summaryrefslogtreecommitdiffstats
path: root/src/man
Commit message (Collapse)AuthorAgeFilesLines
* Updating translations for the 1.10 beta2 releasesssd-1_9_94sssd-1_9_93sssd-1_10_beta2Jakub Hrozek2013-06-1115-12547/+14575
|
* A new option krb5_use_kdcinfoJakub Hrozek2013-06-102-0/+56
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/1883 The patch introduces a new Kerberos provider option called krb5_use_kdcinfo. The option is true by default in all providers. When set to false, the SSSD will not create krb5 info files that the locator plugin consumes and the user would have to set up the Kerberos options manually in krb5.conf
* back end: add refresh expired records periodic taskPavel Březina2013-06-101-0/+18
| | | | | | https://fedorahosted.org/sssd/ticket/1713 Add new option refresh_expired_interval.
* man: document the need to set ldap_access_orderJakub Hrozek2013-06-101-0/+21
| | | | | | | | https://fedorahosted.org/sssd/ticket/1789 ldap_access_order must be set in order to non-default access control options to work. This patch amends the sssd-ldap man page to document this fact with all non-default ldap_access_order options.
* Enhance PAC responder for AD usersSumit Bose2013-06-061-10/+10
| | | | | | | | | | | This patch modifies the PAC responder so that it can be used with the AD provider as well. The main difference is that the POSIX UIDs and GIDs are now lookup up with the help of the SID instead of being calculated algorithmically. This was necessary because the AD provider allows either algorithmic mapping or reading the value from attributes stored in AD. Fixes https://fedorahosted.org/sssd/ticket/1558
* MAN: state default dyndns interfaceOndrej Kos2013-05-302-2/+8
| | | | https://fedorahosted.org/sssd/ticket/1924
* Allow flat name in the FQname formatJakub Hrozek2013-05-301-5/+63
| | | | | | | https://fedorahosted.org/sssd/ticket/1648 Adds another expansion in the printf format that allows the user to use the domain flat name in the format.
* Add a domain config attribute for realmdStef Walter2013-05-231-0/+9
| | | | | realmd needs to be able to tag various domains with basic info when it configures a domain.
* Adding option to disable retrieving large AD groups.Lukas Slebodnik2013-05-231-0/+21
| | | | | | | | | This commit adds new option ldap_disable_range_retrieval with default value FALSE. If this option is enabled, large groups(>1500) will not be retrieved and behaviour will be similar like was before commit ae8d047122c "LDAP: Handle very large Active Directory groups" https://fedorahosted.org/sssd/ticket/1823
* man: Note that IPA updates are secured with GSS-TSIGJakub Hrozek2013-05-141-1/+2
|
* man: Clarify the AD site discovery documentationJakub Hrozek2013-05-141-1/+3
| | | | https://fedorahosted.org/sssd/ticket/1909
* man: Clarify that AD dyndns updates are secured using GSS-TSIGJakub Hrozek2013-05-131-1/+4
| | | | https://fedorahosted.org/sssd/ticket/1910
* Enable the AD dynamic DNS updates by defaultJakub Hrozek2013-05-131-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1915
* Fix a typo in sssd-ad man pageJakub Hrozek2013-05-131-1/+1
| | | | s/IPA/AD/
* AD: read flat name and SID of the AD domainSumit Bose2013-05-072-0/+8
| | | | | | | | | | | | | | | For various features either the flat/short/NetBIOS domain name or the domain SID is needed. Since the responders already try to do a subdomain lookup when and known domain name is encountered I added a subdomain lookup to the AD provider which currently only reads the SID from the base DN and the NetBIOS name from a reply of a LDAP ping. The results are written to the cache to have them available even if SSSD is started in offline mode. Looking up trusted domains can be added later. Since all the needed responder code is already available from the corresponding work for the IPA provider this patch fixes https://fedorahosted.org/sssd/ticket/1468
* Fix minor typosYuri Chornoivan2013-05-061-1/+1
|
* Updating the translations for the 1.10 beta1 releasesssd-1_9_92sssd-1_10_beta1Jakub Hrozek2013-05-0315-11401/+12875
|
* Active Directory dynamic DNS updatesJakub Hrozek2013-05-031-0/+90
| | | | | | | | https://fedorahosted.org/sssd/ticket/1504 Implements dynamic DNS updates for the AD provider. By default, the updates also update the reverse zone and run periodically every 24 hours.
* dyndns: new option dyndns_force_tcpJakub Hrozek2013-05-031-0/+13
| | | | | | | https://fedorahosted.org/sssd/ticket/1831 Adds a new option that can be used to force nsupdate to only use TCP to communicate with the DNS server.
* dyndns: New option dyndns_update_ptrJakub Hrozek2013-05-031-0/+20
| | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1832 While some servers, such as FreeIPA allow the PTR record to be synchronized when the forward record is updated, other servers, including Active Directory, require that the PTR record is synchronized manually. This patch adds a new option, dyndns_update_ptr that automatically generates appropriate DNS update message for updating the reverse zone. This option is off by default in the IPA provider. Also renames be_nsupdate_create_msg to be_nsupdate_create_fwd_msg
* dyndns: new option dyndns_refresh_intervalJakub Hrozek2013-05-031-0/+16
| | | | | | | This new options adds the possibility of updating the DNS entries periodically regardless if they have changed or not. This feature will be useful mainly in AD environments where the Windows clients periodically update their DNS records.
