[prev in list] [next in list] [prev in thread] [next in thread]
List: sssd-devel
Subject: [SSSD] [PATCH] extend sssd-krb5 man page
From: sgallagh () redhat ! com (Stephen Gallagher)
Date: 2009-09-25 13:40:49
Message-ID: 4ABCC861.5050509 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/25/2009 09:09 AM, Sumit Bose wrote:
> Hi,
>
> this patch to the sssd-krb5 man page should clarify how the krb5
> provider will find the right UPN.
>
> This hopefully fixes #204.
>
> Please fell free to correct any grammar or spelling mistakes.
>
> bye,
> Sumit
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> sssd-devel mailing list
> sssd-devel at lists.fedorahosted.org
> https://fedorahosted.org/mailman/listinfo/sssd-devel
Just a few minor nitpicks.
1) Please rebase atop the current master.
I'd rewrite the following paragraph:
The Kerberos 5 authentication backend does not contain an identity
provider. But some useful information can only be delivered by an
identity provider, e.g. the User's Principle Name (UPN). If the
identity provider knows the UPN, e.g. this is the case in Active
Directory or FreeIPA domains, it can be saved in
<command>sssd's</command> internal cache and used by the Kerberos 5
authentication backend. Please refer to the man page of the used
identity provider to see how to configure this.
as
The Kerberos 5 authentication backend does not contain an identity
provider and must be paired with one in order to function properly (for
example, id_provider = ldap). Some information required by the Kerberos
5 authentication backend must be provider by the identity provider, such
as the user's Kerberos Principal Name (UPN). The configuration of the
identity provider should have an entry to specify the UPN. Please refer
to the man page for the applicable identity provider for details on how
to configure this.
Under krb5try_simple_upn, please change "an User Principal Name" to "a
User Principal Name". I'd also recommend that the last sentence read:
"In this case, SSSD will construct a UPN using the format
<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>"
- --
Stephen Gallagher
RHCE 804006346421761
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkq8yFsACgkQeiVVYja6o6PWIACgrxOwrPZkSx3WQ4t/ofWojZkA
AAcAoIFi5+PvcZTz6Ws9XmVaLszcBc9B
=1p3k
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic