pam_winbind: update documentation for "DIR" krb5ccname pragma.

Guenther Signed-off-by: Günther Deschner <[email protected]> Reviewed-by: Jeremy Allison <[email protected]> Autobuild-User(master): Jeremy Allison <[email protected]> Autobuild-Date(master): Wed Jul 24 02:43:10 CEST 2013 on sn-devel-104
qaz1045692166 · Jul 24, 2013 · 9adfe82 · 9adfe82
1 parent 7ad3a36
commit 9adfe82
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 11 deletions.
diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml
@@ -106,16 +106,35 @@
 		<term>krb5_ccache_type = [type]</term>
 		<listitem><para>
 
-		When pam_winbind is configured to try kerberos authentication
-		by enabling the <parameter>krb5_auth</parameter> option, it can
-		store the retrieved Ticket Granting Ticket (TGT) in a
-		credential cache. The type of credential cache can be set with
-		this option. Currently the only supported value is:
-		<parameter>FILE</parameter>. In that case a credential cache in
-		the form of /tmp/krb5cc_UID will be created, where UID is
-		replaced with the numeric user id.  Leave empty to just do
-		kerberos authentication without having a ticket cache after the
-		logon has succeeded. This setting is empty by default.
+		When pam_winbind is configured to try kerberos authentication by
+		enabling the <parameter>krb5_auth</parameter> option, it can
+		store the retrieved Ticket Granting Ticket (TGT) in a credential
+		cache. The type of credential cache can be controlled with this
+		option.  The supported values are: <parameter>FILE</parameter>
+		and <parameter>DIR</parameter> (when the DIR type is supported
+		by the system's Kerberos library). In case of FILE a credential
+		cache in the form of /tmp/krb5cc_UID will be created -  in case
+		of DIR it will be located under the /run/user/UID/krb5cc
+		directory.  UID is replaced with the numeric user id.</para>
+
+		<para>It is also possible to define custom filepaths and use the "%u"
+		pattern in order to substitue the numeric user id.
+		Examples:</para>
+
+		<variablelist>
+			<varlistentry>
+				<term>krb5_ccache_type = DIR:/run/user/%u/krb5cc</term>
+					<listitem><para>This will create a credential cache file in the specified directory.</para></listitem>
+			</varlistentry>
+			<varlistentry>
+				<term>krb5_ccache_type = FILE:/tmp/krb5cc_%u</term>
+					<listitem><para>This will create a credential cache file.</para></listitem>
+			</varlistentry>
+		</variablelist>
+
+		<para> Leave empty to just do kerberos authentication without
+			having a ticket cache after the logon has succeeded.
+			This setting is empty by default.
 
 		</para></listitem>
 		</varlistentry>

diff --git a/examples/pam_winbind/pam_winbind.conf b/examples/pam_winbind/pam_winbind.conf
@@ -3,6 +3,7 @@
 #
 # /etc/security/pam_winbind.conf
 #
+# For more details see man pam_winbind.conf(5)
 
 [global]
 
@@ -19,7 +20,7 @@
 # authenticate using kerberos
 ;krb5_auth = no
 
-# when using kerberos, request a "FILE" krb5 credential cache type
+# when using kerberos, request a "FILE" or "DIR" krb5 credential cache type
 # (leave empty to just do krb5 authentication but not have a ticket
 # afterwards)
 ;krb5_ccache_type =