Document HDB backends

doc/Makefile.am

@@ -55,6 +55,7 @@ wind.dxy: wind.din Makefile
 	mv wind.dxy.tmp wind.dxy
 
 texi_subst = sed -e 's,[@]dbdir[@],$(localstatedir),g' \
+	-e 's,[@]dbtype[@],$(db_type),g' \
 	-e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g'
 
 vars.texi: vars.tin Makefile

doc/NTMakefile

@@ -57,6 +57,7 @@ hx509_TEXINFOS = \
 
 {}.tin{$(OBJ)}.texi:
 	$(SED) -e "s,[@]dbdir[@],x,g"	\
+	-e "s,[@]db_type[@],$(db_type),g" < $** > $@ \
 	-e "s,[@]PACKAGE_VERSION[@],$(VER_PACKAGE_VERSION),g" < $** > $@
 
 MAKEINFOFLAGS = --css-include=$(SRCDIR)/heimdal.css

doc/setup.texi

@@ -123,8 +123,30 @@ Make sure the directory has restrictive permissions.
 
 @example
 # mkdir /var/heimdal
+# chmod og-rwx /var/heimdal
 @end example
 
+Heimdal supports various database backends: lmdb (LMDB), db3 (Berkeley
+DB 3.x, 4.x, or 5.x), db1 (Berkeley DB 2.x), sqlite (SQLite3), and ldap
+(LDAP).  The default is @value{dbtype}, and is selected at build time
+from one of lmdb, db3, or db1.
+
+These defaults can be overriden in the 'database' key in the @samp{kdc}
+section of the configuration.
+
+@example
+[kdc]
+        database = @{
+                dbname = lmdb:/path/to/db-file
+                realm = REALM
+                acl_file = /path/to/kadmind.acl
+                mkey_file = /path/to/mkey
+                log_file = /path/to/iprop-log-file
+        @}
+@end example
+
+To use LDAP, see @xref{Using LDAP to store the database}.
+
 The keys of all the principals are stored in the database.  If you
 choose to, these can be encrypted with a master key.  You do not have to
 remember this key (or password), but just to enter it once and it will

doc/vars.tin

@@ -4,4 +4,5 @@
 @c
 
 @set dbdir @dbdir@
+@set dbtype @dbtype@
 @set PACKAGE_VERSION @PACKAGE_VERSION@