summaryrefslogtreecommitdiff
path: root/docs/docbook
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook')
-rw-r--r--docs/docbook/manpages/ntlm_auth.1.sgml14
-rw-r--r--docs/docbook/manpages/winbindd.8.sgml21
2 files changed, 17 insertions, 18 deletions
diff --git a/docs/docbook/manpages/ntlm_auth.1.sgml b/docs/docbook/manpages/ntlm_auth.1.sgml
index 52ab1db9e4..08a7d4aa88 100644
--- a/docs/docbook/manpages/ntlm_auth.1.sgml
+++ b/docs/docbook/manpages/ntlm_auth.1.sgml
@@ -11,25 +11,15 @@
<refnamediv>
<refname>ntlm_auth</refname>
- <refpurpose>tool for executing client side
- MS-RPC functions</refpurpose>
+ <refpurpose>tool to allow external access to Winbind's NTLM authentication function</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>ntlm_auth</command>
- <arg choice="opt">-A authfile</arg>
- <arg choice="opt">-c &lt;command string&gt;</arg>
<arg choice="opt">-d debuglevel</arg>
- <arg choice="opt">-h</arg>
<arg choice="opt">-l logfile</arg>
- <arg choice="opt">-N</arg>
<arg choice="opt">-s &lt;smb config file&gt;</arg>
- <arg choice="opt">-U username[%password]</arg>
- <arg choice="opt">-W workgroup</arg>
- <arg choice="opt">-N</arg>
- <arg choice="opt">-I destinationIP</arg>
- <arg choice="req">server</arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -75,7 +65,7 @@
<varlistentry>
<term>--workstation=WORKSTATION</term>
<listitem><para>
- Specify workstation of user to authenticate
+ Specify the workstation the user authenticated from
</para></listitem>
</varlistentry>
diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml
index 0beddf0ea5..e0489c43c4 100644
--- a/docs/docbook/manpages/winbindd.8.sgml
+++ b/docs/docbook/manpages/winbindd.8.sgml
@@ -316,12 +316,6 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
winbindd</command> to become aware of new trust relationships between
servers, it must be sent a SIGHUP signal. </para>
- <para>Client processes resolving names through the <command>winbindd</command>
- nsswitch module read an environment variable named <envar>
- $WINBINDD_DOMAIN</envar>. If this variable contains a comma separated
- list of Windows NT domain names, then winbindd will only resolve users
- and groups within those Windows NT domains. </para>
-
<para>PAM is really easy to misconfigure. Make sure you know what
you are doing when modifying PAM configuration files. It is possible
to set up PAM such that you can no longer log into your system. </para>
@@ -387,6 +381,21 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
</varlistentry>
<varlistentry>
+ <term>$LOCKDIR/winbindd_privilaged/pipe</term>
+ <listitem><para>The UNIX pipe over which 'privilaged' clients
+ communicate with the <command>winbindd</command> program. For security
+ reasons, access to some winbindd functions - like those needed by
+ the <command>ntlm_auth</command> utility - is restricted. By default,
+ only users in the 'root' group will get this access, however the administrator
+ may change the group permissions on $LOCKDIR/winbindd_privilaged to allow
+ programs like 'squid' to use ntlm_auth.
+ Note that the winbind client will only attempt to connect to the winbindd daemon
+ if both the <filename>$LOCKDIR/winbindd_privilaged</filename> directory
+ and <filename>$LOCKDIR/winbindd_privilaged/pipe</filename> file are owned by
+ root. </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>/lib/libnss_winbind.so.X</term>
<listitem><para>Implementation of name service switch library.
</para></listitem>