From: Tim Prouty <tprouty@samba.org>
Date: Tue, 30 Jun 2009 23:59:57 +0000 (-0700)
Subject: s3 docs: Add documentation for 'kerberos method' and 'dedicated keytab file' parameters
X-Git-Tag: talloc-2.0.0~854
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=969106a21fe169282e3b42e51d9e14836d6a41b2;p=thirdparty%2Fsamba.git

s3 docs: Add documentation for 'kerberos method' and 'dedicated keytab file' parameters
---

diff --git a/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml b/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml
new file mode 100644
index 00000000000..c833e3f66a8
--- /dev/null
+++ b/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="dedicated keytab file" context="G" type="string"
+		 advanced="1" developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>
+	  Specifies the path to the kerberos keytab file when
+	  <smbconfoption name="kerberos method"/> is set to "dedicated
+	  keytab".
+	</para>
+</description>
+<related>kerberos method</related>
+<value type="default"/>
+<value type="example">/usr/local/etc/krb5.keytab</value>
+</samba:parameter>
+
diff --git a/docs-xml/smbdotconf/security/kerberosmethod.xml b/docs-xml/smbdotconf/security/kerberosmethod.xml
new file mode 100644
index 00000000000..3a11e06be96
--- /dev/null
+++ b/docs-xml/smbdotconf/security/kerberosmethod.xml
@@ -0,0 +1,39 @@
+<samba:parameter name="kerberos method" context="G" type="enum"
+		 advanced="1" developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>
+	Controls how kerberos tickets are verified.
+	</para>
+
+	<para>Valid options are:</para>
+	<itemizedlist>
+	  <listitem><para>secrets only - use only the secrets.tdb for
+	  ticket verification (default)</para></listitem>
+
+	  <listitem><para>system keytab - use only the system keytab
+	  for ticket verification</para></listitem>
+
+	  <listitem><para>dedicated keytab - use a dedicated keytab
+	  for ticket verification</para></listitem>
+
+	  <listitem><para>secrets and keytab - use the secrets.tdb
+	  first, then the system keytab</para></listitem>
+	</itemizedlist>
+
+	<para>
+	  The major difference between "system keytab" and "dedicated
+	  keytab" is that the latter method relies on kerberos to find the
+	  correct keytab entry instead of filtering based on expected
+	  principals.
+	</para>
+
+	<para>
+	  When the kerberos method is in "dedicated keytab" mode,
+	  <smbconfoption name="dedicated keytab file"/> must be set to
+	  specify the location of the keytab file.
+	</para>
+</description>
+<related>dedicated keytab file</related>
+<value type="default">secrets only</value>
+</samba:parameter>