summaryrefslogtreecommitdiffstats
path: root/server/man
Commit message (Collapse)AuthorAgeFilesLines
* Enable debug_timestamps by defaultStephen Gallagher2010-02-051-1/+1
| | | | | It can be overridden in the sssd.conf or on the commandline with --debug-timestamps=0
* Add offline failed login counterSumit Bose2010-02-021-1/+35
|
* Add new option ldap_referralsSumit Bose2010-02-021-0/+13
|
* Deleting nonexistent users or groups is not a noopJakub Hrozek2010-01-202-4/+2
| | | | | | The manual pages for userdel and groupdel utilities incorrectly stated that deleting a nonexistent user or group is a noop. We changed that behavior, but forgot to sync the documentation.
* document debug_timestampsJakub Hrozek2010-01-202-0/+22
|
* sss_groupshow - a utility to print properties of a local groupJakub Hrozek2010-01-207-0/+84
| | | | | | | This patch adds a utility called sss_groupshow that allows user to print properties of a group in the local domain. Fixes: #306
* Copy-edit, mainly fixing typos and EnglishDavid O'Brien2010-01-142-71/+68
| | | | | Some reformatting to stay within 79 char line length. Better definition of server vs. machine usage in failover section.
* Clarify access_provider manpage entryStephen Gallagher2009-12-171-1/+3
| | | | We support installed access providers as well as permit and deny
* Change default for enumeration to TRUEStephen Gallagher2009-12-171-1/+1
|
* Fix tight loop in monitorStephen Gallagher2009-12-151-4/+4
| | | | | | If the domain heartbeat time was explicitly set in the configuration to 0, we would enter a tight loop in the heartbeat check and never answer requests from the child processes.
* Document the failover feature in manpagesJakub Hrozek2009-12-104-4/+61
| | | | Fixes: #309
* Copy-edit sssd-ipa man pageDavid O'Brien2009-12-031-18/+17
| | | | | Mainly typo fixes and grammar updates. Application of RH doc styles where appropriate.
* Get TGT in a child process.Jakub Hrozek2009-11-251-1/+2
| | | | | | | To avoid blocking in a synchronous call, the TGT is saved in a separate process Fixes: #277
* Add ldap_pwd_policy optionSumit Bose2009-11-231-0/+33
|
* Add reference to sssd-krb5 man page.Simo Sorce2009-11-201-0/+3
| | | | Thanks to Marko Myllynen for spotting this.
* Validate Kerberos credentials with local keytabSumit Bose2009-11-202-0/+42
|
* Fix option name krb5_changepw_principalSumit Bose2009-11-131-3/+3
|
* Make 'permit' the default for the access targetSumit Bose2009-11-121-3/+1
|
* Fixes for proxy providerSumit Bose2009-11-121-1/+3
| | | | | - use the correct private data for each PAM task - make proxy_pam_target a mandatory option for auth, chpass and access
* Assorted manpage fixesJakub Hrozek2009-11-091-27/+14
| | | | | | * do not mention the sbus_timeout parameter at all * document the config_file_version parameter * different wording for negative cache
* Update midpoint refresh logic to be relative to cache timeoutStephen Gallagher2009-11-051-4/+23
|
* Tidy up ipa optionsSimo Sorce2009-10-292-67/+40
| | | | | | | | | | | | | | Do not replicate every and each option we may want to set in ipa. Just read out ldap and krb provider options (added reference in the manual too, and removed mention of ipa specific timeout values, use ldap options for that) Avoid calling auth module initialization twice, just pass the auth context to the chpass module too. Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be used for both users and groups. the user and group search bases can still be set separately if necessary but they are now optional and set to be identical to SDAP_SEARCH_BASE if not explicitly specified in the configuration.
* Move responsibility for entry expiration timeoutSimo Sorce2009-10-271-13/+12
| | | | | The providers are now responsible for determining how long a cached entry is considered valid. The default is the same as before (600s)
* Remove [dp] section from example configStephen Gallagher2009-10-271-10/+3
| | | | | Also remove references to the DP service from the sssd.conf manpages.
* Add support for offline auth cache timeoutStephen Gallagher2009-10-221-0/+21
| | | | | | | | | This adds a new option (offline_credentials_expiration) to the [PAM] section of the sssd.conf If the user does not perform an online authentication within the timeout (in days), they will be denied auth once the timeout passes.
* User home directories managementJakub Hrozek2009-10-223-0/+154
| | | | | | Create and populate user directories on useradd, delete them on userdel Fixes: #212
* Start implementing ipa specific options.Simo Sorce2009-10-201-0/+182
| | | | | First step generate ldap options from ipa options. Add sssd-ipa man page too.
