diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2003-04-02 13:54:06 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2003-04-02 13:54:06 +0000 |
| commit | f1c4fb5cf5e425e5a07348ed174f7ed4f5b315c9 (patch) | |
| tree | d25fc7334f05421ec6cd5079bd32ee8189f48e32 /docs/docbook/manpages/winbindd.8.sgml | |
| parent | 0d01c00f0740da97bb328e8390c2b8fc6ce3166d (diff) | |
| download | samba-f1c4fb5cf5e425e5a07348ed174f7ed4f5b315c9.tar.gz samba-f1c4fb5cf5e425e5a07348ed174f7ed4f5b315c9.tar.bz2 samba-f1c4fb5cf5e425e5a07348ed174f7ed4f5b315c9.zip | |
Update ntlm_auth and winbind manpages.
Andrew Bartlett
(This used to be commit 441d6952bdaff94e387a11f5f524359f3bbbeefb)
Diffstat (limited to 'docs/docbook/manpages/winbindd.8.sgml')
| -rw-r--r-- | docs/docbook/manpages/winbindd.8.sgml | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml index 0beddf0ea5..e0489c43c4 100644 --- a/docs/docbook/manpages/winbindd.8.sgml +++ b/docs/docbook/manpages/winbindd.8.sgml @@ -316,12 +316,6 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok winbindd</command> to become aware of new trust relationships between servers, it must be sent a SIGHUP signal. </para> - <para>Client processes resolving names through the <command>winbindd</command> - nsswitch module read an environment variable named <envar> - $WINBINDD_DOMAIN</envar>. If this variable contains a comma separated - list of Windows NT domain names, then winbindd will only resolve users - and groups within those Windows NT domains. </para> - <para>PAM is really easy to misconfigure. Make sure you know what you are doing when modifying PAM configuration files. It is possible to set up PAM such that you can no longer log into your system. </para> @@ -387,6 +381,21 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok </varlistentry> <varlistentry> + <term>$LOCKDIR/winbindd_privilaged/pipe</term> + <listitem><para>The UNIX pipe over which 'privilaged' clients + communicate with the <command>winbindd</command> program. For security + reasons, access to some winbindd functions - like those needed by + the <command>ntlm_auth</command> utility - is restricted. By default, + only users in the 'root' group will get this access, however the administrator + may change the group permissions on $LOCKDIR/winbindd_privilaged to allow + programs like 'squid' to use ntlm_auth. + Note that the winbind client will only attempt to connect to the winbindd daemon + if both the <filename>$LOCKDIR/winbindd_privilaged</filename> directory + and <filename>$LOCKDIR/winbindd_privilaged/pipe</filename> file are owned by + root. </para></listitem> + </varlistentry> + + <varlistentry> <term>/lib/libnss_winbind.so.X</term> <listitem><para>Implementation of name service switch library. </para></listitem> |