summaryrefslogtreecommitdiffstats
path: root/src/man
Commit message (Collapse)AuthorAgeFilesLines
* Updating translations for the 1.12.5 releasesssd-1_12_5Jakub Hrozek2015-06-1217-8316/+21553
|
* subdomains: Inherit cleanup period and tokengroup settings from parent domainJakub Hrozek2015-06-081-0/+9
| | | | | | | | | | | | Allows the administrator to extend the functionality of ldap_purge_cache_timeout, ldap_user_principal and ldap_use_tokengroups to the subdomains. This is a less intrusive way of achieving: https://fedorahosted.org/sssd/ticket/2627 Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit 9b162bf39ef75629f54ffa1d0bd5f9c13119b650)
* UTIL: Inherit ignore_group_membersJakub Hrozek2015-06-081-0/+4
| | | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2644 Allows the administrators to extend ignore_group_members to subdomains as well by setting: subdomain_inherit = ignore_group_members in the domain section. Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit 01c049ceef55c7bbfca1e47cecb2a0a2cf0a5d44)
* confdb: Add new option subdomain_inheritJakub Hrozek2015-06-081-1/+19
| | | | | | | | | | | | | | | Adds a new option subdomain_inherit that would allow administrators to pick and choose which option to pass to subdomains. This option is required for: https://fedorahosted.org/sssd/ticket/2644 as a short-term fix. The proper solution is described in: https://fedorahosted.org/sssd/ticket/2599 Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit 1711cbfd2e36d44af1ae50e3a2beeec3a1f0b5e8)
* krb5: new option krb5_map_userPavel Reichl2015-05-281-0/+36
| | | | | | | | | | New option `krb5_map_user` providing mapping of ID provider names to Kerberos principals. Resolves: https://fedorahosted.org/sssd/ticket/2509 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: refresh_expired_interval also supports users and groupsJakub Hrozek2015-05-181-2/+2
| | | | | | Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 5c2f80ef0b6ace6b331bcf99e5e5c7d73cfb92c6)
* LDAP: warn about lockout option being deprecatedPavel Reichl2015-05-141-0/+7
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 108a49f0e816d95cf75a1e964f63b397e53c8b56)
* MAN: Update ppolicy descriptionPavel Reichl2015-03-271-4/+7
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2612 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> (cherry picked from commit 1426ee8756a1df4ec0651417dce92e1dcc8a246d)
* MAN: libkrb5 and SSSD use different expansionsPavel Reichl2015-03-131-0/+9
| | | | | | | | | | | Users often wrongly use SSSD expansions in libkrb5 expansion template for principals. State explicitly it won't work. Resolves: https://fedorahosted.org/sssd/ticket/2528 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 33b8bf140b1d82d2626eeeaaea29af49dcdb3c99)
* SDAP: Lock out ssh keys when account naturally expiresPavel Reichl2015-03-061-0/+14
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2534 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SDAP: enable change phase of pw expire policy checkPavel Reichl2015-03-031-0/+27
| | | | | | | | | | | | | | Implement new option which does checking password expiration policy in accounting phase. This allows SSSD to issue shadow expiration warning even if alternate authentication method is used. Resolves: https://fedorahosted.org/sssd/ticket/2167 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit c9b0071bfcb8eb8c71e40248de46d23aceecc0f3)
* PAM: new option pam_account_expired_messagePavel Reichl2015-02-231-0/+21
| | | | | | | | | | | This option sets string to be printed when authenticating using SSH keys and account is expired. Resolves: https://fedorahosted.org/sssd/ticket/2050 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit e039f1aefecc65a7b3c2d4a13a612bff1dd367c8)
* Updating translations for the 1.12.4 releasesssd-1_12_4Jakub Hrozek2015-02-1816-3504/+3956
|
* MAN: amend sss_ssh_authorizedkeysPavel Reichl2015-01-301-2/+3
| | | | | | | | Directive AuthorizedKeysCommand should be used in conjunction with AuthorizedKeysCommandUser. Reviewed-by: Jan Cholasta <jcholast@redhat.com> (cherry picked from commit ab5f9b58ae740868cb09e92379ed41d30b9401ac)
* AD: add new option ad_sitePavel Reichl2015-01-261-0/+14
| | | | | | | | | | This option overrides a result of the automatic site discovery. Resolves: https://fedorahosted.org/sssd/ticket/2486 Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit b22e0da9e644f5eb84ee0c8986979fec3fe7eb56)
* MAN: add dots as valid character in domain namesPavel Reichl2015-01-151-1/+1
| | | | | | | | | | Add dots into a set of allowed characters for domain names. Resolves: https://fedorahosted.org/sssd/ticket/2527 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 9a15eb105d01d9e100e69e9d66fb8e880b228246)
* MAN: dyndns_iface supports only one interfacePavel Reichl2015-01-152-0/+6
