diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index 47f18726..346431ce 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -2164,8 +2164,8 @@ Have fun!
Heimdal Kerberos (LAM Pro)
You can manage your Heimdal Kerberos accounts with LAM Pro.
- Please add the user module "Heimdal Kerberos" to activate this
- feature.
+ Please add the user module "Kerberos (heimdalKerberos)" to activate
+ this feature.
Setup password changing
@@ -2207,6 +2207,67 @@ Have fun!
+
+ MIT Kerberos (LAM Pro)
+
+ You can manage your MIT Kerberos accounts with LAM Pro. Please
+ add the user module "Kerberos (mitKerberos)" to activate this feature.
+ If you want to manage entries based on the structural object class
+ "krbPrincipal" please use "Kerberos (mitKerberosStructural)"
+ instead.
+
+ Setup password changing
+
+ LAM Pro cannot generate the password hashes itself because MIT
+ uses a propietary format for them. Therefore, LAM Pro needs to call
+ kadmin/kadmin.local to set the password.
+
+ LAM will add "-q 'cpw -pw PASSWORD PRINCIPAL'" to the command to
+ set the password. Please use keytab authentication for this command
+ since it must run without any interaction.
+
+ Keytabs may be created with the "ktutil" application.
+
+ Security hint: Please secure your LAM Pro server since the new
+ passwords will be visible for a short term in the process list during
+ password change.
+
+ Example commands:
+
+
+
+ /usr/sbin/kadmin -k -t /home/www-data/apache.keytab -p
+ realm/changepwd
+
+
+
+ sudo /usr/sbin/kadmin.local
+
+
+
+
+
+
+
+
+
+
+
+ User management
+
+ You can specify the principal/user name, ticket lifetimes and
+ expiration dates. Additionally, you can set various account
+ options.
+
+
+
+
+
+
+
+
+
+
Mail routing
@@ -5673,6 +5734,24 @@ Run slapindex to rebuild the index.
This account type is only available in LAM Pro.
+
+
+
+
+
+
+
+ MIT Kerberos
+
+ krbPrincipal, krbPrincipalAux, krbTicketPolicyAux
+
+ kerberos.schema
+
+ Part of MIT Kerberos installation
+
+ This account type is only available in LAM Pro.
+
+
@@ -6228,7 +6307,7 @@ Run slapindex to rebuild the index.
slapd.d: In /etc/ldap/slapd.d/cn=config.ldif please change the
attribute "olcLogLevel" to "Stats". Please add a line "olcLogLevel:
- Stats" if the attribute is missing.
+ Stats" if the attribute is missing.
diff --git a/lam/docs/manual-sources/images/mod_mitKerberos1.png b/lam/docs/manual-sources/images/mod_mitKerberos1.png
new file mode 100644
index 00000000..49acdbe6
Binary files /dev/null and b/lam/docs/manual-sources/images/mod_mitKerberos1.png differ
diff --git a/lam/docs/manual-sources/images/mod_mitKerberos2.png b/lam/docs/manual-sources/images/mod_mitKerberos2.png
new file mode 100644
index 00000000..6edb235a
Binary files /dev/null and b/lam/docs/manual-sources/images/mod_mitKerberos2.png differ
diff --git a/lam/docs/manual-sources/images/schema_mitKerberos.png b/lam/docs/manual-sources/images/schema_mitKerberos.png
new file mode 100644
index 00000000..f45a7790
Binary files /dev/null and b/lam/docs/manual-sources/images/schema_mitKerberos.png differ