summaryrefslogtreecommitdiffstats
path: root/src/man
Commit message (Collapse)AuthorAgeFilesLines
* MAN: Clarify how are GPO mappings called in GPO editorJakub Hrozek2015-04-101-3/+19
| | | | | | https://fedorahosted.org/sssd/ticket/2618 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* MAN: Update ppolicy descriptionPavel Reichl2015-03-271-4/+7
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2612 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* MAN: Clarify debug_level a bitJakub Hrozek2015-03-241-0/+19
| | | | | | | | | Some users are confused about placement of the debug_level directive or the location of the log files. Clarify both in the man page. Also add a pointer to sss_debuglevel. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IPA: Remove the ipa_hbac_treat_deny_as optionJakub Hrozek2015-03-241-28/+0
| | | | | | | | | https://fedorahosted.org/sssd/ticket/2603 Since deny rules are no longer supported on the server, the client should no longer support them either. Remove the option. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SDAP: Make StartTLS bind configurable with ldap_opt_timeoutJakub Hrozek2015-03-231-2/+3
| | | | | | | Related: https://fedorahosted.org/sssd/ticket/1501 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* SDAP: Make password change timeout configurable with ldap_opt_timeoutJakub Hrozek2015-03-231-1/+2
| | | | | | | Related: https://fedorahosted.org/sssd/ticket/1501 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* SDAP: Make simple bind timeout configurableJakub Hrozek2015-03-231-1/+2
| | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/1501 Reuse the value of sdap_opt_timeout to set a longer bind timeout for user authentication, ID connection authentication and authentication during IPA migration mode. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MAN: libkrb5 and SSSD use different expansionsPavel Reichl2015-03-131-0/+9
| | | | | | | | | | Users often wrongly use SSSD expansions in libkrb5 expansion template for principals. State explicitly it won't work. Resolves: https://fedorahosted.org/sssd/ticket/2528 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: default_domain_suffix with use_fully_qualified_names.Michal Zidek2015-03-111-2/+6
| | | | | | https://fedorahosted.org/sssd/ticket/2569 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SDAP: Lock out ssh keys when account naturally expiresPavel Reichl2015-03-051-0/+14
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2534 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SDAP: enable change phase of pw expire policy checkPavel Reichl2015-03-031-0/+27
| | | | | | | | | | | | | Implement new option which does checking password expiration policy in accounting phase. This allows SSSD to issue shadow expiration warning even if alternate authentication method is used. Resolves: https://fedorahosted.org/sssd/ticket/2167 Reviewed-by: Sumit Bose <sbose@redhat.com>
* PAM: new option pam_account_expired_messagePavel Reichl2015-02-231-0/+21
| | | | | | | | | | This option sets string to be printed when authenticating using SSH keys and account is expired. Resolves: https://fedorahosted.org/sssd/ticket/2050 Reviewed-by: Sumit Bose <sbose@redhat.com>
* MAN: amend sss_ssh_authorizedkeysPavel Reichl2015-01-271-2/+3
| | | | | | | Directive AuthorizedKeysCommand should be used in conjunction with AuthorizedKeysCommandUser. Reviewed-by: Jan Cholasta <jcholast@redhat.com>
* AD: add new option ad_sitePavel Reichl2015-01-261-0/+14
| | | | | | | | | This option overrides a result of the automatic site discovery. Resolves: https://fedorahosted.org/sssd/ticket/2486 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* MAN: add dots as valid character in domain namesPavel Reichl2015-01-151-1/+1
| | | | | | | | | Add dots into a set of allowed characters for domain names. Resolves: https://fedorahosted.org/sssd/ticket/2527 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: dyndns_iface supports only one interfacePavel Reichl2015-01-152-0/+6
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2548 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Amend the description of ignore_group_membersJohn Dickerson2015-01-151-1/+19
| | | | | | | | | | | | The option description should hint that enabling this option may have a positive effect on access control, especially with large groups. See https://bugzilla.redhat.com/show_bug.cgi?id=1172338 for an example where ignoring the group members helped. Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* GPO: add systemd-user to gpo default permit listPavel Reichl2015-01-151-0/+5
