On Wed, Oct 10, 2012 at 05:16:29PM +0200, Ondrej Kos wrote:
On 10/09/2012 07:27 PM, Jakub Hrozek wrote:
>On Tue, Oct 09, 2012 at 12:41:43PM +0200, Ondrej Kos wrote:
>>diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml
>>index
f4fd1cb73941e23d8e39d234bf8fd2ae8ae54554..4d5062ba450203ba6c8722e8b178d7a3a7f5a70b 100644
>>--- a/src/man/sssd-krb5.5.xml
>>+++ b/src/man/sssd-krb5.5.xml
>>@@ -231,7 +231,14 @@
>> <term>krb5_validate (boolean)</term>
>> <listitem>
>> <para>
>
>Some parts of the paragraph don't sound like proper English to me. Can
>you check them with some native English speaker before I push them. In
>particular:
>
>>- Verify with the help of krb5_keytab that the TGT
obtained has not been spoofed.
>>+ Verify with the help of krb5_keytab that the TGT
>>+ obtained has not been spoofed. The keytab is checked
for
>>+ entries from top to bottom, and the first entry with
matching
>
> what about "checked for entries
sequentially" ?
>
>>+ realm is used for validation. If there's no
entry with
>>+ corresponding realm found in the keytab, the last
one is used.
>
> "If no entry matches, the last one is used" ?
>
>>+ This can be utilized to achieve validation in
enviroments
>>+ with cross-realm trust by placing appropriate keytab
entry
>>+ as the last one or the only one.
>> </para>
>> <para>
>> Default: false
>
>_______________________________________________
>sssd-devel mailing list
>sssd-devel(a)lists.fedorahosted.org
>https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
>
new patch reviewed and attached.
O.
Sounds good to me now, ack