diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-03-01 13:12:19 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-03-09 02:03:32 -0500 |
commit | 4aec0626fffea5d7e060979c2a4dc9555beae96a (patch) | |
tree | c3785e56c95bf15576a3a0a06eafb2e6461066fd /doc/admin/conf_files | |
parent | b8696b1ed70ffebbeee7142f1e5e086d75ce4e30 (diff) | |
download | krb5-4aec0626fffea5d7e060979c2a4dc9555beae96a.tar.gz krb5-4aec0626fffea5d7e060979c2a4dc9555beae96a.tar.xz krb5-4aec0626fffea5d7e060979c2a4dc9555beae96a.zip |
Document localauth interface
ticket: 7583
Diffstat (limited to 'doc/admin/conf_files')
-rw-r--r-- | doc/admin/conf_files/krb5_conf.rst | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst index 4c8f756541..e326cf350a 100644 --- a/doc/admin/conf_files/krb5_conf.rst +++ b/doc/admin/conf_files/krb5_conf.rst @@ -733,6 +733,41 @@ built-in modules exist for these interfaces: **encrypted_timestamp** This module implements the encrypted timestamp mechanism. +.. _localauth: + +localauth interface +################### + +The localauth section (introduced in release 1.12) controls modules +for the local authorization interface, which affects the relationship +between Kerberos principals and local system accounts. The following +built-in modules exist for this interface: + +**auth_to_local** + This module processes **auth_to_local** values in the default + realm's section, and applies the default method if no + **auth_to_local** values exist. + +**an2ln** + This module authorizes a principal to a local account if the + principal name maps to the local account name. + +**default** + This module implements the **DEFAULT** type for **auth_to_local** + values. + +**k5login** + This module authorizes a principal to a local account according to + the account's :ref:`.k5login(5)` file. + +**names** + This module looks for an **auth_to_local_names** mapping for the + principal name. + +**rule** + This module implements the **RULE** type for **auth_to_local** + values. + PKINIT options -------------- |