From 9c49fb9a7cb6aa87a7bce1865887d6e4f78ce5fd Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 11 Nov 2009 14:16:41 +0100
Subject: Validate Kerberos credentials with local keytab

---
 server/man/sssd-ipa.5.xml  | 17 +++++++++++++++++
 server/man/sssd-krb5.5.xml | 25 +++++++++++++++++++++++++
 2 files changed, 42 insertions(+)

(limited to 'server/man')

diff --git a/server/man/sssd-ipa.5.xml b/server/man/sssd-ipa.5.xml
index 31ce824a..2751591f 100644
--- a/server/man/sssd-ipa.5.xml
+++ b/server/man/sssd-ipa.5.xml
@@ -94,6 +94,23 @@
                     </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                    <term>krb5_validate (boolean)</term>
+                    <listitem>
+                        <para>
+                            Verify with the help of krb5_keytab that the TGT
+                            obtained has not been spoofed.
+                        </para>
+                        <para>
+                            Default: true
+                        </para>
+                        <para>
+                             Please note that this default differs from the
+                             traditional kerberos provider backend.
+                        </para>
+                    </listitem>
+                </varlistentry>
+
             </variablelist>
         </para>
     </refsect1>
diff --git a/server/man/sssd-krb5.5.xml b/server/man/sssd-krb5.5.xml
index 1f86b49c..1ca28314 100644
--- a/server/man/sssd-krb5.5.xml
+++ b/server/man/sssd-krb5.5.xml
@@ -178,6 +178,31 @@
                     </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                    <term>krb5_validate (boolean)</term>
+                    <listitem>
+                        <para>
+                            Verify with the help of krb5_keytab that the TGT obtained has not been spoofed.
+                        </para>
+                        <para>
+                            Default: false
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                    <term>krb5_keytab (string)</term>
+                    <listitem>
+                        <para>
+                            The location of the keytab to use when validating
+                            credentials obtained from KDCs.
+                        </para>
+                        <para>
+                            Default: /etc/krb5.keytab
+                        </para>
+                    </listitem>
+                </varlistentry>
+
             </variablelist>
         </para>
     </refsect1>
-- 
cgit