diff options
| author | Ondrej Kos <okos@redhat.com> | 2012-10-09 11:34:56 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-10-10 22:32:47 +0200 |
| commit | 89cc2dac478c899aaaacb75d7448e3c651723f74 (patch) | |
| tree | bc8ccca5a1f154b4a32d29ec25b9f5704cfa8b60 /src/man | |
| parent | 245c6b5db07249ecead23263f15c5c68c641134d (diff) | |
| download | sssd-89cc2dac478c899aaaacb75d7448e3c651723f74.tar.gz sssd-89cc2dac478c899aaaacb75d7448e3c651723f74.tar.bz2 sssd-89cc2dac478c899aaaacb75d7448e3c651723f74.zip | |
Add more info about ticket validation
https://fedorahosted.org/sssd/ticket/1499
Adds log message about not finding appropriate entry in keytab and using
the last keytab entry when validation is enabled.
Adds more information about validation into manpage.
Diffstat (limited to 'src/man')
| -rw-r--r-- | src/man/sssd-krb5.5.xml | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml index f4fd1cb7..2e2e638d 100644 --- a/src/man/sssd-krb5.5.xml +++ b/src/man/sssd-krb5.5.xml @@ -231,7 +231,13 @@ <term>krb5_validate (boolean)</term> <listitem> <para> - Verify with the help of krb5_keytab that the TGT obtained has not been spoofed. + Verify with the help of krb5_keytab that the TGT + obtained has not been spoofed. The keytab is checked for + entries sequentially, and the first entry with matching + realm is used for validation. If no entry matches the last + one is used. This can be utilized to achieve validation in + enviroments with cross-realm trust by placing appropriate + keytab entry as the last one or the only one. </para> <para> Default: false |