diff options
| author | Sumit Bose <sbose@redhat.com> | 2013-02-27 10:32:40 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-03-08 10:46:00 +0100 |
| commit | 5f3142c1e92856531ca8059b082ee9dc4c0af270 (patch) | |
| tree | d52b872d53bebf3de17cf37052b903edcc227b1f | |
| parent | efd4d80827a24794245327ce8b74b47e735f5b16 (diff) | |
| download | freeipa-5f3142c1e92856531ca8059b082ee9dc4c0af270.tar.gz freeipa-5f3142c1e92856531ca8059b082ee9dc4c0af270.tar.xz freeipa-5f3142c1e92856531ca8059b082ee9dc4c0af270.zip | |
Mention PAC issue with NFS in service plugin doc
https://fedorahosted.org/freeipa/ticket/2960
| -rw-r--r-- | ipalib/plugins/service.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index a3d436e61..6b6634458 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -66,6 +66,11 @@ EXAMPLES: Override a default list of supported PAC types for the service: ipa service-mod HTTP/web.example.com --pac-type=MS-PAC + A typical use case where overriding the PAC type is needed is NFS. + Currently the related code in the Linux kernel can only handle Kerberos + tickets up to a maximal size. Since the PAC data can become quite large it + is recommended to set --pac-type=NONE for NFS services. + Delete an IPA service: ipa service-del HTTP/web.example.com @@ -258,7 +263,8 @@ class service(LDAPObject): cli_name='pac_type', label=_('PAC type'), doc=_("Override default list of supported PAC types." - " Use 'NONE' to disable PAC support for this service"), + " Use 'NONE' to disable PAC support for this service," + " e.g. this might be necessary for NFS services."), values=(u'MS-PAC', u'PAD', u'NONE'), csv=True, ), |