Document preauth krb5.conf options in rst docs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25002 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/doc/rst_source/krb_admins/conf_files/krb5_conf.rst b/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
index 2627346439f97975b077e85bb08e9df9836fd2e7..f7f7246f4a486e4718098f95d7c6a3a16bd121a3 100644 (file)
--- a/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
+++ b/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
@@ -420,6 +420,7 @@ Plugins
 
     * pwqual interface
     * kadm5_hook interface
+    * clpreauth and kdcpreauth interfaces
 
 Tags in the **[plugins]** section can be used to register dynamic plugin modules and to turn modules on and off. Not every krb5 pluggable interface uses the [plugins] section; the ones that do are documented here.
 
@@ -455,6 +456,16 @@ kadm5_hook interface
 
 The kadm5_hook interface provides plugins with information on principal creation, modification, password changes and deletion. This interface can be used to write a plugin to synchronize MIT Kerberos with another database such as Active Directory. No plugins are built in for this interface.
 
+clpreauth and kdcpreauth interfaces
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The clpreauth and kdcpreauth interfaces allow plugin modules to provide client and KDC preauthentication mechanisms.  The following built-in modules exist for these interfaces:
+
+pkinit
+    This module implements the PKINIT preauthentication mechanism.
+encrypted_challenge
+    This module implements the encrypted challenge FAST factor.
+
 PKINIT options
 -----------------