Blob Blame History Raw
From 1b829affcbca761e17f38f69a85bbb79354c270e Mon Sep 17 00:00:00 2001
From: Jan Chaloupka <jchaloup@redhat.com>
Date: Thu, 21 Aug 2014 15:12:52 +0200
Subject: [PATCH] pam_krb5.8 missing ignore_afs options

[nalin: apply to pam_krb5.8.in instead]
---
 src/pam_krb5.8.in | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/pam_krb5.8.in b/src/pam_krb5.8.in
index f2640e1..e0eba4a 100644
--- a/src/pam_krb5.8.in
+++ b/src/pam_krb5.8.in
@@ -130,6 +130,10 @@ tells pam_krb5.so to use Kerberos credentials provided by the calling
 application during session setup.
 @MAN_AFS@This is most often useful for obtaining AFS tokens.
 
+@MAN_AFS@.IP "ignore_afs=\fItrue\fR|\fIfalse\fR|\fIservice [...]\fR"
+@MAN_AFS@tells pam_krb5.so to completely ignore the presence of AFS, preventing
+@MAN_AFS@any attempts to obtain new tokens on behalf of the calling application.
+@MAN_AFS@
 .IP ignore_k5login
 specifies that pam_krb5 should skip checking the user's .k5login
 file to verify that the principal name of the client being authenticated is
-- 
2.7.0