diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-06-14 01:55:27 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-06-27 02:00:51 -0400 |
commit | a6765ca3fa82fa9ac8045fb583d168c542b19585 (patch) | |
tree | 147e98011672984188b7924d205782cf04d4f28b /doc/admin | |
parent | e0a74797bd3a8395b81e68ecfa7ada6e2b4be4c6 (diff) | |
download | krb5-a6765ca3fa82fa9ac8045fb583d168c542b19585.tar.gz krb5-a6765ca3fa82fa9ac8045fb583d168c542b19585.tar.xz krb5-a6765ca3fa82fa9ac8045fb583d168c542b19585.zip |
Rely on module ordering for localauth
Register built-in localauth modules in the order we want them used by
default, and document accordingly.
ticket: 7665
Diffstat (limited to 'doc/admin')
-rw-r--r-- | doc/admin/conf_files/krb5_conf.rst | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst index 0fd3f2c1d5..699628f563 100644 --- a/doc/admin/conf_files/krb5_conf.rst +++ b/doc/admin/conf_files/krb5_conf.rst @@ -749,30 +749,30 @@ for the local authorization interface, which affects the relationship between Kerberos principals and local system accounts. The following built-in modules exist for this interface: -**auth_to_local** - This module processes **auth_to_local** values in the default - realm's section, and applies the default method if no - **auth_to_local** values exist. - -**an2ln** - This module authorizes a principal to a local account if the - principal name maps to the local account name. - **default** This module implements the **DEFAULT** type for **auth_to_local** values. -**k5login** - This module authorizes a principal to a local account according to - the account's :ref:`.k5login(5)` file. +**rule** + This module implements the **RULE** type for **auth_to_local** + values. **names** This module looks for an **auth_to_local_names** mapping for the principal name. -**rule** - This module implements the **RULE** type for **auth_to_local** - values. +**auth_to_local** + This module processes **auth_to_local** values in the default + realm's section, and applies the default method if no + **auth_to_local** values exist. + +**k5login** + This module authorizes a principal to a local account according to + the account's :ref:`.k5login(5)` file. + +**an2ln** + This module authorizes a principal to a local account if the + principal name maps to the local account name. PKINIT options |