From: Pavel Filipenský <pfilipensky@samba.org>
Date: Tue, 6 Aug 2024 21:22:42 +0000 (+0200)
Subject: Revert "docs-xml: Delete descriptions for removed commands "net ads keytab add" and... 
X-Git-Tag: tdb-1.4.13~1394
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51784e80f2bdf84c296badba2caea800ce3813db;p=thirdparty%2Fsamba.git

Revert "docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads""

This reverts commit a5f47f6efe67e02d7a12f30b4e6fb76bcd6aa71c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 61a1e6362ce..f0b3df793d4 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -1557,6 +1557,76 @@ are made to the computer AD account.
 </para>
 </refsect2>
 
+<refsect2>
+<title>ADS KEYTAB <replaceable>ADD</replaceable> <replaceable>(principal | machine | serviceclass | windows SPN</replaceable></title>
+
+<para>
+Adds a new keytab entry, the entry can be either;
+  <variablelist>
+    <varlistentry><term>kerberos principal</term>
+    <listitem><para>
+      A kerberos principal (identified by the presence of '@') is just
+      added to the keytab file.
+    </para></listitem>
+    </varlistentry>
+    <varlistentry><term>machinename</term>
+    <listitem><para>
+      A machinename (identified by the trailing '$') is used to create a
+      a kerberos principal 'machinename@realm' which is added to the
+      keytab file.
+    </para></listitem>
+    </varlistentry>
+    <varlistentry><term>serviceclass</term>
+    <listitem><para>
+    A serviceclass (such as 'cifs', 'html' etc.) is used to create a pair
+    of kerberos principals 'serviceclass/fully_qualified_dns_name@realm' &amp;
+    'serviceclass/netbios_name@realm' which are added to the keytab file.
+    </para></listitem>
+    </varlistentry>
+    <varlistentry><term>Windows SPN</term>
+    <listitem><para>
+    A Windows SPN is of the format 'serviceclass/host:port', it is used to
+    create a kerberos principal 'serviceclass/host@realm' which will
+    be written to the keytab file.
+    </para></listitem>
+    </varlistentry>
+  </variablelist>
+</para>
+<para>
+Unlike old versions no computer AD objects are modified by this command. To
+preserve the behaviour of older clients 'net ads keytab ad_update_ads' is
+available.
+</para>
+</refsect2>
+
+<refsect2>
+<title>ADS KEYTAB <replaceable>ADD_UPDATE_ADS</replaceable> <replaceable>(principal | machine | serviceclass | windows SPN</replaceable></title>
+
+<para>
+Adds a new keytab entry (see section for net ads keytab add). In addition to
+adding entries to the keytab file corresponding Windows SPNs are created
+from the entry passed to this command. These SPN(s) added to the AD computer
+account object associated with the client machine running this command for
+the following entry types;
+  <variablelist>
+    <varlistentry><term>serviceclass</term>
+    <listitem><para>
+    A serviceclass (such as 'cifs', 'html' etc.) is used to create a
+    pair of Windows SPN(s) 'param/full_qualified_dns' &amp;
+    'param/netbios_name' which are added to the AD computer account object
+   for this client.
+    </para></listitem>
+    </varlistentry>
+    <varlistentry><term>Windows SPN</term>
+    <listitem><para>
+    A Windows SPN is of the format 'serviceclass/host:port', it is
+    added as passed to the AD computer account object for this client.
+    </para></listitem>
+    </varlistentry>
+  </variablelist>
+</para>
+</refsect2>
+
 <refsect2>
 <title>ADS setspn <replaceable>SETSPN LIST [machine]</replaceable></title>