summaryrefslogtreecommitdiffstats
path: root/src/man/sssd.conf.5.xml
Commit message (Collapse)AuthorAgeFilesLines
* SUDO: AD providerSumit Bose2014-03-021-3/+12
| | | | | | | | | | | | | | | This patch adds the sudo target to the AD provider. The main reason is to cover different default settings in the LDAP and AD provider. E.g. the default for ldap_id_mapping is True in the AD provider and False in the LDAP provider. If ldap_id_mapping was not set explicitly in the config file both components worked with different setting. Fixes https://fedorahosted.org/sssd/ticket/2256 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 61804568ce5ede3b1a699cda17c033dd6c23f0e3)
* MAN: update of subdomain_homedir usagePavel Reichl2014-02-111-1/+2
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2169 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: clarify which shell option takes precedenceJakub Hrozek2014-01-291-6/+7
|
* MAN: Fix a typoJakub Hrozek2014-01-201-1/+1
|
* MAN: Document that sss_cache should be run after changing the cache timeoutJakub Hrozek2013-09-051-0/+13
|
* Add a new option to control subdomain enumerationJakub Hrozek2013-08-281-0/+27
|
* Netgroups should ignore the 'use_fully_qualified_names' settingStephen Gallagher2013-07-291-0/+7
| | | | | | | | | | | Netgroups often have memberNisNetgroup entries included in them that will never process correctly if we require fully-qualified names on the nested lookup. This patch alters the behavior of netgroup lookups to check *all* domains for an unqualified netgroup name, instead of only the ones not requiring fully- qualified names. https://fedorahosted.org/sssd/ticket/2013
* Set default DNS resolution timeout to 6 seconds.Michal Zidek2013-07-241-1/+1
| | | | | | | | Partially solves ticket: https://fedorahosted.org/sssd/ticket/1966 To avoid the problem mentioned in the ticket above, option dns_discovery_domain must be set properly.
* MAN: Clarify the min_id/max_id limits furtherJakub Hrozek2013-07-171-0/+4
| | | | | | | | | https://fedorahosted.org/sssd/ticket/2005 Some users were confused by our description of min_id/max_id and thought the limits only applied to returning entries from the NSS responder. However, the limits are actually enforced on the back end side, so the entries are not even saved to cache.
* Fix minor typosYuri Chornoivan2013-06-121-2/+2
|
* back end: add refresh expired records periodic taskPavel Březina2013-06-101-0/+18
| | | | | | https://fedorahosted.org/sssd/ticket/1713 Add new option refresh_expired_interval.
* Enhance PAC responder for AD usersSumit Bose2013-06-061-10/+10
| | | | | | | | | | | This patch modifies the PAC responder so that it can be used with the AD provider as well. The main difference is that the POSIX UIDs and GIDs are now lookup up with the help of the SID instead of being calculated algorithmically. This was necessary because the AD provider allows either algorithmic mapping or reading the value from attributes stored in AD. Fixes https://fedorahosted.org/sssd/ticket/1558
* Allow flat name in the FQname formatJakub Hrozek2013-05-301-5/+63
| | | | | | | https://fedorahosted.org/sssd/ticket/1648 Adds another expansion in the printf format that allows the user to use the domain flat name in the format.
* Add a domain config attribute for realmdStef Walter2013-05-231-0/+9
| | | | | realmd needs to be able to tag various domains with basic info when it configures a domain.
* AD: read flat name and SID of the AD domainSumit Bose2013-05-071-0/+4
| | | | | | | | | | | | | | | For various features either the flat/short/NetBIOS domain name or the domain SID is needed. Since the responders already try to do a subdomain lookup when and known domain name is encountered I added a subdomain lookup to the AD provider which currently only reads the SID from the base DN and the NetBIOS name from a reply of a LDAP ping. The results are written to the cache to have them available even if SSSD is started in offline mode. Looking up trusted domains can be added later. Since all the needed responder code is already available from the corresponding work for the IPA provider this patch fixes https://fedorahosted.org/sssd/ticket/1468
* Document the naming convention for SSSD domainsJakub Hrozek2013-04-261-0/+2
| | | | https://fedorahosted.org/sssd/ticket/1809
* Allow using flatname for subdomain home dir templateJakub Hrozek2013-04-101-1/+9
| | | | https://fedorahosted.org/sssd/ticket/1609
* Put the override_homedir into an included xml fileJakub Hrozek2013-04-101-54/+1
| | | | | The description was duplicated on two places, leading to errors where one was amended but the other was not.
