summaryrefslogtreecommitdiff
path: root/docs-xml/smbdotconf/security
diff options
context:
space:
mode:
authorTim Prouty <tprouty@samba.org>2009-06-30 16:59:57 -0700
committerTim Prouty <tprouty@samba.org>2009-06-30 18:14:38 -0700
commit969106a21fe169282e3b42e51d9e14836d6a41b2 (patch)
treecd40daa557e203f297b46eac5b26774b46e299a1 /docs-xml/smbdotconf/security
parent7f7ebfaecbe3458a4c3e8fc79b68dd247ef4e31e (diff)
downloadsamba-969106a21fe169282e3b42e51d9e14836d6a41b2.tar.gz
s3 docs: Add documentation for 'kerberos method' and 'dedicated keytab file' parameters
Diffstat (limited to 'docs-xml/smbdotconf/security')
-rw-r--r--docs-xml/smbdotconf/security/dedicatedkeytabfile.xml15
-rw-r--r--docs-xml/smbdotconf/security/kerberosmethod.xml39
2 files changed, 54 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml b/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml
new file mode 100644
index 00000000000..c833e3f66a8
--- /dev/null
+++ b/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="dedicated keytab file" context="G" type="string"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ Specifies the path to the kerberos keytab file when
+ <smbconfoption name="kerberos method"/> is set to "dedicated
+ keytab".
+ </para>
+</description>
+<related>kerberos method</related>
+<value type="default"/>
+<value type="example">/usr/local/etc/krb5.keytab</value>
+</samba:parameter>
+
diff --git a/docs-xml/smbdotconf/security/kerberosmethod.xml b/docs-xml/smbdotconf/security/kerberosmethod.xml
new file mode 100644
index 00000000000..3a11e06be96
--- /dev/null
+++ b/docs-xml/smbdotconf/security/kerberosmethod.xml
@@ -0,0 +1,39 @@
+<samba:parameter name="kerberos method" context="G" type="enum"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ Controls how kerberos tickets are verified.
+ </para>
+
+ <para>Valid options are:</para>
+ <itemizedlist>
+ <listitem><para>secrets only - use only the secrets.tdb for
+ ticket verification (default)</para></listitem>
+
+ <listitem><para>system keytab - use only the system keytab
+ for ticket verification</para></listitem>
+
+ <listitem><para>dedicated keytab - use a dedicated keytab
+ for ticket verification</para></listitem>
+
+ <listitem><para>secrets and keytab - use the secrets.tdb
+ first, then the system keytab</para></listitem>
+ </itemizedlist>
+
+ <para>
+ The major difference between "system keytab" and "dedicated
+ keytab" is that the latter method relies on kerberos to find the
+ correct keytab entry instead of filtering based on expected
+ principals.
+ </para>
+
+ <para>
+ When the kerberos method is in "dedicated keytab" mode,
+ <smbconfoption name="dedicated keytab file"/> must be set to
+ specify the location of the keytab file.
+ </para>
+</description>
+<related>dedicated keytab file</related>
+<value type="default">secrets only</value>
+</samba:parameter>
View Lorry Controller Status