svn commit: r1726136 - /incubator/slider/site/trunk/content/docs/manpage.md

[stevel]

Author: stevel
Date: Fri Jan 22 01:32:33 2016
New Revision: 1726136

URL: http://svn.apache.org/viewvc?rev=1726136&view=rev
Log:
SLIDER-1035 kdiag improvement docs

Modified:
    incubator/slider/site/trunk/content/docs/manpage.md

Modified: incubator/slider/site/trunk/content/docs/manpage.md
URL: 
http://svn.apache.org/viewvc/incubator/slider/site/trunk/content/docs/manpage.md?rev=1726136&r1=1726135&r2=1726136&view=diff
==============================================================================
--- incubator/slider/site/trunk/content/docs/manpage.md (original)
+++ incubator/slider/site/trunk/content/docs/manpage.md Fri Jan 22 01:32:33 2016
@@ -396,8 +396,7 @@ Example
     slider install-package --name HBASE --package 
/usr/work/package/hbase/slider-hbase-app-package-0.98.4-hadoop2.zip
     slider install-package --name HBASE --package 
/usr/work/package/hbase/slider-hbase-app-package-0.98.4-hadoop2.zip --replacepkg
 
-###` kdiag [--keytab <keytab> --principal <principal>] [--out outfile] 
[--fail]`
-
+### `kdiag [--keytab <keytab> --principal <principal>] [--out <outfile>] 
[--keylength <length>] [--secure]`
 Kerberos diagnostics.
 
 Any information which can be obtained to diagnose Kerberos problems:
@@ -409,11 +408,26 @@ attached to support calls.
 
 For an example of the output, see 
[SLIDER-1027](https://issues.apache.org/jira/browse/SLIDER-1027)
 
+Arguments
+
+* `--keytab <keytab> --principal <principal>` : list a keytab file to use
+and the principal to log in as. The file must contain the specific principal.
+
+* `--keylength <length>`: set the minimum encryption key length as measured in 
bits.
+If the JVM does not support this length, the command will fail.
+The default value is to 256, as needed for the `AES256` encryption scheme.
+A JVM without the Java Cryptography Extensions installed does not support
+`--keylength 256`: Kerberos will not work Kerberos itself is configured to use
+an encryption scheme with a shorter key length.
+
+* `--secure`: fail if the command is not executed on a secure cluster.
+That is: if the hadoop authentication mechanism of the cluster is "simple".
+
 Although there is a `--out outfile` option, much of the output can come from 
the JRE
 (to `stderr`) and via log4j (to `stdout`). To get all the output, it is best
 to redirect both these output streams to the same file, and omit the `--out` 
option.
 
-    slider kdiag --keytab zk.service.keytab --principal 
zookeeper/devix.cotham.uk > out.txt 2>&1
+    slider kdiag --keytab zk.service.keytab --principal zookeeper/devix@REALM 
> out.txt 2>&1
 
 For extra logging during the operation