The Samba-Bugzilla – Attachment 6582 Details for
Bug 8233
missing documentation on 'client use spnego principal
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
The missing docs, from master
0001-s3-docs-Add-documentation-for-client-use-spnego-prin.patch (text/plain), 1.99 KB, created by
Andrew Bartlett
on 2011-06-14 12:21:09 UTC
(
hide
)
Description:
The missing docs, from master
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2011-06-14 12:21:09 UTC
Size:
1.99 KB
patch
obsolete
>From 28124e928ef99dec84a2f6699e6814aa567a34fa Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 14 Jun 2011 22:16:02 +1000 >Subject: [PATCH] s3-docs Add documentation for 'client use spnego principal' > >--- > .../security/clientusepsnegoprincipal.xml | 28 ++++++++++++++++++++ > 1 files changed, 28 insertions(+), 0 deletions(-) > create mode 100644 docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml > >diff --git a/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml b/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml >new file mode 100644 >index 0000000..6ec1eb1 >--- /dev/null >+++ b/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml >@@ -0,0 +1,28 @@ >+<samba:parameter name="client use spnego principal" >+ context="G" >+ type="boolean" >+ advanced="1" developer="1" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para>This parameter determines whether or not >+ <citerefentry><refentrytitle>smbclient</refentrytitle> >+ <manvolnum>8</manvolnum></citerefentry> and other samba components >+ acting as a client will attempt to use the server-supplied >+ principal sometimes given in the SPNEGO exchange.</para> >+ >+ <para>If enabled, Samba can attempt to use Kerberos to contact >+ servers known only by IP address. Kerberos relies on names, so >+ ordinarily cannot function in this situation. </para> >+ >+ <para>If disabled, Samba will use the name used to look up the >+ server when asking the KDC for a ticket. This avoids situations >+ where a server may impersonate another, soliciting authentication >+ as one principal while being known on the network as another. >+ </para> >+ >+ <para>Note that Windows XP SP2 and later versions already follow >+ this behaviour, and Windows Vista and later servers no longer >+ supply this 'rfc4178 hint' principal on the server side.</para> >+</description> >+<value type="default">no</value> >+</samba:parameter> >-- >1.7.5.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6582">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
gd
:
review+
Actions:
View
Attachments on
bug 8233
: 6582