summaryrefslogtreecommitdiffstats
path: root/src/man
Commit message (Collapse)AuthorAgeFilesLines
* MAN: libkrb5 and SSSD use different expansionsPavel Reichl2015-03-131-0/+9
| | | | | | | | | | Users often wrongly use SSSD expansions in libkrb5 expansion template for principals. State explicitly it won't work. Resolves: https://fedorahosted.org/sssd/ticket/2528 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: default_domain_suffix with use_fully_qualified_names.Michal Zidek2015-03-111-2/+6
| | | | | | https://fedorahosted.org/sssd/ticket/2569 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SDAP: Lock out ssh keys when account naturally expiresPavel Reichl2015-03-051-0/+14
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2534 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SDAP: enable change phase of pw expire policy checkPavel Reichl2015-03-031-0/+27
| | | | | | | | | | | | | Implement new option which does checking password expiration policy in accounting phase. This allows SSSD to issue shadow expiration warning even if alternate authentication method is used. Resolves: https://fedorahosted.org/sssd/ticket/2167 Reviewed-by: Sumit Bose <sbose@redhat.com>
* PAM: new option pam_account_expired_messagePavel Reichl2015-02-231-0/+21
| | | | | | | | | | This option sets string to be printed when authenticating using SSH keys and account is expired. Resolves: https://fedorahosted.org/sssd/ticket/2050 Reviewed-by: Sumit Bose <sbose@redhat.com>
* MAN: amend sss_ssh_authorizedkeysPavel Reichl2015-01-271-2/+3
| | | | | | | Directive AuthorizedKeysCommand should be used in conjunction with AuthorizedKeysCommandUser. Reviewed-by: Jan Cholasta <jcholast@redhat.com>
* AD: add new option ad_sitePavel Reichl2015-01-261-0/+14
| | | | | | | | | This option overrides a result of the automatic site discovery. Resolves: https://fedorahosted.org/sssd/ticket/2486 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* MAN: add dots as valid character in domain namesPavel Reichl2015-01-151-1/+1
| | | | | | | | | Add dots into a set of allowed characters for domain names. Resolves: https://fedorahosted.org/sssd/ticket/2527 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: dyndns_iface supports only one interfacePavel Reichl2015-01-152-0/+6
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2548 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Amend the description of ignore_group_membersJohn Dickerson2015-01-151-1/+19
| | | | | | | | | | | | The option description should hint that enabling this option may have a positive effect on access control, especially with large groups. See https://bugzilla.redhat.com/show_bug.cgi?id=1172338 for an example where ignoring the group members helped. Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* GPO: add systemd-user to gpo default permit listPavel Reichl2015-01-151-0/+5
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2556 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* MAN: Remove indentation in element programlisteningLukas Slebodnik2015-01-146-38/+38
| | | | | | | | The indentation is automatically in resulting man page. It isn't necessary to add spaces and moreover it can cause unreadable page asi in case of ad_gpo_map examples. Reviewed-by: Roland Mainz <rmainz@redhat.com>
* MAN: Fix a typoJakub Hrozek2015-01-081-1/+1
| | | | Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
* Updating translations for the 1.12.3 releasesssd-1_12_3Jakub Hrozek2015-01-0816-17640/+18596
|
* MAN: Clarify ad_gpo_map* optionsDan Lavu2014-12-161-0/+11
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2515
* MAN: Misspelled username in pam_trusted_users is not fatalJakub Hrozek2014-12-131-5/+0
| | | | | | | | | | | The man page claimed that failing to resolve an user name results in failure to start SSSD, but it's not the case and shouldn't be, because marking a user as trusted only elevates privileges, so it's safe to ignore that failure. https://fedorahosted.org/sssd/ticket/2530 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* AD/IPA: add krb5_confd_path configuration optionSumit Bose2014-11-252-0/+36
| | | | | | | | | With this new parameter the directory where Kerberos configuration snippets are created can be specified. Fixes https://fedorahosted.org/sssd/ticket/2473 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Man: debug_timestamps and debug_microsecondsMichal Zidek2014-11-201-2/+6
| | | | | | | | | Add note that these two options are ignored if journald is used. https://fedorahosted.org/sssd/ticket/2498 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Update case_sensitive=Preserving in man pages.Michal Zidek2014-11-201-2/+5
| | | | https://fedorahosted.org/sssd/ticket/2462
* MAN: page edit for ldap_use_tokengroupsDan Lavu2014-11-191-1/+12
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2448 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* LDAP: Disable token groups by defaultLukas Slebodnik2014-11-121-1/+1
