1 files changed, 26 insertions, 0 deletions

diff --git a/docs/docbook/smbdotconf/security/hostsequiv.xml b/docs/docbook/smbdotconf/security/hostsequiv.xml
new file mode 100644
index 0000000000..68d6d628e8
--- /dev/null
+++ b/docs/docbook/smbdotconf/security/hostsequiv.xml
@@ -0,0 +1,26 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+		<term><anchor id="HOSTSEQUIV"/>hosts equiv (G)</term>
+		<listitem><para>If this global parameter is a non-null string, 
+		it specifies the name of a file to read for the names of hosts 
+		and users who will be allowed access without specifying a password.
+		</para>
+		
+		<para>This is not be confused with <link linkend="HOSTSALLOW">
+		<parameter moreinfo="none">hosts allow</parameter></link> which is about hosts 
+		access to services and is more useful for guest services. <parameter moreinfo="none">
+		hosts equiv</parameter> may be useful for NT clients which will 
+		not supply passwords to Samba.</para>
+
+		<para><emphasis>NOTE :</emphasis> The use of <parameter moreinfo="none">hosts equiv
+		</parameter> can be a major security hole. This is because you are 
+		trusting the PC to supply the correct username. It is very easy to 
+		get a PC to supply a false username. I recommend that the 
+		<parameter moreinfo="none">hosts equiv</parameter> option be only used if you really 
+		know what you are doing, or perhaps on a home network where you trust 
+		your spouse and kids. And only if you <emphasis>really</emphasis> trust 
+		them :-).</para>
+		
+		<para>Default: <emphasis>no host equivalences</emphasis></para>
+		<para>Example: <command moreinfo="none">hosts equiv = /etc/hosts.equiv</command></para>
+		</listitem>
+		</samba:parameter>