summaryrefslogtreecommitdiff
path: root/docs-xml/smbdotconf/security/kerberosmethod.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs-xml/smbdotconf/security/kerberosmethod.xml')
-rw-r--r--docs-xml/smbdotconf/security/kerberosmethod.xml39
1 files changed, 39 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/kerberosmethod.xml b/docs-xml/smbdotconf/security/kerberosmethod.xml
new file mode 100644
index 0000000000..3a11e06be9
--- /dev/null
+++ b/docs-xml/smbdotconf/security/kerberosmethod.xml
@@ -0,0 +1,39 @@
+<samba:parameter name="kerberos method" context="G" type="enum"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ Controls how kerberos tickets are verified.
+ </para>
+
+ <para>Valid options are:</para>
+ <itemizedlist>
+ <listitem><para>secrets only - use only the secrets.tdb for
+ ticket verification (default)</para></listitem>
+
+ <listitem><para>system keytab - use only the system keytab
+ for ticket verification</para></listitem>
+
+ <listitem><para>dedicated keytab - use a dedicated keytab
+ for ticket verification</para></listitem>
+
+ <listitem><para>secrets and keytab - use the secrets.tdb
+ first, then the system keytab</para></listitem>
+ </itemizedlist>
+
+ <para>
+ The major difference between "system keytab" and "dedicated
+ keytab" is that the latter method relies on kerberos to find the
+ correct keytab entry instead of filtering based on expected
+ principals.
+ </para>
+
+ <para>
+ When the kerberos method is in "dedicated keytab" mode,
+ <smbconfoption name="dedicated keytab file"/> must be set to
+ specify the location of the keytab file.
+ </para>
+</description>
+<related>dedicated keytab file</related>
+<value type="default">secrets only</value>
+</samba:parameter>
generated by cgit (git 2.34.1) at 2024-11-18 11:03:27 +0000