From ecc93009c2b75d9ced6534f8a7b553aa1523aa56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Tue, 3 May 2005 16:41:06 +0000
Subject: [PATCH] more text about usage

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15071 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kcm/kcm.8 | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/kcm/kcm.8 b/kcm/kcm.8
index 37e97f917..72ee40819 100644
--- a/kcm/kcm.8
+++ b/kcm/kcm.8
@@ -99,6 +99,21 @@ stanza [libdefaults]default_cc_name to KCM:${uid} and make sure
 .Nm kcm
 is started in the system startup files.
 .Pp
+The
+.Nm
+daemon can hold the credentials for all users in the system.  Access
+control is done with Unix like permissions.  The daemon check the
+access on all operations based on the uid and gid of the user.  The
+ticket are are are renewed as long as it permitted by the KDC's
+policy.
+.Pp
+The
+.Nm
+daemon can also keep an SYSTEM credential that server processes can
+use to access services.  One example of usage might be an nss_ldap
+module that quickly needs to get credential and doesn't want to renew
+the ticket themself. 
+.Pp
 Supported options:
 .Bl -tag -width Ds
 .It Xo