From 778491bebee536a196afc29b0d9953843a5374b2 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 13 Nov 2012 21:21:38 +0100
Subject: Always start PAC responder if IPA ID provider is configured

Since the PAC responder is used during the authentication of users from
trusted realms it is started automatically if the IPA ID provider is
configured for a domain to simplify the configuration.

Fixes https://fedorahosted.org/sssd/ticket/1613
---
 src/man/sssd-ipa.5.xml | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/man')

diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index db6aecf86..da5a2ffb4 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -58,6 +58,12 @@
             refer to freeipa.org for more information about HBAC. No configuration
             of access provider is required on the client side.
         </para>
+        <para>
+            The IPA provider will use the PAC responder if the Kerberos tickets
+            of users from trusted realms contain a PAC. To make configuration
+            easier the PAC responder is started automatically if the IPA ID
+            provider is configured.
+        </para>
     </refsect1>
 
     <refsect1 id='file-format'>
-- 
cgit