From 7eb9b46f5b9b1c956b456376108bc5a41b19343f Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Mon, 1 Jun 2015 20:12:37 -0500
Subject: [PATCH] Document HDB backends

---
 doc/Makefile.am      |  1 +
 doc/NTMakefile       |  1 +
 doc/setup.texi       | 22 ++++++++++++++++++++++
 doc/vars.tin         |  1 +
 lib/krb5/krb5.conf.5 |  6 ++++--
 5 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/doc/Makefile.am b/doc/Makefile.am
index ab8eca4f1..bf301c40e 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -55,6 +55,7 @@ wind.dxy: wind.din Makefile
 	mv wind.dxy.tmp wind.dxy
 
 texi_subst = sed -e 's,[@]dbdir[@],$(localstatedir),g' \
+	-e 's,[@]dbtype[@],$(db_type),g' \
 	-e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g'
 
 vars.texi: vars.tin Makefile
diff --git a/doc/NTMakefile b/doc/NTMakefile
index f67f7efe2..d7ed28e40 100644
--- a/doc/NTMakefile
+++ b/doc/NTMakefile
@@ -57,6 +57,7 @@ hx509_TEXINFOS = \
 
 {}.tin{$(OBJ)}.texi:
 	$(SED) -e "s,[@]dbdir[@],x,g"	\
+	-e "s,[@]db_type[@],$(db_type),g" < $** > $@ \
 	-e "s,[@]PACKAGE_VERSION[@],$(VER_PACKAGE_VERSION),g" < $** > $@
 
 MAKEINFOFLAGS = --css-include=$(SRCDIR)/heimdal.css
diff --git a/doc/setup.texi b/doc/setup.texi
index eeddf9a7c..4caf752fc 100644
--- a/doc/setup.texi
+++ b/doc/setup.texi
@@ -123,8 +123,30 @@ Make sure the directory has restrictive permissions.
 
 @example
 # mkdir /var/heimdal
+# chmod og-rwx /var/heimdal
 @end example
 
+Heimdal supports various database backends: lmdb (LMDB), db3 (Berkeley
+DB 3.x, 4.x, or 5.x), db1 (Berkeley DB 2.x), sqlite (SQLite3), and ldap
+(LDAP).  The default is @value{dbtype}, and is selected at build time
+from one of lmdb, db3, or db1.
+
+These defaults can be overriden in the 'database' key in the @samp{kdc}
+section of the configuration.
+
+@example
+[kdc]
+        database = @{
+                dbname = lmdb:/path/to/db-file
+                realm = REALM
+                acl_file = /path/to/kadmind.acl
+                mkey_file = /path/to/mkey
+                log_file = /path/to/iprop-log-file
+        @}
+@end example
+
+To use LDAP, see @xref{Using LDAP to store the database}.
+
 The keys of all the principals are stored in the database.  If you
 choose to, these can be encrypted with a master key.  You do not have to
 remember this key (or password), but just to enter it once and it will
diff --git a/doc/vars.tin b/doc/vars.tin
index d3e67b7d4..0907397db 100644
--- a/doc/vars.tin
+++ b/doc/vars.tin
@@ -4,4 +4,5 @@
 @c
 
 @set dbdir @dbdir@
+@set dbtype @dbtype@
 @set PACKAGE_VERSION @PACKAGE_VERSION@
diff --git a/lib/krb5/krb5.conf.5 b/lib/krb5/krb5.conf.5
index 1bf95fb26..9586dbc0a 100644
--- a/lib/krb5/krb5.conf.5
+++ b/lib/krb5/krb5.conf.5
@@ -551,8 +551,10 @@ manual page for a list of defined destinations.
 .Bl -tag -width "xxx" -offset indent
 .It Li database Li = {
 .Bl -tag -width "xxx" -offset indent
-.It Li dbname Li = Va DATABASENAME
-Use this database for this realm.
+.It Li dbname Li = Va [DATBASETYPE:]DATABASENAME
+Use this database for this realm.  The
+.Va DATABASETYPE
+should be one of 'lmdb', 'db3', 'db1', 'db', 'sqlite', or 'ldap'.
 See the info documetation how to configure different database backends.
 .It Li realm Li = Va REALM
 Specifies the realm that will be stored in this database.