diff options
| -rw-r--r-- | src/man/sssd-ipa.5.xml | 4 | ||||
| -rw-r--r-- | src/man/sssd-krb5.5.xml | 17 | ||||
| -rw-r--r-- | src/man/sssd-ldap.5.xml | 12 | ||||
| -rw-r--r-- | src/man/sssd.conf.5.xml | 8 |
4 files changed, 28 insertions, 13 deletions
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index 95f8613da..afa52e3c4 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -50,6 +50,10 @@ <manvolnum>5</manvolnum> </citerefentry> authentication provider. However, it is neither necessary nor recommended to set these options. + IPA provider can also be used as an access and chpass provider. As an + access provider it uses HBAC (host-based access control) rules. Please + refer to freeipa.org for more information about HBAC. No configuration + of access provider is required on the client side. </para> </refsect1> diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml index 489a5072a..dbe96a1db 100644 --- a/src/man/sssd-krb5.5.xml +++ b/src/man/sssd-krb5.5.xml @@ -33,14 +33,15 @@ </citerefentry> manual page </para> <para> - The Kerberos 5 authentication backend does not contain an identity - provider and must be paired with one in order to function properly (for - example, id_provider = ldap). Some information required by the Kerberos - 5 authentication backend must be provided by the identity provider, such - as the user's Kerberos Principal Name (UPN). The configuration of the - identity provider should have an entry to specify the UPN. Please refer - to the man page for the applicable identity provider for details on how - to configure this. + The Kerberos 5 authentication backend contains auth and chpass + providers. It must be paired with identity provider in + order to function properly (for example, id_provider = ldap). Some + information required by the Kerberos 5 authentication backend must + be provided by the identity provider, such as the user's Kerberos + Principal Name (UPN). The configuration of the identity provider + should have an entry to specify the UPN. Please refer to the man + page for the applicable identity provider for details on how to + configure this. </para> <para> In the case where the UPN is not available in the identity backend diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index b32096dd9..402ab906f 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -35,11 +35,13 @@ You can configure SSSD to use more than one LDAP domain. </para> <para> - If you want to authenticate against an LDAP server then TLS/SSL is - required. <command>sssd</command> <emphasis>does not</emphasis> - support authentication over an unencrypted channel. If the LDAP - server is used only as an identify provider, an encrypted channel - is not needed. + LDAP back end supports id, auth, access and chpass providers. If you want + to authenticate against an LDAP server either TLS/SSL, LDAPS, or + LDAP+GSSAPI is required. <command>sssd</command> <emphasis>does + not</emphasis> support authentication over an unencrypted channel. + If the LDAP server is used only as an identity provider, an encrypted + channel is not needed. Please refer to <quote>ldap_access_filter</quote> + config option for more information about using LDAP as an access provider. </para> </refsect1> diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 850dfdd33..d00de05c1 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -639,6 +639,14 @@ Supported change password providers are: </para> <para> + <quote>ipa</quote> to change a password stored + in an IPA server. See + <citerefentry> + <refentrytitle>sssd-ipa</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> for more information on configuring IPA. + </para> + <para> <quote>ldap</quote> to change a password stored in a LDAP server. See <citerefentry> |