1 files changed, 29 insertions, 0 deletions

diff --git a/docs/docbook/smbdotconf/security/hostsequiv.xml b/docs/docbook/smbdotconf/security/hostsequiv.xml
new file mode 100644
index 0000000000..873053be28
--- /dev/null
+++ b/docs/docbook/smbdotconf/security/hostsequiv.xml
@@ -0,0 +1,29 @@
+<samba:parameter name="hosts equiv"
+                 context="G"
+                 advanced="1" developer="1"
+		 xmlns:samba="http://samba.org/common">
+<listitem>
+    <para>If this global parameter is a non-null string, 
+    it specifies the name of a file to read for the names of hosts 
+    and users who will be allowed access without specifying a password.
+    </para>
+		
+    <para>This is not be confused with <link linkend="HOSTSALLOW">
+    <parameter moreinfo="none">hosts allow</parameter></link> which is about hosts 
+    access to services and is more useful for guest services. <parameter moreinfo="none">
+    hosts equiv</parameter> may be useful for NT clients which will 
+    not supply passwords to Samba.</para>
+
+    <note><para>The use of <parameter moreinfo="none">hosts equiv
+    </parameter> can be a major security hole. This is because you are 
+    trusting the PC to supply the correct username. It is very easy to 
+    get a PC to supply a false username. I recommend that the 
+    <parameter moreinfo="none">hosts equiv</parameter> option be only used if you really 
+    know what you are doing, or perhaps on a home network where you trust 
+    your spouse and kids. And only if you <emphasis>really</emphasis> trust 
+    them :-).</para></note>
+		
+    <para>Default: <emphasis>no host equivalences</emphasis></para>
+    <para>Example: <command moreinfo="none">hosts equiv = /etc/hosts.equiv</command></para>
+</listitem>
+</samba:parameter>