diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-17 17:30:52 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-17 19:29:27 +0100 |
| commit | 4a494e7d686d97ebb3260fa75d10466575d01e69 (patch) | |
| tree | a5af1e95c6c1c8a649ab2167104ab6d186b105f1 /src/man/sssd-ipa.5.xml | |
| parent | e325cabe762fad7d696e014a7fdbb47a5cb8174a (diff) | |
| download | sssd-4a494e7d686d97ebb3260fa75d10466575d01e69.tar.gz sssd-4a494e7d686d97ebb3260fa75d10466575d01e69.tar.xz sssd-4a494e7d686d97ebb3260fa75d10466575d01e69.zip | |
MAN: Clarify the new krb5_use_fast IPA default
Diffstat (limited to 'src/man/sssd-ipa.5.xml')
| -rw-r--r-- | src/man/sssd-ipa.5.xml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index bbee1f80a..dfcc595de 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -394,6 +394,40 @@ </varlistentry> <varlistentry> + <term>krb5_use_fast (string)</term> + <listitem> + <para> + Enables flexible authentication secure tunneling + (FAST) for Kerberos pre-authentication. The + following options are supported: + </para> + <para> + <emphasis>never</emphasis> use FAST. + </para> + <para> + <emphasis>try</emphasis> to use FAST. If the server + does not support FAST, continue the + authentication without it. This is + equivalent to not setting this option at all. + </para> + <para> + <emphasis>demand</emphasis> to use FAST. The + authentication fails if the server does not + require fast. + </para> + <para> + Default: try + </para> + <para> + NOTE: SSSD supports FAST only with + MIT Kerberos version 1.8 and later. If SSSD is used + with an older version of MIT Kerberos, using this + option is a configuration error. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ipa_hbac_refresh (integer)</term> <listitem> <para> |