* NSS: Add original homedir to home directory template optionsStephen Gallagher2013-02-101-0/+7
| | | | https://fedorahosted.org/sssd/ticket/1805
* MAN: Clarify that saving users after enumerating large domain might be CPU ↵Jakub Hrozek2013-01-281-1/+9
| | | | | | intensive https://fedorahosted.org/sssd/ticket/1732
* MAN: Move ssh_known_hosts_timeout documentation to the correct sectionJan Cholasta2012-12-051-12/+12
|
* MAN: quotation fixOndrej Kos2012-11-161-1/+1
| | | | | I noticed that the proxy in auth_provider section of sssd.conf manpage isn't quoted when all others are.
* Add ignore_group_members option.Paul B. Henson2012-11-151-0/+17
| | | | https://fedorahosted.org/sssd/ticket/1376
* Run IPA subdomain provider if IPA ID provider is configuredSumit Bose2012-11-141-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | To make configuration easier the IPA subdomain provider should be always loaded if the IPA ID provider is configured and the subdomain provider is not explicitly disabled. But to avoid the overhead of regular subdomain requests in setups where no subdomains are used the IPA subdomain provider should behave differently if configured explicit or implicit. If the IPA subdomain provider is configured explicitly, i.e. 'subdomains_provider = ipa' can be found in the domain section of sssd.conf subdomain request are always send to the server if needed. If it is configured implicitly and a request to the server fails with an indication that the server currently does not support subdomains at all, e.g. is not configured to handle trust relationships, a new request will be only send to the server after a long timeout or after a going-online event. To be able to make this distinction this patch save the configuration status to the subdomain context. Fixes https://fedorahosted.org/sssd/ticket/1613
* MAN: Specify the correct location for the force_timeout optionStephen Gallagher2012-11-081-16/+32
|
* Allow setting the default_shell option per-domain as wellJakub Hrozek2012-10-181-1/+2
| | | | https://fedorahosted.org/sssd/ticket/1583
* MAN: improve wording of default_domain parameterJakub Hrozek2012-10-121-5/+5
|
* Fix typosYuri Chornoivan2012-10-091-1/+1
|
* man: Note that automounter must be restarted to re-read the master mapJakub Hrozek2012-10-051-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1563
* SSH: Expire hosts in known_hostsJan Cholasta2012-10-051-0/+12
|
* Add man page section about provider specific re_expressionSumit Bose2012-10-021-8/+33
| | | | Fixes: https://fedorahosted.org/sssd/ticket/1525
* Add new option default_domain_suffixSumit Bose2012-10-011-0/+24
|
* autofs, sudo, ssh and PAC are not experimental anymoreJakub Hrozek2012-09-241-21/+0
|
* Document entry_cache_autofs_timeoutJakub Hrozek2012-08-101-0/+14
|
* Fix various typos in documentation.Yuri Chornoivan2012-08-031-1/+1
|
* Renamed session provider to selinux providerJan Zeleny2012-07-271-7/+8
|
* NSS: Add override_shell optionStephen Gallagher2012-07-201-0/+14
| | | | | | | | | If override_shell is specified in the [nss] section, all users managed by SSSD will have their shell set to this value. If it is specified in the [domain/DOMAINNAME] section, it will apply to only that domain (and override the [nss] value, if any). https://fedorahosted.org/sssd/ticket/1087
* MAN: Improvements to the AD provider manpageStephen Gallagher2012-07-201-0/+16
| | | | | | | Add information about ID mapping (including how to disable it) as well as information on how to handle homedir and shell. https://fedorahosted.org/sssd/ticket/1433
* MAN: List all available backends for provider optionsStephen Gallagher2012-07-201-14/+84
| | | | https://fedorahosted.org/sssd/ticket/1432
* Fix typo: exhasution->exhaustion.Yuri Chornoivan2012-07-101-1/+1
|
* pac responder: limit access by checking UIDsSumit Bose2012-07-101-4/+27
| | | | | | | | | | | | A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
* MAN: Unify "SEE ALSO" sectionsStephen Gallagher2012-07-061-32/+2
|
* sudo: manpage updatedPavel Březina2012-06-291-26/+14
| | | | Removes old options and adds new ones.
* Set default for subdomain_homedirSumit Bose2012-06-251-0/+3
|
* Add man page section for the PAC responderSumit Bose2012-06-251-0/+36
|
* Make the client idle timeout configurableStephen Gallagher2012-06-181-0/+15
|
* Clarify how comments work in sssd.confAriel Barria2012-06-121-1/+2
|
* Make re_expression and full_name_format per domain optionsStef Walter2012-06-121-18/+49
| | | | | | | | | | | * Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
* Allow fast memcache timeout to be configurableJan Zeleny2012-06-101-0/+12
| | | | https://fedorahosted.org/sssd/ticket/1318
* Fix typos in message and man pages.Yuri Chornoivan2012-05-141-2/+2
|
generated by cgit (git 2.34.1) at 2024-05-27 03:28:47 +0000