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2556 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* MAN: Remove indentation in element programlisteningLukas Slebodnik2015-01-146-38/+38
| | | | | | | | The indentation is automatically in resulting man page. It isn't necessary to add spaces and moreover it can cause unreadable page asi in case of ad_gpo_map examples. Reviewed-by: Roland Mainz <rmainz@redhat.com>
* MAN: Fix a typoJakub Hrozek2015-01-081-1/+1
| | | | Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
* Updating translations for the 1.12.3 releasesssd-1_12_3Jakub Hrozek2015-01-0816-17640/+18596
|
* MAN: Clarify ad_gpo_map* optionsDan Lavu2014-12-161-0/+11
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2515
* MAN: Misspelled username in pam_trusted_users is not fatalJakub Hrozek2014-12-131-5/+0
| | | | | | | | | | | The man page claimed that failing to resolve an user name results in failure to start SSSD, but it's not the case and shouldn't be, because marking a user as trusted only elevates privileges, so it's safe to ignore that failure. https://fedorahosted.org/sssd/ticket/2530 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* AD/IPA: add krb5_confd_path configuration optionSumit Bose2014-11-252-0/+36
| | | | | | | | | With this new parameter the directory where Kerberos configuration snippets are created can be specified. Fixes https://fedorahosted.org/sssd/ticket/2473 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Man: debug_timestamps and debug_microsecondsMichal Zidek2014-11-201-2/+6
| | | | | | | | | Add note that these two options are ignored if journald is used. https://fedorahosted.org/sssd/ticket/2498 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Update case_sensitive=Preserving in man pages.Michal Zidek2014-11-201-2/+5
| | | | https://fedorahosted.org/sssd/ticket/2462
* MAN: page edit for ldap_use_tokengroupsDan Lavu2014-11-191-1/+12
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2448 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* LDAP: Disable token groups by defaultLukas Slebodnik2014-11-121-1/+1
| | | | | | | | | | | | | | | | We tried to speed up processing of initgroup lookups with tokenGroups even for the LDAP provider (if remote server is Active Directory), but it turns out that there are too many corner cases that we didn't catch during development that break. For instance, groups from other trusted domains might appear in TG and the LDAP provider isn't equipped to handle them. Overall, users who wish to use the added speed benefits of tokenGroups are advised to use the AD provider. Resolves: https://fedorahosted.org/sssd/ticket/2483 Reviewed-by: Michal Židek <mzidek@redhat.com>
* Revert "LDAP: Change defaults for ldap_user/group_objectsid"Lukas Slebodnik2014-11-101-2/+2
| | | | | | | | | | | | This reverts commit f834f712548db811695ea0fd6d6b31d3bd03e2a3. OpenLDAP server cannot dereference unknown attributes. The attribute objectSID isn't in any standard objectclass on OpenLDAP server. This is a reason why objectSID cannot be set by default in rfc2307 map and rfc2307bis map. It is the same problem as using non standard attribute "nsUniqueId" in ticket https://fedorahosted.org/sssd/ticket/2383 Reviewed-by: Michal Židek <mzidek@redhat.com>
* Fix uuid defaultsSumit Bose2014-11-061-2/+4
| | | | | | | | | | | | | | | | | | Recently the uuid attributes for user and groups were removed because it was found that there are not used at all and that some of them where causing issues (https://fedorahosted.org/sssd/ticket/2383). The new views/overrides feature of FreeIPA uses the ipaUniqueID attribute to relate overrides with the original IPA objects. The previous two patches revert the removal of the uuid attributes from users and groups with this patch set the default value of these attributes to ipaUniqueID from the IPA provider, to objectGUID for the AD provider and leaves them unset for the general LDAP case to avoid issues like the one from ticket #2383. Related to https://fedorahosted.org/sssd/ticket/2481 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Revert "LDAP: Remove unused option ldap_group_uuid"Sumit Bose2014-11-061-0/+13