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2548 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 702176303382b5a385e90fe68ad2c32bd708ebf1)
* GPO: add systemd-user to gpo default permit listPavel Reichl2015-01-151-0/+5
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2556 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> (cherry picked from commit b49c6abe12721ee8442be1c1bd6c15443b518ca2)
* Updating translations for the 1.12.3 releasesssd-1_12_3Jakub Hrozek2015-01-0816-17640/+18596
|
* MAN: Clarify ad_gpo_map* optionsDan Lavu2014-12-161-0/+11
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2515
* MAN: Misspelled username in pam_trusted_users is not fatalJakub Hrozek2014-12-131-5/+0
| | | | | | | | | | | The man page claimed that failing to resolve an user name results in failure to start SSSD, but it's not the case and shouldn't be, because marking a user as trusted only elevates privileges, so it's safe to ignore that failure. https://fedorahosted.org/sssd/ticket/2530 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* AD/IPA: add krb5_confd_path configuration optionSumit Bose2014-11-252-0/+36
| | | | | | | | | With this new parameter the directory where Kerberos configuration snippets are created can be specified. Fixes https://fedorahosted.org/sssd/ticket/2473 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Man: debug_timestamps and debug_microsecondsMichal Zidek2014-11-201-2/+6
| | | | | | | | | Add note that these two options are ignored if journald is used. https://fedorahosted.org/sssd/ticket/2498 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Update case_sensitive=Preserving in man pages.Michal Zidek2014-11-201-2/+5
| | | | https://fedorahosted.org/sssd/ticket/2462
* MAN: page edit for ldap_use_tokengroupsDan Lavu2014-11-191-1/+12
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2448 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* LDAP: Disable token groups by defaultLukas Slebodnik2014-11-121-1/+1
| | | | | | | | | | | | | | | | We tried to speed up processing of initgroup lookups with tokenGroups even for the LDAP provider (if remote server is Active Directory), but it turns out that there are too many corner cases that we didn't catch during development that break. For instance, groups from other trusted domains might appear in TG and the LDAP provider isn't equipped to handle them. Overall, users who wish to use the added speed benefits of tokenGroups are advised to use the AD provider. Resolves: https://fedorahosted.org/sssd/ticket/2483 Reviewed-by: Michal Židek <mzidek@redhat.com>
* Revert "LDAP: Change defaults for ldap_user/group_objectsid"Lukas Slebodnik2014-11-101-2/+2
| | | | | | | | | | | | This reverts commit f834f712548db811695ea0fd6d6b31d3bd03e2a3. OpenLDAP server cannot dereference unknown attributes. The attribute objectSID isn't in any standard objectclass on OpenLDAP server. This is a reason why objectSID cannot be set by default in rfc2307 map and rfc2307bis map. It is the same problem as using non standard attribute "nsUniqueId" in ticket https://fedorahosted.org/sssd/ticket/2383 Reviewed-by: Michal Židek <mzidek@redhat.com>
* Fix uuid defaultsSumit Bose2014-11-061-2/+4
| | | | | | | | | | | | | | | | | | Recently the uuid attributes for user and groups were removed because it was found that there are not used at all and that some of them where causing issues (https://fedorahosted.org/sssd/ticket/2383). The new views/overrides feature of FreeIPA uses the ipaUniqueID attribute to relate overrides with the original IPA objects. The previous two patches revert the removal of the uuid attributes from users and groups with this patch set the default value of these attributes to ipaUniqueID from the IPA provider, to objectGUID for the AD provider and leaves them unset for the general LDAP case to avoid issues like the one from ticket #2383. Related to https://fedorahosted.org/sssd/ticket/2481 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Revert "LDAP: Remove unused option ldap_group_uuid"Sumit Bose2014-11-061-0/+13
| | | | | | This reverts commit b5242c146cc0ca96e2b898a74fb060efda15bc77. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Revert "LDAP: Remove unused option ldap_user_uuid"Sumit Bose2014-11-061-0/+13
| | | | | | This reverts commit dfb2960ab251f609466fa660449703835c97f99a. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Views: apply user SSH public key overrideSumit Bose2014-11-051-0/+3
| | | | | | | | | | | | | With this patch the SSH public key override attribute is read from the FreeIPA server and saved in the cache with the other override data. Since it is possible to have multiple public SSH keys this override value does not replace any other data but will be added to existing values. Fixes https://fedorahosted.org/sssd/ticket/2454 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* nss: parse user_attributes optionSumit Bose2014-11-051-0/+26
