diff options
| author | Andreas Schneider <asn@samba.org> | 2020-08-19 11:34:02 +0200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2021-04-28 03:43:34 +0000 |
| commit | 1cd233712e1a62d716a1d8b34ff3dca6a8f0f501 (patch) | |
| tree | 09c0136d56eb2083b9f13bad5ee2b7143fe0564b /docs-xml | |
| parent | b2bad13ca3545ea451c7858dace56195d18c4827 (diff) | |
| download | samba-1cd233712e1a62d716a1d8b34ff3dca6a8f0f501.tar.gz | |
lib:param: Add 'client use kerberos' config parameter
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'docs-xml')
| -rw-r--r-- | docs-xml/smbdotconf/security/clientusekerberos.xml | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/clientusekerberos.xml b/docs-xml/smbdotconf/security/clientusekerberos.xml new file mode 100644 index 00000000000..33dd2ac8e23 --- /dev/null +++ b/docs-xml/smbdotconf/security/clientusekerberos.xml @@ -0,0 +1,49 @@ +<samba:parameter name="client use kerberos" + context="G" + type="enum" + function="_client_use_kerberos" + enumlist="enum_use_kerberos_vals" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This parameter determines whether Samba client tools will try + to authenticate using Kerberos. For Kerberos authentication you + need to use dns names instead of IP addresses when connnecting + to a service. + </para> + + <para>Possible option settings are:</para> + <itemizedlist> + <listitem> + <para> + <emphasis>desired</emphasis> - Kerberos + authentication will be tried first and if it fails it + automatically fallback to NTLM. + </para> + </listitem> + + <listitem> + <para> + <emphasis>required</emphasis> - Kerberos + authentication will be required. There will be no + falllback to NTLM or a different alternative. + </para> + </listitem> + + <listitem> + <para> + <emphasis>off</emphasis> - Don't use + Kerberos, use NTLM instead or another + alternative. + </para> + </listitem> + </itemizedlist> + + <para> + In case that weak cryptography is not allowed (e.g. FIPS mode) + the default will be forced to <emphasis>required</emphasis>. + </para> +</description> + +<value type="default">desired</value> +</samba:parameter> |