diff options
author | Sumit Bose <sbose@redhat.com> | 2015-03-24 13:00:14 +0100 |
---|---|---|
committer | Sumit Bose <sbose@redhat.com> | 2015-05-08 09:14:12 +0200 |
commit | 932c3e22e3c59a9c33f30dcc09e6bef257e14320 (patch) | |
tree | 133eca06e5885c538d6dc828447515285e9487a6 /src/man | |
parent | e5698314b87e147c0223d0d8bcac206733dfae8c (diff) | |
download | sssd-932c3e22e3c59a9c33f30dcc09e6bef257e14320.tar.gz sssd-932c3e22e3c59a9c33f30dcc09e6bef257e14320.tar.xz sssd-932c3e22e3c59a9c33f30dcc09e6bef257e14320.zip |
Add cache_credentials_minimal_first_factor_length config option
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/sssd.conf.5.xml | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 92c64b9fd..fc34d8ee2 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -1392,6 +1392,28 @@ pam_account_expired_message = Account expired, please call help desk. </para> </listitem> </varlistentry> + + <varlistentry> + <term>cache_credentials_minimal_first_factor_length (int)</term> + <listitem> + <para> + If 2-Factor-Authentication (2FA) is used and + credentials should be saved this value determines + the minimal lenght the first authentication factor + (long term password) must have to be saved as SHA512 + hash into the cache. + </para> + <para> + This should avoid that the short PINs of a PIN based + 2FA scheme are saved in the cache which would make + them easy targets for brute-force attacks. + </para> + <para> + Default: 8 + </para> + </listitem> + </varlistentry> + <varlistentry> <term>account_cache_expiration (integer)</term> <listitem> |