1 files changed, 16 insertions, 2 deletions

diff --git a/lib/libpam/modules/pam_krb5/pam_krb5.8 b/lib/libpam/modules/pam_krb5/pam_krb5.8
index bd7ac5b9ca0c..b59fdbdee9c4 100644
--- a/lib/libpam/modules/pam_krb5/pam_krb5.8
+++ b/lib/libpam/modules/pam_krb5/pam_krb5.8
@@ -1,6 +1,5 @@
 .\"
 .\" $Id: pam_krb5.5,v 1.5 2000/01/05 00:59:56 fcusack Exp $
-.\" $FreeBSD$
 .Dd May 3, 2010
 .Dt PAM_KRB5 8
 .Os
@@ -108,6 +107,21 @@ and
 .Ql %p ,
 to designate the current process ID; can be used in
 .Ar name .
+.It Cm allow_kdc_spoof
+Allow
+.Nm
+to succeed even if there is no host or service key available in a
+keytab to authenticate the Kerberos KDC's ticket.
+If there is no such key, for example on a host with no keytabs,
+.Nm
+will fail immediately without prompting the user.
+.Pp
+.Sy Warning :
+If the host has not been configured with a keytab from the KDC, setting
+this option makes it vulnerable to malicious KDCs, e.g. via DNS
+flooding, because
+.Nm
+has no way to distinguish the legitimate KDC from a spoofed KDC.
 .It Cm no_user_check
 Do not verify if a user exists on the local system. This option implies the
 .Cm no_ccache
@@ -210,7 +224,7 @@ file containing Kerberos principals that are allowed access.
 .Xr passwd 1 ,
 .Xr syslog 3 ,
 .Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
 .Sh NOTES
 Applications should not call
 .Fn pam_authenticate