netcmd: auth policy: document allowed to authenticate from silo and to by silo attributes

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml
index 9baa605fc16558e16cb19214fa47d33f5a90a505..e96ee4fc048b237530279f70c0b2d22edc502943 100644 (file)
--- a/docs-xml/manpages/samba-tool.8.xml
+++ b/docs-xml/manpages/samba-tool.8.xml
@@ -742,6 +742,18 @@
                                </para>
                        </listitem>
                </varlistentry>
+               <varlistentry>
+                       <term>--user-allowed-to-authenticate-from-silo</term>
+                       <listitem>
+                               <para>
+                                       User is allowed to authenticate from a given silo.
+                               </para>
+                               <para>
+                                       This attribute avoids the need to write SDDL by hand and
+                                       cannot be used with --user-allowed-to-authenticate-from
+                               </para>
+                       </listitem>
+               </varlistentry>
                <varlistentry>
                        <term>--user-allowed-to-authenticate-to</term>
                        <listitem>
@@ -756,6 +768,18 @@
                                </para>
                        </listitem>
                </varlistentry>
+               <varlistentry>
+                       <term>--user-allowed-to-authenticate-to-by-silo</term>
+                       <listitem>
+                               <para>
+                                       User is allowed to authenticate to by a given silo.
+                               </para>
+                               <para>
+                                       This attribute avoids the need to write SDDL by hand and
+                                       cannot be used with --user-allowed-to-authenticate-to
+                               </para>
+                       </listitem>
+               </varlistentry>
                <varlistentry>
                        <term>--service-tgt-lifetime-mins</term>
                        <listitem>
@@ -787,6 +811,18 @@
                                </para>
                        </listitem>
                </varlistentry>
+               <varlistentry>
+                       <term>--service-allowed-to-authenticate-from-silo</term>
+                       <listitem>
+                               <para>
+                                       Service is allowed to authenticate from a given silo.
+                               </para>
+                               <para>
+                                       This attribute avoids the need to write SDDL by hand and
+                                       cannot be used with --service-allowed-to-authenticate-from
+                               </para>
+                       </listitem>
+               </varlistentry>
                <varlistentry>
                        <term>--service-allowed-to-authenticate-to</term>
                        <listitem>
@@ -801,6 +837,18 @@
                                </para>
                        </listitem>
                </varlistentry>
+               <varlistentry>
+                       <term>--service-allowed-to-authenticate-to-by-silo</term>
+                       <listitem>
+                               <para>
+                                       Service is allowed to authenticate to by a given silo.
+                               </para>
+                               <para>
+                                       This attribute avoids the need to write SDDL by hand and
+                                       cannot be used with --service-allowed-to-authenticate-to
+                               </para>
+                       </listitem>
+               </varlistentry>
                <varlistentry>
                        <term>--computer-tgt-lifetime-mins</term>
                        <listitem>
@@ -823,6 +871,18 @@
                                </para>
                        </listitem>
                </varlistentry>
+               <varlistentry>
+                       <term>--computer-allowed-to-authenticate-to-by-silo</term>
+                       <listitem>
+                               <para>
+                                       Computer is allowed to authenticate to by a given silo.
+                               </para>
+                               <para>
+                                       This attribute avoids the need to write SDDL by hand and
+                                       cannot be used with --computer-allowed-to-authenticate-to
+                               </para>
+                       </listitem>
+               </varlistentry>
        </variablelist>
 </refsect3>