summaryrefslogtreecommitdiffstats
path: root/docs-xml/manpages/winbind_krb5_locator.8.xml
blob: 0af0c2cc95fe77c688de30bf322ede078788f1db (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="winbind_krb5_locator.8">

<refmeta>
	<refentrytitle>winbind_krb5_locator</refentrytitle>
	<manvolnum>8</manvolnum>
	<refmiscinfo class="source">Samba</refmiscinfo>
	<refmiscinfo class="manual">8</refmiscinfo>
	<refmiscinfo class="version">&doc.version;</refmiscinfo>
</refmeta>


<refnamediv>
	<refname>winbind_krb5_locator</refname>
	<refpurpose>A plugin for MIT and Heimdal Kerberos for detecting KDCs using Windows semantics.</refpurpose>
</refnamediv>


<refsect1>
	<title>DESCRIPTION</title>

	<para>
	This plugin is part of the <citerefentry><refentrytitle>samba</refentrytitle>
	<manvolnum>7</manvolnum></citerefentry> suite.
	</para>

	<para>
		<command>winbind_krb5_locator</command> is a plugin that permits MIT and
		Heimdal Kerberos libraries to detect Kerberos Servers (for the KDC and
		kpasswd service) using the same semantics that other tools of the Samba
		suite use. This include site-aware DNS service record lookups and caching
		of closest dc.
		The plugin uses the public locator API provided by most modern Kerberos
		implementations.
	</para>
</refsect1>
<refsect1>
	<title>PREREQUISITES</title>
	<para>
		MIT Kerberos (at least version 1.5) or Heimdal Kerberos (at least version
		1.0) is required.
	</para>

	<para>
		The plugin queries the <citerefentry><refentrytitle>winbindd</refentrytitle>
		<manvolnum>8</manvolnum></citerefentry> daemon which needs to be configured
		and started separately.
	</para>

	<para>
		The <command>winbind_krb5_locator.so</command> file needs to be manually
		copied to the plugin directory of the system Kerberos library.

		For MIT Kerberos this is often:
			<filename>/usr/lib/krb5/plugins/libkrb5/</filename>.
		For Heimdal Kerberos this is often:
			<filename>/usr/lib/plugin/krb5/</filename>.

		Please check your local Kerberos installation for the correct
		paths. No modification in <filename>/etc/krb5.conf</filename>
		is required to enable the use of this plugin.
	</para>
	<para>
		After copying the locator plugin to the appropriate plugin
		directory it should immediately be available for use.
		Users should be able to kinit into their kerberized Windows
		environment without any modification or servers
		being put manually into <filename>/etc/krb5.conf</filename>.
	</para>
</refsect1>

<refsect1>
	<title>VERSION</title>

	<para>
	This man page is part of version &doc.version; of the Samba suite.
	</para>
</refsect1>

<refsect1>
	<title>AUTHOR</title>

	<para>
		The original Samba software and related utilities were created by Andrew
		Tridgell. Samba is now developed by the Samba Team as an Open Source
		project similar to the way the Linux kernel is developed.
	</para>

	<para>
		The winbind_krb5_locator manpage was written by Guenther Deschner.
	</para>
</refsect1>

</refentry>