SUDO Integration - in-memory cache in responder

New sudo responder option: cache_timeout https://fedorahosted.org/sssd/ticket/1111
author: Pavel Březina <pbrezina@redhat.com> 2012-01-24 13:42:59 +0100
committer: Stephen Gallagher <sgallagh@redhat.com> 2012-02-04 08:27:16 -0500
commit: 41ef946f3f74a46b9e26118116e4811e259b30ef (patch)
tree: d88a5b7a94eaee2f2407c1ffa43ff3497d99c90b /src/man/sssd.conf.5.xml
parent: bd92e8ee315d4da9350b9ef0358c88a7b54aeebe (diff)
download: sssd-41ef946f3f74a46b9e26118116e4811e259b30ef.tar.gz
sssd-41ef946f3f74a46b9e26118116e4811e259b30ef.tar.xz
sssd-41ef946f3f74a46b9e26118116e4811e259b30ef.zip
1 files changed, 38 insertions, 0 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 94fc591af..e8e8b3347 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -594,6 +594,44 @@
                 </varlistentry>
             </variablelist>
         </refsect2>
+
+        <refsect2 id='SUDO' condition="with_sudo">
+            <title>SUDO configuration options</title>
+            <para>
+                These options can be used to configure the sudo service.
+            </para>
+            <para>
+                <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/experimental.xml" />
+            </para>
+            <variablelist>
+                <varlistentry>
+                    <term>sudo_cache_timeout (integer)</term>
+                    <listitem>
+                        <para>
+                            For any sudo request that comes while SSSD is
+                            online, the SSSD will attempt to update the cached
+                            rules in order to ensure that sudo has the latest
+                            ruleset.
+                        </para>
+                        <para>
+                            The user may, however, run a couple of sudo commands
+                            successively, which would trigger multiple LDAP requests.
+                            In order to speed up this use-case, the sudo service
+                            maintains an in-memory cache that would be used for
+                            performing fast replies.
+                        </para>
+                        <para>
+                            This option controls how long (in seconds) can the sudo
+                            service cache rules for a user.
+                        </para>
+                        <para>
+                            Default: 180
+                        </para>
+                    </listitem>
+                </varlistentry>
+            </variablelist>
+        </refsect2>
+
     </refsect1>
 
     <refsect1 id='domain-sections'>
author	Pavel Březina <pbrezina@redhat.com>	2012-01-24 13:42:59 +0100
committer	Stephen Gallagher <sgallagh@redhat.com>	2012-02-04 08:27:16 -0500
commit	41ef946f3f74a46b9e26118116e4811e259b30ef (patch)
tree	d88a5b7a94eaee2f2407c1ffa43ff3497d99c90b /src/man/sssd.conf.5.xml
parent	bd92e8ee315d4da9350b9ef0358c88a7b54aeebe (diff)
download	sssd-41ef946f3f74a46b9e26118116e4811e259b30ef.tar.gz sssd-41ef946f3f74a46b9e26118116e4811e259b30ef.tar.xz sssd-41ef946f3f74a46b9e26118116e4811e259b30ef.zip