* more implicit provider target settingsSumit Bose2009-10-151-1/+28
| | | | | | | | | If auth_provider or access_provider is ont set explicitly id_provider is used if it can handle auth or access control requests respectively. If not auth defaults to 'none' and the access_provider is set to 'permit'. The option 'deny' is added for the access_provider to explicitly deny access.
* set chpass_provider implicit if not set explicitSumit Bose2009-10-151-0/+7
| | | | | | - if chpass_provider is not given in the configuration file but an auth_provider and the auth_provider can also handle change password requests it is used as chpass_provider.
* Remove magicPrivateGroups optionSimo Sorce2009-10-091-41/+0
| | | | | | | | | In sssd only local is a native mpg domain, and it is forced. All other providers will have to unroll mpg users into a user/group pair of entries in the db. This allows the provider to automatically establish if the remote server provides mpg users w/o possibily conflicting manual configurations on the client trying to force an mpg behavior where none is provided.
* add description of chpass_provider option to sssd.conf man pageSumit Bose2009-10-081-0/+30
|
* more documentation and test for sssd.confSumit Bose2009-10-051-0/+5
| | | | | - add a hint to the man page about permissions on sssd.conf - add a test if a symbolic link can be opened
* Initial implementation of sasl bind supportSimo Sorce2009-10-011-0/+79
| | | | | | Inits krb5 credentials, if sasl mech is GSSAPI. Tested with GSSAPI and host keytab as well as user credentials. Updates also manpages with the new options.
* remove krb5_try_simple_upn option and make it a default fallbackSumit Bose2009-09-251-14/+16
|
* Send debug messages to logfileJakub Hrozek2009-09-251-0/+12
| | | | | | | | | | | | | Introduces a new option --debug-to-files which makes SSSD output its debug information to a file instead of stderr, which is still the default. Also introduces a new confdb option debug_to_files which does the same, but can be specified per-service in the config file. The logfiles are stored in /var/log/sssd by default. Changes the initscript to log to files by default.
* add new config options ldap_tls_cacert and ldap_tls_cacertdirSumit Bose2009-09-251-0/+43
|
* Manpages updateJakub Hrozek2009-09-253-224/+193
|
* added support for older MIT kerberos versionssbose2009-09-241-0/+89
| | | | | | | | | - make the build of the locator plugin optional - added a man page for the locator plugin - use krb5.h if krb5/krb5.h cannot be found - added alternatives for missing functions - set -DDBUS_API_SUBJECT_TO_CHANGE if libdbus version is lesser than 1.0.0
* add a man page for pam_sssSumit Bose2009-09-231-0/+3
|
* Remove provider=filesJakub Hrozek2009-09-231-11/+1
| | | | | | | Remove this provider type, as well as any references in the docs and examples to the "LEGACYLOCAL" migration domain. Fixes: #165
* Include groupSearchBase in sssd-ldap(5) manpageStephen Gallagher2009-09-181-1/+11
|
* Add missing reference to sssd-ldap(5) in sssd.conf(5) manpageStephen Gallagher2009-09-181-0/+3
|
* added child timeout handlerSumit Bose2009-09-141-0/+14
|
* add krb5ccache_dir and krb5ccname_template optionSumit Bose2009-09-141-0/+71
| | | | | | | | The configuration options krb5ccache_dir and krb5ccname_template are added to the Kerberos provider to create the user's credential caches the same way as pam_krb5 does. Due to the design of the sssd and the supported ccache types of MIT Kerberos only files are allowed.
* add change password target to krb5 backendSumit Bose2009-09-111-1/+16
|
* Update documentation and examplesSimo Sorce2009-09-112-15/+30
| | | | | | | Remove the "legacy" option from examples and man pages. Legacy is is finally R.I.P Add docs for ldapSchema in sssd-ldap man page.
* Small changes to the example config and manpageJakub Hrozek2009-09-111-12/+25
| | | | | | | | | Remove magicPrivateGroups since it's set automatically, use bool values for enumerate. Also add a notice about krb5 auth-module with a link to specialized manpage to sssd.conf(5) similar to what we have for ldap auth-module. Move both outside proxy domain description.
* Update manpage to reflect new syntax for enumerateStephen Gallagher2009-09-101-12/+6
|
* Add support for the EntryCacheNoWaitRefreshTimeoutStephen Gallagher2009-09-091-0/+13
| | | | | | | | This timeout specifies the lifetime of a cache entry before it is updated out-of-band. When this timeout is hit, the request will still complete from cache, but the SSSD will also go and update the cached entry in the background to extend the life of the cache entry and reduce the wait time of a future request.
* more fixes for older libpcre versionssbose2009-09-091-1/+6
| | | | | - older version of libpcre only support the Python syntax (?P<name>) for named subpatterns