--- /dev/null
+<samba:parameter name="dedicated keytab file" context="G" type="string"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ Specifies the path to the kerberos keytab file when
+ <smbconfoption name="kerberos method"/> is set to "dedicated
+ keytab".
+ </para>
+</description>
+<related>kerberos method</related>
+<value type="default"/>
+<value type="example">/usr/local/etc/krb5.keytab</value>
+</samba:parameter>
+
--- /dev/null
+<samba:parameter name="kerberos method" context="G" type="enum"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ Controls how kerberos tickets are verified.
+ </para>
+
+ <para>Valid options are:</para>
+ <itemizedlist>
+ <listitem><para>secrets only - use only the secrets.tdb for
+ ticket verification (default)</para></listitem>
+
+ <listitem><para>system keytab - use only the system keytab
+ for ticket verification</para></listitem>
+
+ <listitem><para>dedicated keytab - use a dedicated keytab
+ for ticket verification</para></listitem>
+
+ <listitem><para>secrets and keytab - use the secrets.tdb
+ first, then the system keytab</para></listitem>
+ </itemizedlist>
+
+ <para>
+ The major difference between "system keytab" and "dedicated
+ keytab" is that the latter method relies on kerberos to find the
+ correct keytab entry instead of filtering based on expected
+ principals.
+ </para>
+
+ <para>
+ When the kerberos method is in "dedicated keytab" mode,
+ <smbconfoption name="dedicated keytab file"/> must be set to
+ specify the location of the keytab file.
+ </para>
+</description>
+<related>dedicated keytab file</related>
+<value type="default">secrets only</value>
+</samba:parameter>
git.samba.org / metze / samba / wip.git / commitdiff