From 9e821019e8db89e0f3c408f1c6eb583f89f26a88 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 25 Sep 2009 17:35:56 +0200 Subject: remove krb5_try_simple_upn option and make it a default fallback --- server/man/sssd-krb5.5.xml | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) (limited to 'server/man/sssd-krb5.5.xml') diff --git a/server/man/sssd-krb5.5.xml b/server/man/sssd-krb5.5.xml index 4de89919..e90e6f47 100644 --- a/server/man/sssd-krb5.5.xml +++ b/server/man/sssd-krb5.5.xml @@ -32,6 +32,22 @@ 5 manual page + + The Kerberos 5 authentication backend does not contain an identity + provider and must be paired with one in order to function properly (for + example, id_provider = ldap). Some information required by the Kerberos + 5 authentication backend must be provided by the identity provider, such + as the user's Kerberos Principal Name (UPN). The configuration of the + identity provider should have an entry to specify the UPN. Please refer + to the man page for the applicable identity provider for details on how + to configure this. + + + In the case where the UPN is not available in the identity backend + sssd will construct a UPN using the format + username@krb5_realm. + + @@ -63,20 +79,6 @@ - - krb5_try_simple_upn (boolean) - - - Set this option to 'true' - if an User Principle Name (UPN) cannot be found in sysdb - and you want to use an UPN like 'username@realm'. - - - Default: false - - - - krb5_changepw_principle (string) -- cgit