From 969106a21fe169282e3b42e51d9e14836d6a41b2 Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Tue, 30 Jun 2009 16:59:57 -0700 Subject: [PATCH] s3 docs: Add documentation for 'kerberos method' and 'dedicated keytab file' parameters --- .../security/dedicatedkeytabfile.xml | 15 +++++++ .../smbdotconf/security/kerberosmethod.xml | 39 +++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 docs-xml/smbdotconf/security/dedicatedkeytabfile.xml create mode 100644 docs-xml/smbdotconf/security/kerberosmethod.xml diff --git a/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml b/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml new file mode 100644 index 000000000000..c833e3f66a8a --- /dev/null +++ b/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml @@ -0,0 +1,15 @@ + + + + Specifies the path to the kerberos keytab file when + is set to "dedicated + keytab". + + +kerberos method + +/usr/local/etc/krb5.keytab + + diff --git a/docs-xml/smbdotconf/security/kerberosmethod.xml b/docs-xml/smbdotconf/security/kerberosmethod.xml new file mode 100644 index 000000000000..3a11e06be96e --- /dev/null +++ b/docs-xml/smbdotconf/security/kerberosmethod.xml @@ -0,0 +1,39 @@ + + + + Controls how kerberos tickets are verified. + + + Valid options are: + + secrets only - use only the secrets.tdb for + ticket verification (default) + + system keytab - use only the system keytab + for ticket verification + + dedicated keytab - use a dedicated keytab + for ticket verification + + secrets and keytab - use the secrets.tdb + first, then the system keytab + + + + The major difference between "system keytab" and "dedicated + keytab" is that the latter method relies on kerberos to find the + correct keytab entry instead of filtering based on expected + principals. + + + + When the kerberos method is in "dedicated keytab" mode, + must be set to + specify the location of the keytab file. + + +dedicated keytab file +secrets only + -- 2.34.1