From 0a564940c04dd9500b8d72bae723b165c3690b26 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 13 Nov 2012 21:21:38 +0100 Subject: Always start PAC responder if IPA ID provider is configured Since the PAC responder is used during the authentication of users from trusted realms it is started automatically if the IPA ID provider is configured for a domain to simplify the configuration. Fixes https://fedorahosted.org/sssd/ticket/1613 --- src/man/sssd-ipa.5.xml | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/man') diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index 4c4aaba4e..c7abea975 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -58,6 +58,12 @@ refer to freeipa.org for more information about HBAC. No configuration of access provider is required on the client side. + + The IPA provider will use the PAC responder if the Kerberos tickets + of users from trusted realms contain a PAC. To make configuration + easier the PAC responder is started automatically if the IPA ID + provider is configured. + -- cgit