summaryrefslogtreecommitdiffstats
path: root/src/man/sssd.conf.5.xml
Commit message (Collapse)AuthorAgeFilesLines
* subdomains: Inherit cleanup period and tokengroup settings from parent domainJakub Hrozek2015-06-081-0/+9
| | | | | | | | | | | | | Allows the administrator to extend the functionality of ldap_purge_cache_timeout, ldap_user_principal and ldap_use_tokengroups to the subdomains. This is a less intrusive way of achieving: https://fedorahosted.org/sssd/ticket/2627 Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit 9b162bf39ef75629f54ffa1d0bd5f9c13119b650) (cherry picked from commit 602eb710c62c192060debad3062f13677ec3b105)
* UTIL: Inherit ignore_group_membersJakub Hrozek2015-06-081-0/+4
| | | | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2644 Allows the administrators to extend ignore_group_members to subdomains as well by setting: subdomain_inherit = ignore_group_members in the domain section. Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit 01c049ceef55c7bbfca1e47cecb2a0a2cf0a5d44) (cherry picked from commit 27d8524cf635d61d93c71539709a30e1205dcaf1)
* confdb: Add new option subdomain_inheritJakub Hrozek2015-06-081-1/+19
| | | | | | | | | | | | | | | | Adds a new option subdomain_inherit that would allow administrators to pick and choose which option to pass to subdomains. This option is required for: https://fedorahosted.org/sssd/ticket/2644 as a short-term fix. The proper solution is described in: https://fedorahosted.org/sssd/ticket/2599 Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit 1711cbfd2e36d44af1ae50e3a2beeec3a1f0b5e8) (cherry picked from commit da2d33f81746a9bf8abd97becaf17005e4f89d2c)
* MAN: refresh_expired_interval also supports users and groupsJakub Hrozek2015-05-311-2/+2
| | | | | | Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 5c2f80ef0b6ace6b331bcf99e5e5c7d73cfb92c6)
* PAM: new option pam_account_expired_messagePavel Reichl2015-03-031-0/+21
| | | | | | | | | | | This option sets string to be printed when authenticating using SSH keys and account is expired. Resolves: https://fedorahosted.org/sssd/ticket/2050 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit e039f1aefecc65a7b3c2d4a13a612bff1dd367c8)
* MAN: add dots as valid character in domain namesPavel Reichl2015-01-151-1/+1
| | | | | | | | | | Add dots into a set of allowed characters for domain names. Resolves: https://fedorahosted.org/sssd/ticket/2527 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 9a15eb105d01d9e100e69e9d66fb8e880b228246)
* MAN: Misspelled username in pam_trusted_users is not fatalJakub Hrozek2014-12-131-5/+0
| | | | | | | | | | | The man page claimed that failing to resolve an user name results in failure to start SSSD, but it's not the case and shouldn't be, because marking a user as trusted only elevates privileges, so it's safe to ignore that failure. https://fedorahosted.org/sssd/ticket/2530 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Man: debug_timestamps and debug_microsecondsMichal Zidek2014-11-201-2/+6
| | | | | | | | | Add note that these two options are ignored if journald is used. https://fedorahosted.org/sssd/ticket/2498 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Update case_sensitive=Preserving in man pages.Michal Zidek2014-11-201-2/+5
| | | | https://fedorahosted.org/sssd/ticket/2462
* nss: parse user_attributes optionSumit Bose2014-11-051-0/+26
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* NSS: Possibility to use any shells in 'allowed_shells'Denis Kutin2014-10-221-0/+10
| | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2219 Signed-off-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* SSSD: Load a user to run a service as from configurationJakub Hrozek2014-10-221-0/+13
| | | | | | | | | | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2370 Adds a option, user to run as, that is specified in the [sssd] section. When this option is specified, SSSD will run as this user and his private group. When these are not specified, SSSD will run as the configure-time user and group (usually root). Currently all services and providers are started as root. There is a temporary svc_supported_as_nonroot() function that returns true for a service if that service runs and was tested as nonroot and false otherwise. Currently this function always returns false, but will be amended in future patches. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* PAM: new options pam_trusted_users & pam_public_domainsPavel Reichl2014-09-291-0/+50
