blob: ad35dcf3acacb298aef9a9914f5b5e062cdf3d70 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
<samba:parameter name="client use kerberos"
context="G"
type="enum"
function="_client_use_kerberos"
enumlist="enum_use_kerberos_vals"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
This parameter determines whether Samba client tools will try
to authenticate using Kerberos. For Kerberos authentication you
need to use dns names instead of IP addresses when connecting
to a service.
</para>
<para>Possible option settings are:</para>
<itemizedlist>
<listitem>
<para>
<emphasis>desired</emphasis> - Kerberos
authentication will be tried first and if it fails it
automatically fallback to NTLM.
</para>
</listitem>
<listitem>
<para>
<emphasis>required</emphasis> - Kerberos
authentication will be required. There will be no
falllback to NTLM or a different alternative.
</para>
</listitem>
<listitem>
<para>
<emphasis>off</emphasis> - Don't use
Kerberos, use NTLM instead or another
alternative.
</para>
</listitem>
</itemizedlist>
<para>
In case that weak cryptography is not allowed (e.g. FIPS mode)
the default will be forced to <emphasis>required</emphasis>.
</para>
</description>
<value type="default">desired</value>
</samba:parameter>
|