[SCM] Samba Shared Repository - branch master updated

[Andreas Schneider]

The branch, master has been updated
       via  ebd88eb docs: Add a not that 'wbinfo --user-groups' may be 
incomplete
      from  36bb685 libsocket: Avoid an unnecessary else branch

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit ebd88eb44192a28341579e4a4515bae479e7368a
Author: Andreas Schneider <a...@samba.org>
Date:   Wed Feb 14 12:05:16 2018 +0100

    docs: Add a not that 'wbinfo --user-groups' may be incomplete
    
    Signed-off-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: Volker Lendecke <v...@samba.org>
    
    Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
    Autobuild-Date(master): Wed Feb 14 20:32:18 CET 2018 on sn-devel-144

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages/wbinfo.1.xml | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml
index c427007..e2042ca 100644
--- a/docs-xml/manpages/wbinfo.1.xml
+++ b/docs-xml/manpages/wbinfo.1.xml
@@ -384,10 +384,35 @@
 
                <varlistentry>
                <term>-r|--user-groups 
<replaceable>username</replaceable></term>
-               <listitem><para>Try to obtain the list of UNIX group ids
-               to which the user belongs.  This only works for users
-               defined on a Domain Controller.
-               </para></listitem>
+               <listitem>
+                       <para>
+                       Try to obtain the list of UNIX group ids to which the
+                       user belongs.  This only works for users defined on a
+                       Domain Controller.
+                       </para>
+
+                       <para>There are two scenaries:</para>
+                       <orderedlist>
+                               <listitem>
+                               <para>
+                               User authenticated: When the user has been
+                               authenticated, the access token for the user is
+                               cached. The correct group memberships are then
+                               returned from the cached user token (which can
+                               be outdated).
+                               </para>
+                               </listitem>
+
+                               <listitem>
+                               <para>
+                               User *NOT* authenticated: The information is
+                               queries from the domain controller using the
+                               machine account credentials which have limited
+                               permissions. The result is normally incomplete
+                               and can be also incorrect.
+                               </para></listitem>
+                       </orderedlist>
+               </listitem>
                </varlistentry>
 
                <varlistentry>


-- 
Samba Shared Repository