rxkad-v5-dot-check-20080122

[openafs.git] / doc / man-pages / pod8 / fileserver.pod

diff --git a/doc/man-pages/pod8/fileserver.pod b/doc/man-pages/pod8/fileserver.pod
index 6199cb1..50f3463 100644 (file)
--- a/doc/man-pages/pod8/fileserver.pod
+++ b/doc/man-pages/pod8/fileserver.pod
@@ -20,6 +20,7 @@ B<fileserver> S<<< [B<-auditlog> <I<path to log file>>] >>>
     S<<< [B<-busyat> <I<< redirect clients when queue > n >>>] >>>
     [B<-nobusy>] S<<< [B<-rxpck> <I<number of rx extra packets>>] >>>
     [B<-rxdbg>] [B<-rxdbge>] S<<< [B<-rxmaxmtu> <I<bytes>>] >>>
+    [B<-allow-dotted-principal>]
     S<<< [B<-rxbind> <I<address to bind the Rx socket to>>] >>>
     S<<< [B<-vattachpar> <I<number of volume attach threads>>] >>>
     S<<< [B<-m> <I<min percentage spare in partition>>] >>>
@@ -351,6 +352,15 @@ F</usr/afs/logs/rx_dbg>.
 Writes a trace of the File Server's operations on Rx events (such as
 retransmissions) to the file F</usr/afs/logs/rx_dbg>.
 
+=item B<-allow-dotted-principal>
+
+By default, the RXKAD security layer will disallow access by Kerberos
+principals with a dot in the first component of their name. This is to avoid
+the confusion where principals user/admin and user.admin are both mapped to the
+user.admin PTS entry. Sites whose Kerberos realms don't have these collisions 
+between principal names may disable this check by starting the server
+with this option.
+
 =item F<-m> <I<min percentage spare in partition>>
 
 Specifies the percentage of each AFS server partition that the AIX version