| | | | | | This reverts commit b5242c146cc0ca96e2b898a74fb060efda15bc77. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Revert "LDAP: Remove unused option ldap_user_uuid"Sumit Bose2014-11-061-0/+13
| | | | | | This reverts commit dfb2960ab251f609466fa660449703835c97f99a. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Views: apply user SSH public key overrideSumit Bose2014-11-051-0/+3
| | | | | | | | | | | | | With this patch the SSH public key override attribute is read from the FreeIPA server and saved in the cache with the other override data. Since it is possible to have multiple public SSH keys this override value does not replace any other data but will be added to existing values. Fixes https://fedorahosted.org/sssd/ticket/2454 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* nss: parse user_attributes optionSumit Bose2014-11-051-0/+26
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* NSS: Possibility to use any shells in 'allowed_shells'Denis Kutin2014-10-221-0/+10
| | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2219 Signed-off-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MAN PAGE: modified sssd-ldap.5.xml for sssd ticket #2451Dan Lavu2014-10-221-1/+25
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2451 Added a configuration example at the bottom for 'ldap_access_order = lockout'. Also added a line to note that 'ldap_access_provider = ldap' must be specified for this feature to work. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SSSD: Load a user to run a service as from configurationJakub Hrozek2014-10-221-0/+13
| | | | | | | | | | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2370 Adds a option, user to run as, that is specified in the [sssd] section. When this option is specified, SSSD will run as this user and his private group. When these are not specified, SSSD will run as the configure-time user and group (usually root). Currently all services and providers are started as root. There is a temporary svc_supported_as_nonroot() function that returns true for a service if that service runs and was tested as nonroot and false otherwise. Currently this function always returns false, but will be amended in future patches. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Updating the translations for the 1.12.2 releasesssd-1_12_2Jakub Hrozek2014-10-2016-5290/+10380
|
* LDAP: Change defaults for ldap_user/group_objectsidMichal Zidek2014-10-161-2/+2
| | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2361 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* IPA: add view support and get view nameSumit Bose2014-10-161-0/+142
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* NSS: UPN as a template expansion for homedir mappingsPavel Reichl2014-10-121-0/+4
| | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2340 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Build the sss_rpcidmapd man page conditionallyJakub Hrozek2014-10-091-1/+4
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* MAN: Document the domains option of pam_sssJakub Hrozek2014-10-011-0/+27
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* PAM: new options pam_trusted_users & pam_public_domainsPavel Reichl2014-09-291-0/+50
| | | | | | | | | | | | | pam_public_domains option is a list of numerical UIDs or user names that are trusted. pam_public_domains option is a list of domains accessible even for untrusted users. Based on: https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* MAN: AD is allowed value of subdomains_providerJakub Hrozek2014-09-181-0/+9
| | | | | | https://fedorahosted.org/sssd/ticket/2442 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Updating translations for the 1.12.1 releasesssd-1_12_1Jakub Hrozek2014-09-0816-12884/+24359
|
* MAN: Add sss_rpcidmapd.5.xml to the list of translatable man pagesJakub Hrozek2014-09-081-0/+1
|
* AD-GPO: config changes for gpo_map_* optionsYassir Elley2014-09-081-0/+329
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* NFSv4 client: man pageNoam Meltzer2014-09-083-1/+139
| | | | | | | | changes from previous patch: * fixed idmapd.conf example (sss plugin name) * squahsed the rpm spec into one commit Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SSS_CACHE: Allow sss_cache tool to flush SSH hosts cacheWilliam B2014-09-052-0/+37
| | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2358 Signed-off-by: Jan Cholasta <jcholast@redhat.com> Reviewed-by: Jan Cholasta <jcholast@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-01 18:42:22 +0000