dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From 4d5cbad45245016747aa34f2271f2fe5214cf34a Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 17 Feb 2014 17:30:52 +0100
Subject: [PATCH 88/88] MAN: Clarify the new krb5_use_fast IPA default

---
 src/man/sssd-ipa.5.xml  | 34 ++++++++++++++++++++++++++++++++++
 src/man/sssd-krb5.5.xml |  2 +-
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 28ac252abbeb508d62ca1a94f2440afc6b5b5c88..7ab59dc20cc43c7ed86c0e1a988a30813b9fe673 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -399,6 +399,40 @@
                 </varlistentry>
 
                 <varlistentry>
+                    <term>krb5_use_fast (string)</term>
+                    <listitem>
+                        <para>
+                            Enables flexible authentication secure tunneling
+                            (FAST) for Kerberos pre-authentication. The
+                            following options are supported:
+                        </para>
+                        <para>
+                            <emphasis>never</emphasis> use FAST.
+                        </para>
+                        <para>
+                            <emphasis>try</emphasis> to use FAST. If the server
+                            does not support FAST, continue the
+                            authentication without it. This is
+                            equivalent to not setting this option at all.
+                        </para>
+                        <para>
+                            <emphasis>demand</emphasis> to use FAST. The
+                            authentication fails if the server does not
+                            require fast.
+                        </para>
+                        <para>
+                            Default: try
+                        </para>
+                        <para>
+                            NOTE: SSSD supports FAST only with
+                            MIT Kerberos version 1.8 and later. If SSSD is used
+                            with an older version of MIT Kerberos, using this
+                            option is a configuration error.
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
                     <term>ipa_hbac_refresh (integer)</term>
                     <listitem>
                         <para>
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml
index 384d506616408c3f45f5b85621a8101ef4faa3e8..602c07e9c2e2b9c231c596d50be94b7d220c3257 100644
--- a/src/man/sssd-krb5.5.xml
+++ b/src/man/sssd-krb5.5.xml
@@ -502,7 +502,7 @@
                         </para>
 
                         <para>
-                            Default: false (AD provide: true)
+                            Default: false (AD provider: true)
                         </para>
                     </listitem>
                 </varlistentry>
-- 
1.8.5.3