| | | | | | | | | | | | | pam_public_domains option is a list of numerical UIDs or user names that are trusted. pam_public_domains option is a list of domains accessible even for untrusted users. Based on: https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* MAN: AD is allowed value of subdomains_providerJakub Hrozek2014-09-181-0/+9
| | | | | | https://fedorahosted.org/sssd/ticket/2442 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* SSS_CACHE: Allow sss_cache tool to flush SSH hosts cacheWilliam B2014-09-051-0/+14
| | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2358 Signed-off-by: Jan Cholasta <jcholast@redhat.com> Reviewed-by: Jan Cholasta <jcholast@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Replace space: add some checksSumit Bose2014-09-011-3/+5
| | | | | | | | | | | | | | | | | | | | | | | This patch adds some additional checks if the option for replacing spaces in user and group names is used. When replacing space with the replacement character it is checked if the name already contains the replacement character. If it does the unmodified name is returned because in this case a revers operation would not be possible. For the reverse operation is it checked if the input contains both a space and the replacement character. If this is true the unmodified name is returned as well, because we have to assume that it is the original name because otherwise it wouldn't contain both characters. Additionally a shortcut if the replacement characters is a space and tests for the new checks are added. The man page is updated accordingly. Related to https://fedorahosted.org/sssd/ticket/1854 and https://fedorahosted.org/sssd/ticket/2397 . Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Make the space override responder-agnosticJakub Hrozek2014-08-131-17/+23
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2397 In order to make the override_space option usable by other responders, we need to move the override_space option to the generic responder structure. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Only replace space with the specified substitutionJakub Hrozek2014-08-131-5/+5
| | | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2397 - make sss_replace_whitespaces only replace space (' ') not any whitespace - make sss_replace_whitespaces only replace a single char, not the whole string - rename CONFDB_NSS_OVERRIDE_DEFAULT_WHITESPACE to CONFDB_NSS_OVERRIDE_DEFAULT_SPACE - rename the override_default_whitespace option to override_space - rename sss_replace_whitespaces() to sss_replace_space() - rename sss_reverse_replace_whitespaces() to sss_reverse_replace_space() - rename nctx->override_default_wsp_str to nctx->override_space - make the return value of sss_replace_space non-const to avoid freeing the result without compilation warnings Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* MAN: offline_timeoutMichal Zidek2014-08-121-4/+22
| | | | | | | | Amend the man page to reflect current behaviour. https://fedorahosted.org/sssd/ticket/2401 Reviewed-by: Dan Lavu <dlavu@redhat.com>
* MAN: case_sensitivity man page updateMichal Zidek2014-07-291-3/+30
| | | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2367 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* NSS: Replace spaces with specified string in names.Lukas Slebodnik2014-07-281-0/+17
| | | | | | | | | | | | This patch add possibility to replace whitespace in user and group names with a specified string. With string "-", sssd will return the same result as winbind enabled option "winbind normalize names" Resolves: https://fedorahosted.org/sssd/ticket/1854 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* MAN: local auth_provider is not documented in sssd.confJakub Hrozek2014-07-141-0/+4
| | | | | | | | https://fedorahosted.org/sssd/ticket/2359 Reported by Stephan Mueller. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* MAN: Add reference to manual page sssd-sudoLukas Slebodnik2014-06-031-0/+28
| | | | Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* NSS: Add option to expand homedir template formatLukas Slebodnik2014-06-021-0/+1
| | | | | | | | | LDAP server can contain template for home directory instead of plain string. This patch adds new expand option "%H", which will be replaced with value from configuration option homedir_substring (from sssd.conf) Resolves: https://fedorahosted.org/sssd/ticket/1853
* man: clarify refresh_expired_intervalPavel Březina2014-06-011-3/+7
| | | | | | https://fedorahosted.org/sssd/ticket/2114 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* IFP: Re-add the InfoPipe serverJakub Hrozek2014-04-041-0/+1
| | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2072 This commit only adds the responder and the needed plumbing. No DBus related code is in yet.
