remove krb5_try_simple_upn option and make it a default fallback

author: Sumit Bose <sbose@redhat.com> 2009-09-25 17:35:56 +0200
committer: Stephen Gallagher <sgallagh@redhat.com> 2009-09-25 12:58:47 -0400
commit: 9e821019e8db89e0f3c408f1c6eb583f89f26a88 (patch)
tree: 5e9ca779847749e7eaeb299f6957f4e2eaca9154 /server/man
parent: 95b9c3ea7ee21585db7e07a276e881b6c2349c74 (diff)
download: sssd-9e821019e8db89e0f3c408f1c6eb583f89f26a88.tar.gz
sssd-9e821019e8db89e0f3c408f1c6eb583f89f26a88.tar.bz2
sssd-9e821019e8db89e0f3c408f1c6eb583f89f26a88.zip
1 files changed, 16 insertions, 14 deletions
diff --git a/server/man/sssd-krb5.5.xml b/server/man/sssd-krb5.5.xml
index 4de89919..e90e6f47 100644
--- a/server/man/sssd-krb5.5.xml
+++ b/server/man/sssd-krb5.5.xml
@@ -32,6 +32,22 @@
                 <manvolnum>5</manvolnum>
             </citerefentry> manual page
         </para>
+        <para>
+            The Kerberos 5 authentication backend does not contain an identity
+            provider and must be paired with one in order to function properly (for
+            example, id_provider = ldap). Some information required by the Kerberos
+            5 authentication backend must be provided by the identity provider, such
+            as the user's Kerberos Principal Name (UPN). The configuration of the
+            identity provider should have an entry to specify the UPN. Please refer
+            to the man page for the applicable identity provider for details on how
+            to configure this.
+        </para>
+        <para>
+            In the case where the UPN is not available in the identity backend
+            <command>sssd</command> will construct a UPN using the format
+            <replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>.
+        </para>
+
     </refsect1>
 
     <refsect1 id='file-format'>
@@ -64,20 +80,6 @@
                 </varlistentry>
 
                 <varlistentry>
-                    <term>krb5_try_simple_upn (boolean)</term>
-                    <listitem>
-                        <para>
-                            Set this option to 'true'
-                            if an User Principle Name (UPN) cannot be found in sysdb
-                            and you want to use an UPN like 'username@realm'.
-                        </para>
-                        <para>
-                            Default: false
-                        </para>
-                    </listitem>
-                </varlistentry>
-
-                <varlistentry>
                     <term>krb5_changepw_principle (string)</term>
                     <listitem>
                         <para>
author	Sumit Bose <sbose@redhat.com>	2009-09-25 17:35:56 +0200
committer	Stephen Gallagher <sgallagh@redhat.com>	2009-09-25 12:58:47 -0400
commit	9e821019e8db89e0f3c408f1c6eb583f89f26a88 (patch)
tree	5e9ca779847749e7eaeb299f6957f4e2eaca9154 /server/man
parent	95b9c3ea7ee21585db7e07a276e881b6c2349c74 (diff)
download	sssd-9e821019e8db89e0f3c408f1c6eb583f89f26a88.tar.gz sssd-9e821019e8db89e0f3c408f1c6eb583f89f26a88.tar.bz2 sssd-9e821019e8db89e0f3c408f1c6eb583f89f26a88.zip