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* NSS: Possibility to use any shells in 'allowed_shells'Denis Kutin2014-10-221-0/+10
| | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2219 Signed-off-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MAN PAGE: modified sssd-ldap.5.xml for sssd ticket #2451Dan Lavu2014-10-221-1/+25
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2451 Added a configuration example at the bottom for 'ldap_access_order = lockout'. Also added a line to note that 'ldap_access_provider = ldap' must be specified for this feature to work. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SSSD: Load a user to run a service as from configurationJakub Hrozek2014-10-221-0/+13
| | | | | | | | | | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2370 Adds a option, user to run as, that is specified in the [sssd] section. When this option is specified, SSSD will run as this user and his private group. When these are not specified, SSSD will run as the configure-time user and group (usually root). Currently all services and providers are started as root. There is a temporary svc_supported_as_nonroot() function that returns true for a service if that service runs and was tested as nonroot and false otherwise. Currently this function always returns false, but will be amended in future patches. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Updating the translations for the 1.12.2 releasesssd-1_12_2Jakub Hrozek2014-10-2016-5290/+10380
|
* LDAP: Change defaults for ldap_user/group_objectsidMichal Zidek2014-10-161-2/+2
| | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2361 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* IPA: add view support and get view nameSumit Bose2014-10-161-0/+142
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* NSS: UPN as a template expansion for homedir mappingsPavel Reichl2014-10-121-0/+4
| | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2340 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Build the sss_rpcidmapd man page conditionallyJakub Hrozek2014-10-091-1/+4
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* MAN: Document the domains option of pam_sssJakub Hrozek2014-10-011-0/+27
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* PAM: new options pam_trusted_users & pam_public_domainsPavel Reichl2014-09-291-0/+50
| | | | | | | | | | | | | pam_public_domains option is a list of numerical UIDs or user names that are trusted. pam_public_domains option is a list of domains accessible even for untrusted users. Based on: https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* MAN: AD is allowed value of subdomains_providerJakub Hrozek2014-09-181-0/+9
| | | | | | https://fedorahosted.org/sssd/ticket/2442 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Updating translations for the 1.12.1 releasesssd-1_12_1Jakub Hrozek2014-09-0816-12884/+24359
|
* MAN: Add sss_rpcidmapd.5.xml to the list of translatable man pagesJakub Hrozek2014-09-081-0/+1
|
* AD-GPO: config changes for gpo_map_* optionsYassir Elley2014-09-081-0/+329
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* NFSv4 client: man pageNoam Meltzer2014-09-083-1/+139
| | | | | | | | changes from previous patch: * fixed idmapd.conf example (sss plugin name) * squahsed the rpm spec into one commit Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SSS_CACHE: Allow sss_cache tool to flush SSH hosts cacheWilliam B2014-09-052-0/+37
| | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2358 Signed-off-by: Jan Cholasta <jcholast@redhat.com> Reviewed-by: Jan Cholasta <jcholast@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Replace space: add some checksSumit Bose2014-09-011-3/+5
| | | | | | | | | | | | | | | | | | | | | | | This patch adds some additional checks if the option for replacing spaces in user and group names is used. When replacing space with the replacement character it is checked if the name already contains the replacement character. If it does the unmodified name is returned because in this case a revers operation would not be possible. For the reverse operation is it checked if the input contains both a space and the replacement character. If this is true the unmodified name is returned as well, because we have to assume that it is the original name because otherwise it wouldn't contain both characters. Additionally a shortcut if the replacement characters is a space and tests for the new checks are added. The man page is updated accordingly. Related to https://fedorahosted.org/sssd/ticket/1854 and https://fedorahosted.org/sssd/ticket/2397 . Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Fix a conversion of seconds to hoursLukas Slebodnik2014-09-011-1/+1
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2423 Reviewed-by: Pavel Reichl <preichl@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-10 17:51:27 +0000