- dtucker@cvs.openbsd.org 2004/03/08 10:18:57

[sshd_config.5]
     Document KerberosGetAFSToken;  ok markus@

ChangeLog

@@ -27,6 +27,9 @@
      [ssh-keyscan.c]
      explicitly initialise remote_major and remote_minor.
      from cjwatson AT debian.org; ok markus@
+   - dtucker@cvs.openbsd.org 2004/03/08 10:18:57
+     [sshd_config.5]
+     Document KerberosGetAFSToken;  ok markus@
 
 20040307
  - (tim) [regress/login-timeout.sh] fix building outside of source tree.
@@ -887,4 +890,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3284 2004/03/08 12:13:00 djm Exp $
+$Id: ChangeLog,v 1.3285 2004/03/08 12:13:15 djm Exp $

sshd_config.5

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.28 2004/02/17 19:35:21 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.29 2004/03/08 10:18:57 dtucker Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -300,6 +300,11 @@ To use this option, the server needs a
 Kerberos servtab which allows the verification of the KDC's identity.
 Default is
 .Dq no .
+.It Cm KerberosGetAFSToken
+If AFS is active and the user has a Kerberos 5 TGT, attempt to aquire
+an AFS token before accessing the user's home directory.
+Default is
+.Dq no .
 .It Cm KerberosOrLocalPasswd
 If set then if password authentication through Kerberos fails then
 the password will be validated via any additional local mechanism