summaryrefslogtreecommitdiff
path: root/server/man
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-09-25 17:35:56 +0200
committerStephen Gallagher <sgallagh@redhat.com>2009-09-25 12:58:47 -0400
commit9e821019e8db89e0f3c408f1c6eb583f89f26a88 (patch)
tree5e9ca779847749e7eaeb299f6957f4e2eaca9154 /server/man
parent95b9c3ea7ee21585db7e07a276e881b6c2349c74 (diff)
downloadsssd-9e821019e8db89e0f3c408f1c6eb583f89f26a88.tar.gz
sssd-9e821019e8db89e0f3c408f1c6eb583f89f26a88.tar.bz2
sssd-9e821019e8db89e0f3c408f1c6eb583f89f26a88.zip
remove krb5_try_simple_upn option and make it a default fallback
Diffstat (limited to 'server/man')
-rw-r--r--server/man/sssd-krb5.5.xml30
1 files changed, 16 insertions, 14 deletions
diff --git a/server/man/sssd-krb5.5.xml b/server/man/sssd-krb5.5.xml
index 4de89919..e90e6f47 100644
--- a/server/man/sssd-krb5.5.xml
+++ b/server/man/sssd-krb5.5.xml
@@ -32,6 +32,22 @@
<manvolnum>5</manvolnum>
</citerefentry> manual page
</para>
+ <para>
+ The Kerberos 5 authentication backend does not contain an identity
+ provider and must be paired with one in order to function properly (for
+ example, id_provider = ldap). Some information required by the Kerberos
+ 5 authentication backend must be provided by the identity provider, such
+ as the user's Kerberos Principal Name (UPN). The configuration of the
+ identity provider should have an entry to specify the UPN. Please refer
+ to the man page for the applicable identity provider for details on how
+ to configure this.
+ </para>
+ <para>
+ In the case where the UPN is not available in the identity backend
+ <command>sssd</command> will construct a UPN using the format
+ <replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>.
+ </para>
+
</refsect1>
<refsect1 id='file-format'>
@@ -64,20 +80,6 @@
</varlistentry>
<varlistentry>
- <term>krb5_try_simple_upn (boolean)</term>
- <listitem>
- <para>
- Set this option to 'true'
- if an User Principle Name (UPN) cannot be found in sysdb
- and you want to use an UPN like 'username@realm'.
- </para>
- <para>
- Default: false
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
<term>krb5_changepw_principle (string)</term>
<listitem>
<para>