[SSSD] [PATCH] extend sssd-krb5 man page

Fri, 25 Sep 2009 06:09:29 -0700 

Hi,

this patch to the sssd-krb5 man page should clarify how the krb5
provider will find the right UPN.

This hopefully fixes #204.

Please fell free to correct any grammar or spelling mistakes.

bye,
Sumit

>From 05391861b196ceb731f978d9ce46f605a33059e7 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Fri, 25 Sep 2009 14:55:00 +0200
Subject: [PATCH] extend sssd-krb5 man page

---
 server/man/sssd-krb5.5.xml |   21 ++++++++++++++++++---
 1 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/server/man/sssd-krb5.5.xml b/server/man/sssd-krb5.5.xml
index 234b194..1db0e32 100644
--- a/server/man/sssd-krb5.5.xml
+++ b/server/man/sssd-krb5.5.xml
@@ -32,6 +32,20 @@
                 <manvolnum>5</manvolnum>
             </citerefentry> manual page
         </para>
+        <para>
+            The Kerberos 5 authentication backend does not contain an identity
+            provider. But some useful information can only be delivered by an
+            identity provider, e.g. the User's Principle Name (UPN). If the
+            identity provider knows the UPN, e.g. this is the case in Active
+            Directory or FreeIPA domains, it can be saved in
+            <command>sssd's</command> internal cache and used by the Kerberos 5
+            authentication backend. Please refer to the man page of the used
+            identity provider to see how to configure this.
+        </para>
+        <para>
+            In the case where the UPN is not available in the identity backend
+            the <option>krb5try_simple_upn</option> can be used.
+        </para>
     </refsect1>
 
     <refsect1 id='file-format'>
@@ -67,9 +81,10 @@
                     <term>krb5try_simple_upn (boolean)</term>
                     <listitem>
                         <para>
-                            Set this option to 'true'
-                            if an User Principle Name (UPN) cannot be found in 
sysdb
-                            and you want to use an UPN like 'usern...@realm'.
+                            Set this option to ´true´ if the identity provider
+                            cannot supply an User Principle Name (UPN). In this
+                            case sssd will try to request a TGT with an UPN
+                            build as ´usern...@realm´.
                         </para>
                         <para>
                             Default: false
-- 
1.6.2.5


_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to