From aa8a8318aaa3270e9d9957d0c22dec6342360a37 Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Thu, 30 Apr 2015 06:43:05 -0400
Subject: krb5: new option krb5_map_user

New option `krb5_map_user` providing mapping of ID provider names to
Kerberos principals.

Resolves:
https://fedorahosted.org/sssd/ticket/2509

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/man/sssd-krb5.5.xml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

(limited to 'src/man/sssd-krb5.5.xml')

diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml
index 8d5bbeed6..e7fdd19e0 100644
--- a/src/man/sssd-krb5.5.xml
+++ b/src/man/sssd-krb5.5.xml
@@ -516,6 +516,42 @@
                     </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                    <term>krb5_map_user (string)</term>
+                    <listitem>
+                        <para>
+                             The list of mappings is given as a comma-separated
+                             list of pairs <quote>username:primary</quote>
+                             where <quote>username</quote> is a UNIX user name
+                             and <quote>primary</quote> is a user part of
+                             a kerberos principal. This mapping is used when
+                             user is authenticating using
+                             <quote>auth_provider = krb5</quote>.
+                        </para>
+
+                        <para>
+                             example:
+<programlisting>
+krb5_realm = REALM
+krb5_map_user = joe:juser,dick:richard
+</programlisting>
+                        </para>
+                        <para>
+                             <quote>joe</quote> and <quote>dick</quote> are
+                             UNIX user names and <quote>juser</quote> and
+                             <quote>richard</quote> are primaries of kerberos
+                             principals. For user <quote>joe</quote> resp.
+                             <quote>dick</quote> SSSD will try to kinit as
+                             <quote>juser@REALM</quote> resp.
+                             <quote>richard@REALM</quote>.
+                        </para>
+
+                        <para>
+                            Default: not set
+                        </para>
+                    </listitem>
+                </varlistentry>
+
             </variablelist>
         </para>
     </refsect1>
-- 
cgit