summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorChris St. Pierre <chris.a.st.pierre@gmail.com>2013-02-07 10:01:16 -0500
committerChris St. Pierre <chris.a.st.pierre@gmail.com>2013-02-14 14:56:33 -0500
commitb8ebd636ac3a5e2919b3e62041019f26acb1e2c0 (patch)
treebf0f06592d0c5d635828ad4536ff86421c1a5a90 /doc
parentff0048a3a26c9076c8052a8c7be171e4364f0d09 (diff)
downloadbcfg2-b8ebd636ac3a5e2919b3e62041019f26acb1e2c0.tar.gz
bcfg2-b8ebd636ac3a5e2919b3e62041019f26acb1e2c0.tar.bz2
bcfg2-b8ebd636ac3a5e2919b3e62041019f26acb1e2c0.zip
Metadata: allowed setting global default authentication type
Diffstat (limited to 'doc')
-rw-r--r--doc/appendix/guides/authentication.txt33
-rw-r--r--doc/server/plugins/grouping/metadata.txt4
2 files changed, 25 insertions, 12 deletions
diff --git a/doc/appendix/guides/authentication.txt b/doc/appendix/guides/authentication.txt
index 3fd0e1e2d..b8ec82590 100644
--- a/doc/appendix/guides/authentication.txt
+++ b/doc/appendix/guides/authentication.txt
@@ -132,13 +132,26 @@ controlled through the use of the auth attribute in
Allowed values are:
- +---------------+------------------------------------------+
- | **Auth Type** | **Meaning** |
- +===============+==========================================+
- | cert | Certificates must be used |
- +---------------+------------------------------------------+
- | cert+password | Certificate or password may be used |
- +---------------+------------------------------------------+
- | bootstrap | Password can be used for one client run, |
- | | after that certificate is required |
- +---------------+------------------------------------------+
++-------------------+------------------------------------------+
+| Auth Type | Meaning |
++===================+==========================================+
+| ``cert`` | Certificates must be used |
++-------------------+------------------------------------------+
+| ``cert+password`` | Certificate or password may be used. If |
+| | a certificate is used, the password must |
+| | also be used. |
++-------------------+------------------------------------------+
+| ``bootstrap`` | Password can be used for one client run, |
+| | after that only certificate is allowed |
++-------------------+------------------------------------------+
+
+``cert+password`` is the default. This can be changed by setting the
+``authentication`` parameter in the ``[communcation]`` section of
+``bcfg2.conf``. For instance, to set ``bootstrap`` mode as the global
+default, you would add the following to ``bcfg2.conf``::
+
+ [communication]
+ authentication = bootstrap
+
+``bootstrap`` mode is currently incompatible with the
+:ref:`server-plugins-grouping-metadata-clients-database`.
diff --git a/doc/server/plugins/grouping/metadata.txt b/doc/server/plugins/grouping/metadata.txt
index 11b3d5496..f4c5cbcb3 100644
--- a/doc/server/plugins/grouping/metadata.txt
+++ b/doc/server/plugins/grouping/metadata.txt
@@ -32,7 +32,7 @@ clients.xml
===========
The ``clients.xml`` file contains the mappings of Profile Groups
-to clients. The file is just a series of *<Client />* tags, each of which
+to clients. The file is just a series of ``<Client />`` tags, each of which
describe one host. A sample file is below:
.. code-block:: xml
@@ -43,7 +43,7 @@ describe one host. A sample file is below:
<Client profile="kerberos-master" name="kdc.example.com"/>
<Client profile="mail-server" name="mail.example.com"/>
<Client name='foo' address='10.0.0.1'>
- <Alias name='foo-mgmt' address='10.1.0.1'/>
+ <Alias name='foo-mgmt' address='10.1.0.1'/>
</Client>
</Clients>