From: Rob van der Linde <rob@catalyst.net.nz>
Date: Thu, 16 Nov 2023 00:39:23 +0000 (+1300)
Subject: netcmd: auth policy: document allowed to authenticate from silo and to by silo attributes
X-Git-Tag: talloc-2.4.2~568
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1e00952c34f5a82e8b1ca157a359f1fa351650ae;p=thirdparty%2Fsamba.git

netcmd: auth policy: document allowed to authenticate from silo and to by silo attributes

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml
index 9baa605fc16..e96ee4fc048 100644
--- a/docs-xml/manpages/samba-tool.8.xml
+++ b/docs-xml/manpages/samba-tool.8.xml
@@ -742,6 +742,18 @@
 				</para>
 			</listitem>
 		</varlistentry>
+		<varlistentry>
+			<term>--user-allowed-to-authenticate-from-silo</term>
+			<listitem>
+				<para>
+					User is allowed to authenticate from a given silo.
+				</para>
+				<para>
+					This attribute avoids the need to write SDDL by hand and
+					cannot be used with --user-allowed-to-authenticate-from
+				</para>
+			</listitem>
+		</varlistentry>
 		<varlistentry>
 			<term>--user-allowed-to-authenticate-to</term>
 			<listitem>
@@ -756,6 +768,18 @@
 				</para>
 			</listitem>
 		</varlistentry>
+		<varlistentry>
+			<term>--user-allowed-to-authenticate-to-by-silo</term>
+			<listitem>
+				<para>
+					User is allowed to authenticate to by a given silo.
+				</para>
+				<para>
+					This attribute avoids the need to write SDDL by hand and
+					cannot be used with --user-allowed-to-authenticate-to
+				</para>
+			</listitem>
+		</varlistentry>
 		<varlistentry>
 			<term>--service-tgt-lifetime-mins</term>
 			<listitem>
@@ -787,6 +811,18 @@
 				</para>
 			</listitem>
 		</varlistentry>
+		<varlistentry>
+			<term>--service-allowed-to-authenticate-from-silo</term>
+			<listitem>
+				<para>
+					Service is allowed to authenticate from a given silo.
+				</para>
+				<para>
+					This attribute avoids the need to write SDDL by hand and
+					cannot be used with --service-allowed-to-authenticate-from
+				</para>
+			</listitem>
+		</varlistentry>
 		<varlistentry>
 			<term>--service-allowed-to-authenticate-to</term>
 			<listitem>
@@ -801,6 +837,18 @@
 				</para>
 			</listitem>
 		</varlistentry>
+		<varlistentry>
+			<term>--service-allowed-to-authenticate-to-by-silo</term>
+			<listitem>
+				<para>
+					Service is allowed to authenticate to by a given silo.
+				</para>
+				<para>
+					This attribute avoids the need to write SDDL by hand and
+					cannot be used with --service-allowed-to-authenticate-to
+				</para>
+			</listitem>
+		</varlistentry>
 		<varlistentry>
 			<term>--computer-tgt-lifetime-mins</term>
 			<listitem>
@@ -823,6 +871,18 @@
 				</para>
 			</listitem>
 		</varlistentry>
+		<varlistentry>
+			<term>--computer-allowed-to-authenticate-to-by-silo</term>
+			<listitem>
+				<para>
+					Computer is allowed to authenticate to by a given silo.
+				</para>
+				<para>
+					This attribute avoids the need to write SDDL by hand and
+					cannot be used with --computer-allowed-to-authenticate-to
+				</para>
+			</listitem>
+		</varlistentry>
 	</variablelist>
 </refsect3>