* MAN: new general options sectionPavel Reichl2014-03-131-39/+62
| | | | | | | | | | Some options are relevant to multiple sections of sssd.conf. This patch adds new sections for those. Resolves: https://fedorahosted.org/sssd/ticket/2218 Reviewed-by: Sumit Bose <sbose@redhat.com>
* SUDO: AD providerSumit Bose2014-03-021-3/+12
| | | | | | | | | | | | | | This patch adds the sudo target to the AD provider. The main reason is to cover different default settings in the LDAP and AD provider. E.g. the default for ldap_id_mapping is True in the AD provider and False in the LDAP provider. If ldap_id_mapping was not set explicitly in the config file both components worked with different setting. Fixes https://fedorahosted.org/sssd/ticket/2256 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* MAN: update of subdomain_homedir usagePavel Reichl2014-02-051-1/+2
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2169
* MAN: clarify which shell option takes precedenceJakub Hrozek2014-01-291-6/+7
|
* MAN: Fix a typoJakub Hrozek2014-01-201-1/+1
|
* confdb: Make offline timeout configurableMichal Zidek2013-11-071-0/+15
| | | | | | | Added and documented option offline_timeout. Resolves: https://fedorahosted.org/sssd/ticket/1718
* MAN: Document that sss_cache should be run after changing the cache timeoutJakub Hrozek2013-09-051-0/+13
|
* Add a new option to control subdomain enumerationJakub Hrozek2013-08-281-0/+27
|
* Netgroups should ignore the 'use_fully_qualified_names' settingStephen Gallagher2013-07-291-0/+7
| | | | | | | | | | | Netgroups often have memberNisNetgroup entries included in them that will never process correctly if we require fully-qualified names on the nested lookup. This patch alters the behavior of netgroup lookups to check *all* domains for an unqualified netgroup name, instead of only the ones not requiring fully- qualified names. https://fedorahosted.org/sssd/ticket/2013
* Set default DNS resolution timeout to 6 seconds.Michal Zidek2013-07-241-1/+1
| | | | | | | | Partially solves ticket: https://fedorahosted.org/sssd/ticket/1966 To avoid the problem mentioned in the ticket above, option dns_discovery_domain must be set properly.
* MAN: Clarify the min_id/max_id limits furtherJakub Hrozek2013-07-171-0/+4
| | | | | | | | | https://fedorahosted.org/sssd/ticket/2005 Some users were confused by our description of min_id/max_id and thought the limits only applied to returning entries from the NSS responder. However, the limits are actually enforced on the back end side, so the entries are not even saved to cache.
* Fix minor typosYuri Chornoivan2013-06-121-2/+2
|
* back end: add refresh expired records periodic taskPavel Březina2013-06-101-0/+18
| | | | | | https://fedorahosted.org/sssd/ticket/1713 Add new option refresh_expired_interval.
* Enhance PAC responder for AD usersSumit Bose2013-06-061-10/+10
| | | | | | | | | | | This patch modifies the PAC responder so that it can be used with the AD provider as well. The main difference is that the POSIX UIDs and GIDs are now lookup up with the help of the SID instead of being calculated algorithmically. This was necessary because the AD provider allows either algorithmic mapping or reading the value from attributes stored in AD. Fixes https://fedorahosted.org/sssd/ticket/1558
* Allow flat name in the FQname formatJakub Hrozek2013-05-301-5/+63
| | | | | | | https://fedorahosted.org/sssd/ticket/1648 Adds another expansion in the printf format that allows the user to use the domain flat name in the format.
* Add a domain config attribute for realmdStef Walter2013-05-231-0/+9
| | | | | realmd needs to be able to tag various domains with basic info when it configures a domain.
* AD: read flat name and SID of the AD domainSumit Bose2013-05-071-0/+4
| | | | | | | | | | | | | | | For various features either the flat/short/NetBIOS domain name or the domain SID is needed. Since the responders already try to do a subdomain lookup when and known domain name is encountered I added a subdomain lookup to the AD provider which currently only reads the SID from the base DN and the NetBIOS name from a reply of a LDAP ping. The results are written to the cache to have them available even if SSSD is started in offline mode. Looking up trusted domains can be added later. Since all the needed responder code is already available from the corresponding work for the IPA provider this patch fixes https://fedorahosted.org/sssd/ticket/1468
* Document the naming convention for SSSD domainsJakub Hrozek2013-04-261-0/+2
| | | | https://fedorahosted.org/sssd/ticket/1809
* Allow using flatname for subdomain home dir templateJakub Hrozek2013-04-101-1/+9
| | | | https://fedorahosted.org/sssd/ticket/1609
* Put the override_homedir into an included xml fileJakub Hrozek2013-04-101-54/+1
| | | | | The description was duplicated on two places, leading to errors where one was amended but the other was not.
* NSS: Add original homedir to home directory template optionsStephen Gallagher2013-02-101-0/+7
| | | | https://fedorahosted.org/sssd/ticket/1805
* MAN: Clarify that saving users after enumerating large domain might be CPU ↵Jakub Hrozek2013-01-281-1/+9
| | | | | | intensive https://fedorahosted.org/sssd/ticket/1732
* MAN: Move ssh_known_hosts_timeout documentation to the correct sectionJan Cholasta2012-12-051-12/+12
|
* MAN: quotation fixOndrej Kos2012-11-161-1/+1
| | | | | I noticed that the proxy in auth_provider section of sssd.conf manpage isn't quoted when all others are.
generated by cgit (git 2.34.1) at 2024-05-21 12:20:16 +0000