| | | | | | | | | | | | | | | | We tried to speed up processing of initgroup lookups with tokenGroups even for the LDAP provider (if remote server is Active Directory), but it turns out that there are too many corner cases that we didn't catch during development that break. For instance, groups from other trusted domains might appear in TG and the LDAP provider isn't equipped to handle them. Overall, users who wish to use the added speed benefits of tokenGroups are advised to use the AD provider. Resolves: https://fedorahosted.org/sssd/ticket/2483 Reviewed-by: Michal Židek <mzidek@redhat.com>
* Revert "LDAP: Change defaults for ldap_user/group_objectsid"Lukas Slebodnik2014-11-101-2/+2
| | | | | | | | | | | | This reverts commit f834f712548db811695ea0fd6d6b31d3bd03e2a3. OpenLDAP server cannot dereference unknown attributes. The attribute objectSID isn't in any standard objectclass on OpenLDAP server. This is a reason why objectSID cannot be set by default in rfc2307 map and rfc2307bis map. It is the same problem as using non standard attribute "nsUniqueId" in ticket https://fedorahosted.org/sssd/ticket/2383 Reviewed-by: Michal Židek <mzidek@redhat.com>
* Fix uuid defaultsSumit Bose2014-11-061-2/+4
| | | | | | | | | | | | | | | | | | Recently the uuid attributes for user and groups were removed because it was found that there are not used at all and that some of them where causing issues (https://fedorahosted.org/sssd/ticket/2383). The new views/overrides feature of FreeIPA uses the ipaUniqueID attribute to relate overrides with the original IPA objects. The previous two patches revert the removal of the uuid attributes from users and groups with this patch set the default value of these attributes to ipaUniqueID from the IPA provider, to objectGUID for the AD provider and leaves them unset for the general LDAP case to avoid issues like the one from ticket #2383. Related to https://fedorahosted.org/sssd/ticket/2481 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Revert "LDAP: Remove unused option ldap_group_uuid"Sumit Bose2014-11-061-0/+13
| | | | | | This reverts commit b5242c146cc0ca96e2b898a74fb060efda15bc77. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Revert "LDAP: Remove unused option ldap_user_uuid"Sumit Bose2014-11-061-0/+13
| | | | | | This reverts commit dfb2960ab251f609466fa660449703835c97f99a. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Views: apply user SSH public key overrideSumit Bose2014-11-051-0/+3
| | | | | | | | | | | | | With this patch the SSH public key override attribute is read from the FreeIPA server and saved in the cache with the other override data. Since it is possible to have multiple public SSH keys this override value does not replace any other data but will be added to existing values. Fixes https://fedorahosted.org/sssd/ticket/2454 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* nss: parse user_attributes optionSumit Bose2014-11-051-0/+26
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* NSS: Possibility to use any shells in 'allowed_shells'Denis Kutin2014-10-221-0/+10
| | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2219 Signed-off-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MAN PAGE: modified sssd-ldap.5.xml for sssd ticket #2451Dan Lavu2014-10-221-1/+25
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2451 Added a configuration example at the bottom for 'ldap_access_order = lockout'. Also added a line to note that 'ldap_access_provider = ldap' must be specified for this feature to work. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SSSD: Load a user to run a service as from configurationJakub Hrozek2014-10-221-0/+13
| | | | | | | | | | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2370 Adds a option, user to run as, that is specified in the [sssd] section. When this option is specified, SSSD will run as this user and his private group. When these are not specified, SSSD will run as the configure-time user and group (usually root). Currently all services and providers are started as root. There is a temporary svc_supported_as_nonroot() function that returns true for a service if that service runs and was tested as nonroot and false otherwise. Currently this function always returns false, but will be amended in future patches. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Updating the translations for the 1.12.2 releasesssd-1_12_2Jakub Hrozek2014-10-2016-5290/+10380
|
* LDAP: Change defaults for ldap_user/group_objectsidMichal Zidek2014-10-161-2/+2
| | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2361 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* IPA: add view support and get view nameSumit Bose2014-10-161-0/+142
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* NSS: UPN as a template expansion for homedir mappingsPavel Reichl2014-10-121-0/+4
| | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2340 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Build the sss_rpcidmapd man page conditionallyJakub Hrozek2014-10-091-1/+4
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* MAN: Document the domains option of pam_sssJakub Hrozek2014-10-011-0/+27
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* PAM: new options pam_trusted_users & pam_public_domainsPavel Reichl2014-09-291-0/+50
| | | | | | | | | | | | | pam_public_domains option is a list of numerical UIDs or user names that are trusted. pam_public_domains option is a list of domains accessible even for untrusted users. Based on: https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* MAN: AD is allowed value of subdomains_providerJakub Hrozek2014-09-181-0/+9
| | | | | | https://fedorahosted.org/sssd/ticket/2442 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Updating translations for the 1.12.1 releasesssd-1_12_1Jakub Hrozek2014-09-0816-12884/+24359
|
* MAN: Add sss_rpcidmapd.5.xml to the list of translatable man pagesJakub Hrozek2014-09-081-0/+1
|
* AD-GPO: config changes for gpo_map_* optionsYassir Elley2014-09-081-0/+329
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* NFSv4 client: man pageNoam Meltzer2014-09-083-1/+139
| | | | | | | | changes from previous patch: * fixed idmapd.conf example (sss plugin name) * squahsed the rpm spec into one commit Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SSS_CACHE: Allow sss_cache tool to flush SSH hosts cacheWilliam B2014-09-052-0/+37
| | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2358 Signed-off-by: Jan Cholasta <jcholast@redhat.com> Reviewed-by: Jan Cholasta <jcholast@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Replace space: add some checksSumit Bose2014-09-011-3/+5
| | | | | | | | | | | | | | | | | | | | | | | This patch adds some additional checks if the option for replacing spaces in user and group names is used. When replacing space with the replacement character it is checked if the name already contains the replacement character. If it does the unmodified name is returned because in this case a revers operation would not be possible. For the reverse operation is it checked if the input contains both a space and the replacement character. If this is true the unmodified name is returned as well, because we have to assume that it is the original name because otherwise it wouldn't contain both characters. Additionally a shortcut if the replacement characters is a space and tests for the new checks are added. The man page is updated accordingly. Related to https://fedorahosted.org/sssd/ticket/1854 and https://fedorahosted.org/sssd/ticket/2397 . Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Fix a conversion of seconds to hoursLukas Slebodnik2014-09-011-1/+1
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2423 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* SDAP: Set default value of ldap_user_ssh_public_key to "sshPublicKey"Jan Cholasta2014-09-011-0/+3
| | | | | | https://fedorahosted.org/sssd/ticket/1560 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MAN: options 'lockout' and 'ldap_pwdlockout_dn'Pavel Reichl2014-08-271-0/+27
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2364 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* BE: Handle SIGUSR2Jakub Hrozek2014-08-131-4/+8
| | | | | | | | | It was possible to send SIGUSR1 and to both sssd and sssd_be processes, but only possible to send SIGUSR2 to sssd. This patches fixes the dichotomy by making the sssd_be process handle SIGUSR2 as well. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Dan Lavu <dlavu@redhat.com>
* Make the space override responder-agnosticJakub Hrozek2014-08-131-17/+23
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2397 In order to make the override_space option usable by other responders, we need to move the override_space option to the generic responder structure. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Only replace space with the specified substitutionJakub Hrozek2014-08-131-5/+5
| | | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2397 - make sss_replace_whitespaces only replace space (' ') not any whitespace - make sss_replace_whitespaces only replace a single char, not the whole string - rename CONFDB_NSS_OVERRIDE_DEFAULT_WHITESPACE to CONFDB_NSS_OVERRIDE_DEFAULT_SPACE - rename the override_default_whitespace option to override_space - rename sss_replace_whitespaces() to sss_replace_space() - rename sss_reverse_replace_whitespaces() to sss_reverse_replace_space() - rename nctx->override_default_wsp_str to nctx->override_space - make the return value of sss_replace_space non-const to avoid freeing the result without compilation warnings Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
generated by cgit (git 2.34.1) at 2024-10-01 15:30:02 +0000