diff options
Diffstat (limited to 'server/man/sssd-krb5.5.xml')
-rw-r--r-- | server/man/sssd-krb5.5.xml | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/server/man/sssd-krb5.5.xml b/server/man/sssd-krb5.5.xml index 4de89919..e90e6f47 100644 --- a/server/man/sssd-krb5.5.xml +++ b/server/man/sssd-krb5.5.xml @@ -32,6 +32,22 @@ <manvolnum>5</manvolnum> </citerefentry> manual page </para> + <para> + The Kerberos 5 authentication backend does not contain an identity + provider and must be paired with one in order to function properly (for + example, id_provider = ldap). Some information required by the Kerberos + 5 authentication backend must be provided by the identity provider, such + as the user's Kerberos Principal Name (UPN). The configuration of the + identity provider should have an entry to specify the UPN. Please refer + to the man page for the applicable identity provider for details on how + to configure this. + </para> + <para> + In the case where the UPN is not available in the identity backend + <command>sssd</command> will construct a UPN using the format + <replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>. + </para> + </refsect1> <refsect1 id='file-format'> @@ -64,20 +80,6 @@ </varlistentry> <varlistentry> - <term>krb5_try_simple_upn (boolean)</term> - <listitem> - <para> - Set this option to 'true' - if an User Principle Name (UPN) cannot be found in sysdb - and you want to use an UPN like 'username@realm'. - </para> - <para> - Default: false - </para> - </listitem> - </varlistentry> - - <varlistentry> <term>krb5_changepw_principle (string)</term> <listitem> <para> |