From 1b829affcbca761e17f38f69a85bbb79354c270e Mon Sep 17 00:00:00 2001 From: Jan Chaloupka Date: Thu, 21 Aug 2014 15:12:52 +0200 Subject: [PATCH] pam_krb5.8 missing ignore_afs options [nalin: apply to pam_krb5.8.in instead] --- src/pam_krb5.8.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/pam_krb5.8.in b/src/pam_krb5.8.in index f2640e1..e0eba4a 100644 --- a/src/pam_krb5.8.in +++ b/src/pam_krb5.8.in @@ -130,6 +130,10 @@ tells pam_krb5.so to use Kerberos credentials provided by the calling application during session setup. @MAN_AFS@This is most often useful for obtaining AFS tokens. +@MAN_AFS@.IP "ignore_afs=\fItrue\fR|\fIfalse\fR|\fIservice [...]\fR" +@MAN_AFS@tells pam_krb5.so to completely ignore the presence of AFS, preventing +@MAN_AFS@any attempts to obtain new tokens on behalf of the calling application. +@MAN_AFS@ .IP ignore_k5login specifies that pam_krb5 should skip checking the user's .k5login file to verify that the principal name of the client being authenticated is -- 2.7.0