From 52220ada2af676a07eb3aa4a3662074ee37dd218 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 8 Sep 2011 15:04:32 -0400
Subject: MAN: Add more information about internal credential storage

---
 src/man/sssd-krb5.5.xml | 5 ++++-
 src/man/sssd.conf.5.xml | 4 ++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml
index 491e0442b..92808dd3c 100644
--- a/src/man/sssd-krb5.5.xml
+++ b/src/man/sssd-krb5.5.xml
@@ -260,7 +260,10 @@
                         </para>
                         <para>
                             Please note that this feature currently only
-                            available on a Linux platform.
+                            available on a Linux platform. Passwords stored in
+                            this way are kept in plaintext in the kernel
+                            keyring and are potentially accessible by the root
+                            user (with difficulty).
                         </para>
                         <para>
                             Default: false
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index f5119433b..bed06eb5b 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -696,6 +696,10 @@
                             Determines if user credentials are also cached
                             in the local LDB cache
                         </para>
+                        <para>
+                            User credentials are stored in a SHA512 hash, not
+                            in plaintext
+                        </para>
                         <para>
                             Default: FALSE
                         </para>
-- 
cgit