diff options
Diffstat (limited to 'server/man')
| -rw-r--r-- | server/man/sssd-ipa.5.xml | 17 | ||||
| -rw-r--r-- | server/man/sssd-krb5.5.xml | 25 |
2 files changed, 42 insertions, 0 deletions
diff --git a/server/man/sssd-ipa.5.xml b/server/man/sssd-ipa.5.xml index 31ce824a..2751591f 100644 --- a/server/man/sssd-ipa.5.xml +++ b/server/man/sssd-ipa.5.xml @@ -94,6 +94,23 @@ </listitem> </varlistentry> + <varlistentry> + <term>krb5_validate (boolean)</term> + <listitem> + <para> + Verify with the help of krb5_keytab that the TGT + obtained has not been spoofed. + </para> + <para> + Default: true + </para> + <para> + Please note that this default differs from the + traditional kerberos provider backend. + </para> + </listitem> + </varlistentry> + </variablelist> </para> </refsect1> diff --git a/server/man/sssd-krb5.5.xml b/server/man/sssd-krb5.5.xml index 1f86b49c..1ca28314 100644 --- a/server/man/sssd-krb5.5.xml +++ b/server/man/sssd-krb5.5.xml @@ -178,6 +178,31 @@ </listitem> </varlistentry> + <varlistentry> + <term>krb5_validate (boolean)</term> + <listitem> + <para> + Verify with the help of krb5_keytab that the TGT obtained has not been spoofed. + </para> + <para> + Default: false + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>krb5_keytab (string)</term> + <listitem> + <para> + The location of the keytab to use when validating + credentials obtained from KDCs. + </para> + <para> + Default: /etc/krb5.keytab + </para> + </listitem> + </varlistentry> + </variablelist> </para> </refsect1> |