Line | |
---|
1 | <samba:parameter name="kerberos method" context="G" type="enum"
|
---|
2 | advanced="1" developer="1"
|
---|
3 | xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
---|
4 | <description>
|
---|
5 | <para>
|
---|
6 | Controls how kerberos tickets are verified.
|
---|
7 | </para>
|
---|
8 |
|
---|
9 | <para>Valid options are:</para>
|
---|
10 | <itemizedlist>
|
---|
11 | <listitem><para>secrets only - use only the secrets.tdb for
|
---|
12 | ticket verification (default)</para></listitem>
|
---|
13 |
|
---|
14 | <listitem><para>system keytab - use only the system keytab
|
---|
15 | for ticket verification</para></listitem>
|
---|
16 |
|
---|
17 | <listitem><para>dedicated keytab - use a dedicated keytab
|
---|
18 | for ticket verification</para></listitem>
|
---|
19 |
|
---|
20 | <listitem><para>secrets and keytab - use the secrets.tdb
|
---|
21 | first, then the system keytab</para></listitem>
|
---|
22 | </itemizedlist>
|
---|
23 |
|
---|
24 | <para>
|
---|
25 | The major difference between "system keytab" and "dedicated
|
---|
26 | keytab" is that the latter method relies on kerberos to find the
|
---|
27 | correct keytab entry instead of filtering based on expected
|
---|
28 | principals.
|
---|
29 | </para>
|
---|
30 |
|
---|
31 | <para>
|
---|
32 | When the kerberos method is in "dedicated keytab" mode,
|
---|
33 | <smbconfoption name="dedicated keytab file"/> must be set to
|
---|
34 | specify the location of the keytab file.
|
---|
35 | </para>
|
---|
36 | </description>
|
---|
37 | <related>dedicated keytab file</related>
|
---|
38 | <value type="default">secrets only</value>
|
---|
39 | </samba:parameter>
|
---|
Note:
See
TracBrowser
for help on using the repository browser.