diff options
author | Justin Stephenson <jstephen@redhat.com> | 2017-05-05 16:19:04 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-05-09 13:26:36 +0200 |
commit | 133ee2239498b4c4fd95e509b72f2e9ef2620584 (patch) | |
tree | 6196400206ed11292f2b5f7a59627789be239bac | |
parent | 2186f88e0449f2303dc84e98c88379ccf8e55714 (diff) | |
download | sssd-133ee2239498b4c4fd95e509b72f2e9ef2620584.tar.gz sssd-133ee2239498b4c4fd95e509b72f2e9ef2620584.tar.xz sssd-133ee2239498b4c4fd95e509b72f2e9ef2620584.zip |
MAN: AD Provider GSSAPI clarification
Explicitly state that the AD provider uses Kerberos and GSSAPI for
encrypting traffic to avoid attempted custom configurations with SSL/TLS
Resolves:
https://pagure.io/SSSD/sssd/issue/3377
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-rw-r--r-- | src/man/sssd-ad.5.xml | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index f9aadc78a..cd25bf7fa 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -35,7 +35,10 @@ <para> The AD provider is a back end used to connect to an Active Directory server. This provider requires that the machine be - joined to the AD domain and a keytab is available. + joined to the AD domain and a keytab is available. Back end + communication occurs over a GSSAPI-encrypted channel, SSL/TLS + options should not be used with the AD provider and will be + superceded by Kerberos usage. </para> <para> The AD provider supports connecting to Active Directory 2008 R2 |