summaryrefslogtreecommitdiffstats
path: root/docs-xml/smbdotconf/security/clientusekerberos.xml
blob: ad35dcf3acacb298aef9a9914f5b5e062cdf3d70 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
<samba:parameter name="client use kerberos"
                 context="G"
                 type="enum"
                 function="_client_use_kerberos"
                 enumlist="enum_use_kerberos_vals"
                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
	<para>
		This parameter determines whether Samba client tools will try
		to authenticate using Kerberos. For Kerberos authentication you
		need to use dns names instead of IP addresses when connecting
		to a service.
	</para>

	<para>Possible option settings are:</para>
	<itemizedlist>
		<listitem>
			<para>
				<emphasis>desired</emphasis> - Kerberos
				authentication will be tried first and if it fails it
				automatically fallback to NTLM.
			</para>
		</listitem>

		<listitem>
			<para>
				<emphasis>required</emphasis> - Kerberos
				authentication will be required. There will be no
				falllback to NTLM or a different alternative.
			</para>
		</listitem>

		<listitem>
			<para>
				<emphasis>off</emphasis> - Don't use
				Kerberos, use NTLM instead or another
				alternative.
			</para>
		</listitem>
	</itemizedlist>

	<para>
		In case that weak cryptography is not allowed (e.g. FIPS mode)
		the default will be forced to <emphasis>required</emphasis>.
	</para>
</description>

<value type="default">desired</value>
</samba:parameter>