diff options
| author | Pavel Reichl <preichl@redhat.com> | 2014-09-25 14:52:31 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-09-29 18:27:07 +0200 |
| commit | 830ded27453015080a54d6ba85fd4999ee7e9af1 (patch) | |
| tree | 2dcdecd4d211c25e7e1dd909e062e534348227db /src/man | |
| parent | cb7644495e76ffa3e19ba10efb4a0f5f3817ba33 (diff) | |
| download | sssd-830ded27453015080a54d6ba85fd4999ee7e9af1.tar.gz sssd-830ded27453015080a54d6ba85fd4999ee7e9af1.tar.xz sssd-830ded27453015080a54d6ba85fd4999ee7e9af1.zip | |
PAM: new options pam_trusted_users & pam_public_domains
pam_public_domains option is a list of numerical UIDs or user names
that are trusted.
pam_public_domains option is a list of domains accessible even for
untrusted users.
Based on:
https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/man')
| -rw-r--r-- | src/man/sssd.conf.5.xml | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index ad091e46e..d57341661 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -836,6 +836,56 @@ fallback_homedir = /home/%u </para> </listitem> </varlistentry> + <varlistentry> + <term>pam_trusted_users (string)</term> + <listitem> + <para> + Specifies the comma-separated list of UID values or + user names that are allowed to access the PAM + responder. User names are resolved to UIDs at + startup. + </para> + <para> + Default: all (All users are allowed to access + the PAM responder) + </para> + <para> + Please note that UID 0 is always allowed to access + the PAM responder even in case it is not in the + pam_trusted_users list. + </para> + <para> + Also please note that if there is a user name in + pam_trusted_users list which fails to be resolved + it will cause that SSSD will not be started. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>pam_public_domains (string)</term> + <listitem> + <para> + Specifies the comma-separated list of domain names + that are accessible even to untrusted users. + </para> + <para> + Two special values for pam_public_domains option + are defined: + </para> + <para> + all (Untrusted users are allowed to access + all domains in PAM responder.) + </para> + <para> + none (Untrusted users are not allowed to access + any domains PAM in responder.) + </para> + <para> + Default: none + </para> + </listitem> + </varlistentry> + </variablelist> </refsect2> |