diff options
author | Volker Lendecke <vl@samba.org> | 2009-08-26 14:56:41 +0200 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2009-08-26 15:28:06 +0200 |
commit | b824b1b7bf19b4b8c64b7c2c5a6a1d3287820088 (patch) | |
tree | d82e327e9134f2bbac5e3f4881be3906f9fe74be /docs-xml/smbdotconf/winbind | |
parent | da99e3a724b493ba47a06d0704b891819ad16647 (diff) | |
download | samba-b824b1b7bf19b4b8c64b7c2c5a6a1d3287820088.tar.gz samba-b824b1b7bf19b4b8c64b7c2c5a6a1d3287820088.tar.bz2 samba-b824b1b7bf19b4b8c64b7c2c5a6a1d3287820088.zip |
Add a parameter to disable the automatic creation of krb5.conf files
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.
The alternative would have been something like a "krb5 conf include", but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.
Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
Diffstat (limited to 'docs-xml/smbdotconf/winbind')
-rw-r--r-- | docs-xml/smbdotconf/winbind/createkrb5conf.xml | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/winbind/createkrb5conf.xml b/docs-xml/smbdotconf/winbind/createkrb5conf.xml new file mode 100644 index 0000000000..38818240c3 --- /dev/null +++ b/docs-xml/smbdotconf/winbind/createkrb5conf.xml @@ -0,0 +1,24 @@ +<samba:parameter name="create krb5 conf" + context="G" + type="string" + advanced="1" developer="0" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + + <para> + Setting this paramter to <value type="example">no</value> prevents + winbind from creating custom krb5.conf files. Winbind normally does + this because the krb5 libraries are not AD-site-aware and thus would + pick any domain controller out of potentially very many. Winbind + is site-aware and makes the krb5 libraries use a local DC by + creating its own krb5.conf files. + </para> + <para> + Preventing winbind from doing this might become necessary if you + have to add special options into your system-krb5.conf that winbind + does not see. + </para> + +</description> +<value type="default">yes</value> +</samba:parameter> |