diff options
author | Günther Deschner <gd@samba.org> | 2009-12-18 13:56:01 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2009-12-18 14:03:36 +0100 |
commit | 74816678706b7028fa63a4e552887fcf98322711 (patch) | |
tree | 54132aef5d7ce7f107b073ee77bca2a7bd071419 /docs-xml/manpages-3 | |
parent | 19cdcdec096f5d1e3be2707d546715912e3db122 (diff) | |
download | samba-74816678706b7028fa63a4e552887fcf98322711.tar.gz samba-74816678706b7028fa63a4e552887fcf98322711.tar.bz2 samba-74816678706b7028fa63a4e552887fcf98322711.zip |
s3-docs: add new pam_winbind.conf(5) manpage.
Guenther
Diffstat (limited to 'docs-xml/manpages-3')
-rw-r--r-- | docs-xml/manpages-3/pam_winbind.conf.5.xml | 190 |
1 files changed, 190 insertions, 0 deletions
diff --git a/docs-xml/manpages-3/pam_winbind.conf.5.xml b/docs-xml/manpages-3/pam_winbind.conf.5.xml new file mode 100644 index 0000000000..113515ce84 --- /dev/null +++ b/docs-xml/manpages-3/pam_winbind.conf.5.xml @@ -0,0 +1,190 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="pam_winbind.conf.5"> + +<refmeta> + <refentrytitle>pam_winbind.conf</refentrytitle> + <manvolnum>5</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">5</refmiscinfo> + <refmiscinfo class="version">3.6</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>pam_winbind.conf</refname> + <refpurpose>Configuration file of PAM module for Winbind</refpurpose> +</refnamediv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This configuration file is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para> + pam_winbind.conf is the configuration file for the pam_winbind PAM + module. See + <citerefentry><refentrytitle>pam_winbind</refentrytitle><manvolnum>8</manvolnum></citerefentry> + for further details. + </para> +</refsect1> + +<refsect1> + <title>SYNOPSIS</title> + + <para> + The pam_winbind.conf configuration file is a classic ini-style + configuration file. There is only one section (global) where + various options are defined. + </para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + <para> + + pam_winbind supports several options which can either be set in + the PAM configuration files or in the pam_winbind configuration + file situated at + <filename>/etc/security/pam_winbind.conf</filename>. Options + from the PAM configuration file take precedence to those from + the pam_winbind.conf configuration file. + + <variablelist> + + <varlistentry> + <term>debug = yes|no</term> + <listitem><para>Gives debugging output to syslog. Defaults to "no".</para></listitem> + </varlistentry> + + <varlistentry> + <term>debug_state = yes|no</term> + <listitem><para>Gives detailed PAM state debugging output to syslog. Defaults to "no".</para></listitem> + </varlistentry> + + <varlistentry> + <term>require_membership_of = [SID or NAME]</term> + <listitem><para> + If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID + can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the + SID. That name must have the form: <parameter>MYDOMAIN\\mygroup</parameter> or + <parameter>MYDOMAIN\\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that + NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a + user is a member of with <command>wbinfo --user-sids=SID</command>. This setting is empty by default. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>try_first_pass = yes|no</term> + <listitem><para> + By default, pam_winbind tries to get the authentication token from a previous module. If no token is available + it asks the user for the old password. With this option, pam_winbind aborts with an error if no authentication + token from a previous module is available. If a primary password is not valid, PAM will prompt for a password. + Default to "no". + </para></listitem> + </varlistentry> + + <varlistentry> + <term>krb5_auth = yes|no</term> + <listitem><para> + + pam_winbind can authenticate using Kerberos when winbindd is + talking to an Active Directory domain controller. Kerberos + authentication must be enabled with this parameter. When + Kerberos authentication can not succeed (e.g. due to clock + skew), winbindd will fallback to samlogon authentication over + MSRPC. When this parameter is used in conjunction with + <parameter>winbind refresh tickets</parameter>, winbind will + keep your Ticket Granting Ticket (TGT) uptodate by refreshing + it whenever necessary. Defaults to "no". + + </para></listitem> + </varlistentry> + + <varlistentry> + <term>krb5_ccache_type = [type]</term> + <listitem><para> + + When pam_winbind is configured to try kerberos authentication + by enabling the <parameter>krb5_auth</parameter> option, it can + store the retrieved Ticket Granting Ticket (TGT) in a + credential cache. The type of credential cache can be set with + this option. Currently the only supported value is: + <parameter>FILE</parameter>. In that case a credential cache in + the form of /tmp/krb5cc_UID will be created, where UID is + replaced with the numeric user id. Leave empty to just do + kerberos authentication without having a ticket cache after the + logon has succeeded. This setting is empty by default. + + </para></listitem> + </varlistentry> + + <varlistentry> + <term>cached_login = yes|no</term> + <listitem><para> + Winbind allows to logon using cached credentials when <parameter>winbind offline logon</parameter> is enabled. To use this feature from the PAM module this option must be set. Defaults to "no". + </para></listitem> + </varlistentry> + + <varlistentry> + <term>silent = yes|no</term> + <listitem><para> + Do not emit any messages. Defaults to "no". + </para></listitem> + </varlistentry> + + <varlistentry> + <term>mkhomedir = yes|no</term> + <listitem><para> + Create homedirectory for a user on-the-fly, option is valid in + PAM session block. Defaults to "no". + </para></listitem> + </varlistentry> + + <varlistentry> + <term>warn_pwd_expire = days</term> + <listitem><para> + Defines number of days before pam_winbind starts to warn about passwords that are + going to expire. Defaults to 14 days. + </para></listitem> + </varlistentry> + + </variablelist> + + </para> + +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry> + <refentrytitle>pam_winbind</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry> + <refentrytitle>wbinfo</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>, <citerefentry> + <refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry> + <refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry></para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3 of Samba.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para> + The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by + the Samba Team as an Open Source project similar to the way the Linux kernel is developed. + </para> + + <para>This manpage was written by Jelmer Vernooij and Guenther Deschner.</para> + +</refsect1> + +</refentry> |