krb5: new option krb5_map_user

New option `krb5_map_user` providing mapping of ID provider names to Kerberos principals. Resolves: https://fedorahosted.org/sssd/ticket/2509 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
author: Pavel Reichl <preichl@redhat.com> 2015-04-30 06:43:05 -0400
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-05-28 11:04:28 +0200
commit: aa8a8318aaa3270e9d9957d0c22dec6342360a37 (patch)
tree: 9f6ccd9d2cc601adde7f21fa161715f9d76aee2d /src/man/sssd-krb5.5.xml
parent: 62b20154899f847e760d6dfbae6a32fb45b448de (diff)
download: sssd-aa8a8318aaa3270e9d9957d0c22dec6342360a37.tar.gz
sssd-aa8a8318aaa3270e9d9957d0c22dec6342360a37.tar.xz
sssd-aa8a8318aaa3270e9d9957d0c22dec6342360a37.zip
1 files changed, 36 insertions, 0 deletions
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml
index 8d5bbeed6..e7fdd19e0 100644
--- a/src/man/sssd-krb5.5.xml
+++ b/src/man/sssd-krb5.5.xml
@@ -516,6 +516,42 @@
                     </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                    <term>krb5_map_user (string)</term>
+                    <listitem>
+                        <para>
+                             The list of mappings is given as a comma-separated
+                             list of pairs <quote>username:primary</quote>
+                             where <quote>username</quote> is a UNIX user name
+                             and <quote>primary</quote> is a user part of
+                             a kerberos principal. This mapping is used when
+                             user is authenticating using
+                             <quote>auth_provider = krb5</quote>.
+                        </para>
+
+                        <para>
+                             example:
+<programlisting>
+krb5_realm = REALM
+krb5_map_user = joe:juser,dick:richard
+</programlisting>
+                        </para>
+                        <para>
+                             <quote>joe</quote> and <quote>dick</quote> are
+                             UNIX user names and <quote>juser</quote> and
+                             <quote>richard</quote> are primaries of kerberos
+                             principals. For user <quote>joe</quote> resp.
+                             <quote>dick</quote> SSSD will try to kinit as
+                             <quote>juser@REALM</quote> resp.
+                             <quote>richard@REALM</quote>.
+                        </para>
+
+                        <para>
+                            Default: not set
+                        </para>
+                    </listitem>
+                </varlistentry>
+
             </variablelist>
         </para>
     </refsect1>
author	Pavel Reichl <preichl@redhat.com>	2015-04-30 06:43:05 -0400
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-05-28 11:04:28 +0200
commit	aa8a8318aaa3270e9d9957d0c22dec6342360a37 (patch)
tree	9f6ccd9d2cc601adde7f21fa161715f9d76aee2d /src/man/sssd-krb5.5.xml
parent	62b20154899f847e760d6dfbae6a32fb45b448de (diff)
download	sssd-aa8a8318aaa3270e9d9957d0c22dec6342360a37.tar.gz sssd-aa8a8318aaa3270e9d9957d0c22dec6342360a37.tar.xz sssd-aa8a8318aaa3270e9d9957d0c22dec6342360a37.zip