mirror of
https://github.com/samba-team/samba.git
synced 2024-12-25 23:21:54 +03:00
63e3c75374
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
42 lines
1.3 KiB
XML
42 lines
1.3 KiB
XML
<samba:parameter name="kerberos method"
|
|
context="G"
|
|
type="enum"
|
|
enumlist="enum_kerberos_method"
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<description>
|
|
<para>
|
|
Controls how kerberos tickets are verified.
|
|
</para>
|
|
|
|
<para>Valid options are:</para>
|
|
<itemizedlist>
|
|
<listitem><para>secrets only - use only the secrets.tdb for
|
|
ticket verification (default)</para></listitem>
|
|
|
|
<listitem><para>system keytab - use only the system keytab
|
|
for ticket verification</para></listitem>
|
|
|
|
<listitem><para>dedicated keytab - use a dedicated keytab
|
|
for ticket verification</para></listitem>
|
|
|
|
<listitem><para>secrets and keytab - use the secrets.tdb
|
|
first, then the system keytab</para></listitem>
|
|
</itemizedlist>
|
|
|
|
<para>
|
|
The major difference between "system keytab" and "dedicated
|
|
keytab" is that the latter method relies on kerberos to find the
|
|
correct keytab entry instead of filtering based on expected
|
|
principals.
|
|
</para>
|
|
|
|
<para>
|
|
When the kerberos method is in "dedicated keytab" mode,
|
|
<smbconfoption name="dedicated keytab file"/> must be set to
|
|
specify the location of the keytab file.
|
|
</para>
|
|
</description>
|
|
<related>dedicated keytab file</related>
|
|
<value type="default">default</value>
|
|
</samba:parameter>
|