summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2014-02-17 17:30:52 +0100
committerJakub Hrozek <jhrozek@redhat.com>2014-02-17 19:32:15 +0100
commite9139e88b13aedcf6d36b79d3ae044d4178f1a27 (patch)
tree844b3c02ec927a5c9081e586dd0746bf7e75d6f8
parente83246234cc1236af2db5ed546f24005d5d43c12 (diff)
downloadsssd-e9139e88b13aedcf6d36b79d3ae044d4178f1a27.tar.gz
sssd-e9139e88b13aedcf6d36b79d3ae044d4178f1a27.tar.xz
sssd-e9139e88b13aedcf6d36b79d3ae044d4178f1a27.zip
MAN: Clarify the new krb5_use_fast IPA default
-rw-r--r--src/man/sssd-ipa.5.xml34
-rw-r--r--src/man/sssd-krb5.5.xml2
2 files changed, 35 insertions, 1 deletions
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 28ac252ab..7ab59dc20 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -399,6 +399,40 @@
</varlistentry>
<varlistentry>
+ <term>krb5_use_fast (string)</term>
+ <listitem>
+ <para>
+ Enables flexible authentication secure tunneling
+ (FAST) for Kerberos pre-authentication. The
+ following options are supported:
+ </para>
+ <para>
+ <emphasis>never</emphasis> use FAST.
+ </para>
+ <para>
+ <emphasis>try</emphasis> to use FAST. If the server
+ does not support FAST, continue the
+ authentication without it. This is
+ equivalent to not setting this option at all.
+ </para>
+ <para>
+ <emphasis>demand</emphasis> to use FAST. The
+ authentication fails if the server does not
+ require fast.
+ </para>
+ <para>
+ Default: try
+ </para>
+ <para>
+ NOTE: SSSD supports FAST only with
+ MIT Kerberos version 1.8 and later. If SSSD is used
+ with an older version of MIT Kerberos, using this
+ option is a configuration error.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>ipa_hbac_refresh (integer)</term>
<listitem>
<para>
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml
index 384d50661..602c07e9c 100644
--- a/src/man/sssd-krb5.5.xml
+++ b/src/man/sssd-krb5.5.xml
@@ -502,7 +502,7 @@
</para>
<para>
- Default: false (AD provide: true)
+ Default: false (AD provider: true)
</para>
</listitem>
</varlistentry>