From a4e1113d4b7013dabb2b6dcedf4500256d18d533 Mon Sep 17 00:00:00 2001
From: Jan Chaloupka <jchaloup@redhat.com>
Date: Mon, 29 Sep 2014 23:20:26 +0200
Subject: [PATCH] pam_krb5.8 missing ignore_afs options
---
pam_krb5/man8/pam_krb5.8 | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/pam_krb5/man8/pam_krb5.8 b/pam_krb5/man8/pam_krb5.8
index fca5e22..ac3676d 100644
--- a/pam_krb5/man8/pam_krb5.8
+++ b/pam_krb5/man8/pam_krb5.8
@@ -130,6 +130,10 @@ tells pam_krb5.so to use Kerberos credentials provided by the calling
application during session setup.
This is most often useful for obtaining AFS tokens.
+.IP "ignore_afs=\fItrue\fR|\fIfalse\fR|\fIservice [...]\fR"
+tells pam_krb5.so to completely ignore the presence of AFS, preventing
+any attempts to obtain new tokens on behalf of the calling application.
+
.IP ignore_k5login
specifies that pam_krb5 should skip checking the user's .k5login
file to verify that the principal name of the client being authenticated is
--
1.9.3