Document that defer_pwchange doesn't work with Heimdal

author Russ Allbery <eagle@eyrie.org>

Sun, 29 Nov 2015 01:34:50 +0000 (17:34 -0800)

committer Russ Allbery <eagle@eyrie.org>

Sun, 29 Nov 2015 01:34:50 +0000 (17:34 -0800)
author Russ Allbery <eagle@eyrie.org>
Sun, 29 Nov 2015 01:34:50 +0000 (17:34 -0800)
committer Russ Allbery <eagle@eyrie.org>
Sun, 29 Nov 2015 01:34:50 +0000 (17:34 -0800)
diff --git a/pam_krb5.pod b/pam_krb5.pod

index 49fa23a1a883a9baf8cf8527637c51f01dc9a934..debb498e0ea08261224ae778aa9f036c28408e1d 100644 (file)
--- a/pam_krb5.pod
+++ b/pam_krb5.pod
@@ -528,6 +528,11 @@ support prompting for password changes during authentication), and then
  only for specific applications known to call pam_acct_mgmt() and check its
  return status properly.
  
+This option is only supported when pam-krb5 is built with MIT Kerberos.
+If built against Heimdal, this option does nothing and normal expired
+password change handling still happens.  (Heimdal is missing the required
+API to implement this option, at least as of version 1.6.)
+
  This option can be set in F<krb5.conf> and is only applicable to the auth
  group.
author	Russ Allbery <eagle@eyrie.org>
	Sun, 29 Nov 2015 01:34:50 +0000 (17:34 -0800)
committer	Russ Allbery <eagle@eyrie.org>
	Sun, 29 Nov 2015 01:34:50 +0000 (17:34 -0800)