diff options
| author | Jan Zeleny <jzeleny@redhat.com> | 2012-05-01 03:36:37 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-05-04 13:36:42 -0400 |
| commit | bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11 (patch) | |
| tree | ba1da22bd4f400edf1ba50563c80ab290e0987bb /src/man | |
| parent | 9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5d (diff) | |
| download | sssd-bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11.tar.gz sssd-bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11.tar.xz sssd-bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11.zip | |
Modify behavior of pam_pwd_expiration_warning
New option pwd_expiration_warning is introduced which can be set per
domain and can override the value specified by the original
pam_pwd_expiration_warning.
If the value of expiration warning is set to zero, the filter isn't
apllied at all - if backend server returns the warning, it will be
automatically displayed.
Default value for Kerberos: 7 days
Default value for LDAP: don't apply the filter
Technical note: default value when creating the domain is -1. This is
important so we can distinguish between "no value set" and 0. Without
this possibility it would be impossible to set different values for LDAP
and Kerberos provider.
Diffstat (limited to 'src/man')
| -rw-r--r-- | src/man/sssd.conf.5.xml | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index ef7490d94..a7691edcc 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -632,7 +632,17 @@ warning. </para> <para> - Default: 7 + If zero is set, then this filter is not applied, + i.e. if the expiration warning was received from + backend server, it will automatically be displayed. + </para> + <para> + This setting can be overridden by setting + <emphasis>pwd_expiration_warning</emphasis> + for a particular domain. + </para> + <para> + Default: 0 </para> </listitem> </varlistentry> @@ -922,6 +932,29 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term>pwd_expiration_warning (integer)</term> + <listitem> + <para> + Display a warning N days before the password expires. + </para> + <para> + If zero is set, then this filter is not applied, + i.e. if the expiration warning was received from + backend server, it will automatically be displayed. + </para> + <para> + Please note that the backend server has to provide + information about the expiration time of the password. + If this information is missing, sssd cannot display a + warning. Also an auth provider has to be configured for + the backend. + </para> + <para> + Default: 7 (Kerberos), 0 (LDAP) + </para> + </listitem> + </varlistentry> <varlistentry> <term>id_provider (string)</term> |