<samba:parameter name="kerberos method" context="G" type="enum" advanced="1" developer="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para> Controls how kerberos tickets are verified. </para> <para>Valid options are:</para> <itemizedlist> <listitem><para>secrets only - use only the secrets.tdb for ticket verification (default)</para></listitem> <listitem><para>system keytab - use only the system keytab for ticket verification</para></listitem> <listitem><para>dedicated keytab - use a dedicated keytab for ticket verification</para></listitem> <listitem><para>secrets and keytab - use the secrets.tdb first, then the system keytab</para></listitem> </itemizedlist> <para> The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. </para> <para> When the kerberos method is in "dedicated keytab" mode, <smbconfoption name="dedicated keytab file"/> must be set to specify the location of the keytab file. </para> </description> <related>dedicated keytab file</related> <value type="default">secrets only</value> </samba:parameter>