diff options
Diffstat (limited to 'docs-xml')
-rw-r--r-- | docs-xml/smbdotconf/security/dedicatedkeytabfile.xml | 15 | ||||
-rw-r--r-- | docs-xml/smbdotconf/security/kerberosmethod.xml | 39 |
2 files changed, 54 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml b/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml new file mode 100644 index 0000000000..c833e3f66a --- /dev/null +++ b/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml @@ -0,0 +1,15 @@ +<samba:parameter name="dedicated keytab file" context="G" type="string" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + Specifies the path to the kerberos keytab file when + <smbconfoption name="kerberos method"/> is set to "dedicated + keytab". + </para> +</description> +<related>kerberos method</related> +<value type="default"/> +<value type="example">/usr/local/etc/krb5.keytab</value> +</samba:parameter> + diff --git a/docs-xml/smbdotconf/security/kerberosmethod.xml b/docs-xml/smbdotconf/security/kerberosmethod.xml new file mode 100644 index 0000000000..3a11e06be9 --- /dev/null +++ b/docs-xml/smbdotconf/security/kerberosmethod.xml @@ -0,0 +1,39 @@ +<samba:parameter name="kerberos method" context="G" type="enum" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + Controls how kerberos tickets are verified. + </para> + + <para>Valid options are:</para> + <itemizedlist> + <listitem><para>secrets only - use only the secrets.tdb for + ticket verification (default)</para></listitem> + + <listitem><para>system keytab - use only the system keytab + for ticket verification</para></listitem> + + <listitem><para>dedicated keytab - use a dedicated keytab + for ticket verification</para></listitem> + + <listitem><para>secrets and keytab - use the secrets.tdb + first, then the system keytab</para></listitem> + </itemizedlist> + + <para> + The major difference between "system keytab" and "dedicated + keytab" is that the latter method relies on kerberos to find the + correct keytab entry instead of filtering based on expected + principals. + </para> + + <para> + When the kerberos method is in "dedicated keytab" mode, + <smbconfoption name="dedicated keytab file"/> must be set to + specify the location of the keytab file. + </para> +</description> +<related>dedicated keytab file</related> +<value type="default">secrets only</value> +</samba:parameter> |