diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-17 17:30:52 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-17 19:32:15 +0100 |
commit | e9139e88b13aedcf6d36b79d3ae044d4178f1a27 (patch) | |
tree | 844b3c02ec927a5c9081e586dd0746bf7e75d6f8 /src/man/sssd-ipa.5.xml | |
parent | e83246234cc1236af2db5ed546f24005d5d43c12 (diff) | |
download | sssd-e9139e88b13aedcf6d36b79d3ae044d4178f1a27.tar.gz sssd-e9139e88b13aedcf6d36b79d3ae044d4178f1a27.tar.xz sssd-e9139e88b13aedcf6d36b79d3ae044d4178f1a27.zip |
MAN: Clarify the new krb5_use_fast IPA default
Diffstat (limited to 'src/man/sssd-ipa.5.xml')
-rw-r--r-- | src/man/sssd-ipa.5.xml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index 28ac252ab..7ab59dc20 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -399,6 +399,40 @@ </varlistentry> <varlistentry> + <term>krb5_use_fast (string)</term> + <listitem> + <para> + Enables flexible authentication secure tunneling + (FAST) for Kerberos pre-authentication. The + following options are supported: + </para> + <para> + <emphasis>never</emphasis> use FAST. + </para> + <para> + <emphasis>try</emphasis> to use FAST. If the server + does not support FAST, continue the + authentication without it. This is + equivalent to not setting this option at all. + </para> + <para> + <emphasis>demand</emphasis> to use FAST. The + authentication fails if the server does not + require fast. + </para> + <para> + Default: try + </para> + <para> + NOTE: SSSD supports FAST only with + MIT Kerberos version 1.8 and later. If SSSD is used + with an older version of MIT Kerberos, using this + option is a configuration error. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ipa_hbac_refresh (integer)</term> <listitem> <para> |