 +102,9 @@ Alternatively, the connection parameters can be specified as a URI: where the URI is of the format \fI://:\fP. .SS Authentication -Some commands require authentication. These are commands that are restricted to particular sets of users (such as agents or admins) or those operations involving certificate profiles that require authentication. +Some commands require authentication. These are commands that are restricted +to particular sets of users (such as agents or admins) or those operations +involving certificate profiles that require authentication. To execute a command without authentication: @@ -133,7 +135,11 @@ To authenticate with a username by interactively prompting for a password: Prompting for a user password is not suitable for automated batch processing. .SS Client Authentication Setup -A client certificate associated with the desired PKI server must be used for client authentication. This can be done by importing the client certificate into an NSS security database and passing the values to the relevant options provided by the \fBpki\fP CLI framework. + +A client certificate associated with the desired PKI server must be used for +client authentication. This can be done by importing the client certificate +into an NSS security database and passing the values to the relevant options +provided by the \fBpki\fP CLI framework. To achieve this, execute the following commands to set up an NSS security database for use by the \fBpki\fP client, import the client certificate into the NSS database, and list information (including the nickname of the client certificate) stored in the NSS database: diff --git a/specs/pki-core.spec b/specs/pki-core.spec index 06fd9c7d333c424705a416c655098176df7e7a73..5ab8c841aea250e693fe95fd76847a76cbfa0b81 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -859,6 +859,7 @@ systemctl daemon-reload %{_javadir}/pki/pki-tools.jar %{_datadir}/pki/java-tools/ %{_mandir}/man1/pki.1.gz +%{_mandir}/man1/pki-audit.1.gz %{_mandir}/man1/pki-cert.1.gz %{_mandir}/man1/pki-client.1.gz %{_mandir}/man1/pki-group.1.gz -- 1.9.3