From 4d5cbad45245016747aa34f2271f2fe5214cf34a Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 17 Feb 2014 17:30:52 +0100
Subject: [PATCH 88/88] MAN: Clarify the new krb5_use_fast IPA default
---
src/man/sssd-ipa.5.xml | 34 ++++++++++++++++++++++++++++++++++
src/man/sssd-krb5.5.xml | 2 +-
2 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 28ac252abbeb508d62ca1a94f2440afc6b5b5c88..7ab59dc20cc43c7ed86c0e1a988a30813b9fe673 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -399,6 +399,40 @@
</varlistentry>
<varlistentry>
+ <term>krb5_use_fast (string)</term>
+ <listitem>
+ <para>
+ Enables flexible authentication secure tunneling
+ (FAST) for Kerberos pre-authentication. The
+ following options are supported:
+ </para>
+ <para>
+ <emphasis>never</emphasis> use FAST.
+ </para>
+ <para>
+ <emphasis>try</emphasis> to use FAST. If the server
+ does not support FAST, continue the
+ authentication without it. This is
+ equivalent to not setting this option at all.
+ </para>
+ <para>
+ <emphasis>demand</emphasis> to use FAST. The
+ authentication fails if the server does not
+ require fast.
+ </para>
+ <para>
+ Default: try
+ </para>
+ <para>
+ NOTE: SSSD supports FAST only with
+ MIT Kerberos version 1.8 and later. If SSSD is used
+ with an older version of MIT Kerberos, using this
+ option is a configuration error.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>ipa_hbac_refresh (integer)</term>
<listitem>
<para>
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml
index 384d506616408c3f45f5b85621a8101ef4faa3e8..602c07e9c2e2b9c231c596d50be94b7d220c3257 100644
--- a/src/man/sssd-krb5.5.xml
+++ b/src/man/sssd-krb5.5.xml
@@ -502,7 +502,7 @@
</para>
<para>
- Default: false (AD provide: true)
+ Default: false (AD provider: true)
</para>
</listitem>
</varlistentry>
--
1.8.5.3