Kerberos: update docs

cbabc0b2 · Valery Sizov · 451a078a · cbabc0b2 · cbabc0b2 · cbabc0b2
Commit cbabc0b2 authored Dec 15, 2014 by Valery Sizov
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 2 deletions

db/schema.rb db/schema.rb +2 -2

doc/integration/README.md doc/integration/README.md +1 -0

doc/integration/kerberos.md doc/integration/kerberos.md +16 -0

No files found.
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -262,9 +262,9 @@ ActiveRecord::Schema.define(version: 20141205134006) do
    t.datetime "updated_at"
    t.string   "type"
    t.string   "description", default: "", null: false
+    t.string   "avatar"
    t.string   "ldap_cn"
    t.integer  "ldap_access"
-    t.string   "avatar"
  end

  add_index "namespaces", ["name"], name: "index_namespaces_on_name", using: :btree
@@ -325,8 +325,8 @@ ActiveRecord::Schema.define(version: 20141205134006) do
    t.boolean  "archived",                      default: false,    null: false
    t.string   "import_status"
    t.float    "repository_size",               default: 0.0
-    t.text     "merge_requests_template"
    t.integer  "star_count",                    default: 0,        null: false
+    t.text     "merge_requests_template"
    t.boolean  "merge_requests_rebase_enabled", default: false
  end


--- a/doc/integration/README.md
+++ b/doc/integration/README.md
@@ -10,6 +10,7 @@ See the documentation below for details on how to configure these services.
 - [OmniAuth](omniauth.md) Sign in via Twitter, GitHub, and Google via OAuth.
 - [Jenkins](jenkins.md) Integrate with the Jenkins CI
 - [Slack](slack.md) Integrate with the Slack chat service
+- [Kerberos](kerberos.md) Integrate with the Slack chat service

 ## Project services


--- a/doc/integration/kerberos.md
+++ b/doc/integration/kerberos.md
+# Kerberos integration
+
+GitLab can be configured to allow your users to sign with their Kerberos credentials.
+Kerberos integration can be enabled as a regular omniauth provider, edit [gitlab.rb (omnibus-gitlab)`](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md#omniauth-google-twitter-github-login) or [gitlab.yml (source installations)](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example) on your GitLab server and restart GitLab. You only need to specify the provider name. For example:
+
+```
+{ name: 'kerberos'}
+```
+
+You still need to configure your system for Kerberos usage, such as specifying realms. GitLab will make use of the system's Kerberos settings.
+
+The first time a user signs in with Kerberos credentials, GitLab will create a new GitLab user associated with the email, which is built from the kerberos username and realm. This also means that the system realm you want to use and the email addresses of existing GitLab users should match, meaning the domain part of the email addresses and the realm should match. Existing GitLab users can go to profile > account and attach a Kerberos account. If the email and realm match, the Kerberos account will be linked to the user.
+
+## HTTP git access
+
+A linked Kerberos account enables you to `git pull` and `git push` using your Kerberos account, as well as your standard GitLab credentials.
\ No newline at end of file