* Convert IPA-specific options to be back-end agnosticJakub Hrozek2013-05-031-5/+23
| | | | | | This patch introduces new options for dynamic DNS updates that are not specific to any back end. The current ipa dyndns options are still usable, just with a deprecation warning.
* SUDO: IPA providerLukas Slebodnik2013-05-031-27/+3
| | | | | | This patch added auto configuration SUDO with ipa provider and compat tree. https://fedorahosted.org/sssd/ticket/1733
* DNS sites support - add AD SRV pluginPavel Březina2013-05-021-0/+21
| | | | https://fedorahosted.org/sssd/ticket/1032
* Add override_homedir.xml to po4a.cfgSumit Bose2013-04-291-0/+1
| | | | | | | | Every man page source which should be translated must be listed in po4a.cfg. Please remember to add a line whenever a new man page or a new include file is created
* Document that the AD provider is case-insensitiveJakub Hrozek2013-04-261-0/+3
| | | | https://fedorahosted.org/sssd/ticket/1867
* Document the naming convention for SSSD domainsJakub Hrozek2013-04-261-0/+2
| | | | https://fedorahosted.org/sssd/ticket/1809
* Add exit status section to sss_ssh_* man pagesJan Cholasta2013-04-232-0/+16
|
* Allow usage of enterprise principalsSumit Bose2013-04-222-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | Enterprise principals are currently most useful for the AD provider and hence enabled here by default while for the other Kerberos based authentication providers they are disabled by default. If additional UPN suffixes are configured for the AD domain the user principal stored in the AD LDAP server might not contain the real Kerberos realm of the AD domain but one of the additional suffixes which might be completely randomly chooses, e.g. are not related to any existing DNS domain. This make it hard for a client to figure out the right KDC to send requests to. To get around this enterprise principals (see http://tools.ietf.org/html/rfc6806 for details) were introduced. Basically a default realm is added to the principal so that the Kerberos client libraries at least know where to send the request to. It is not in the responsibility of the KDC to either handle the request itself, return a client referral if he thinks a different KDC can handle the request or return and error. This feature is also use to allow authentication in AD environments with cross forest trusts. Fixes https://fedorahosted.org/sssd/ticket/1842
* DNS sites support - add IPA SRV pluginPavel Březina2013-04-101-0/+26
| | | | https://fedorahosted.org/sssd/ticket/1032
* Allow using flatname for subdomain home dir templateJakub Hrozek2013-04-101-1/+9
| | | | https://fedorahosted.org/sssd/ticket/1609
* Put the override_homedir into an included xml fileJakub Hrozek2013-04-103-141/+56
| | | | | The description was duplicated on two places, leading to errors where one was amended but the other was not.
* Allow setting krb5_renew_interval with a delimiterAriel Barria2013-04-031-2/+24
| | | | | | | https://fedorahosted.org/sssd/ticket/902 changed the data type the krb5_renew_interval to string. function krb5_string_to_deltat is used to convert and allow delimiters
* Fix typos in man pagesYuri Chornoivan2013-04-032-2/+2
|
* Updating the translations for the 1.10 alpha releasesssd-1_9_91sssd-1_10_alpha1Jakub Hrozek2013-04-0216-8900/+31591
|
* Document what does access_provider=ad doJakub Hrozek2013-03-211-0/+14
| | | | https://fedorahosted.org/sssd/ticket/1841
* ldap: Fallback option for rfc2307 schemaSimo Sorce2013-03-201-0/+31
| | | | | | | | | | | Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
* Make the SELinux refresh time configurable.Michal Zidek2013-03-191-0/+17
| | | | Option ipa_selinux_refresh is added to basic ipa options.
* Decrease krb5_auth_timeout defaultOndrej Kos2013-03-181-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1738
* Remove enumerate=true from man sssd-ldapJakub Hrozek2013-02-261-1/+0
| | | | https://fedorahosted.org/sssd/ticket/1737
* NSS: Add original homedir to home directory template optionsStephen Gallagher2013-02-101-0/+7
| | | | https://fedorahosted.org/sssd/ticket/1805
* Correct sss_ssh_knowhostsproxy typo in man pagesJohn Hodrien2013-02-011-1/+1
|
* MAN: Clarify that saving users after enumerating large domain might be CPU ↵Jakub Hrozek2013-01-281-1/+9
| | | | | | intensive https://fedorahosted.org/sssd/ticket/1732
* try primary server after retry_timeout + 1 seconds when switching to backupPavel Březina2012-12-181-1/+1
| | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1679 The problem is when we are about to reset the server status, we don't get through the timeout (30 seconds) because the "switch to primary server" task is scheduled 30 seconds after fall back to a backup server. Thus the server status remains "not working" and is resetted after another 30 seconds. We need to make sure that the server status is tried after the timeout period. retry_timeout is currently hardcoded to 30, thus the change in man page.
* MAN: Fix the title of sssd-sudoJakub Hrozek2012-12-131-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1710
* sudo manpage: clarify that sudoHost may contain wildcards and not regular ↵Pavel Březina2012-12-112-2/+2
| | | | | | expression https://fedorahosted.org/sssd/ticket/1690
* MAN: Move ssh_known_hosts_timeout documentation to the correct sectionJan Cholasta2012-12-051-12/+12
|
* LDAP: Make it possible to use full principal in ldap_sasl_authid againJakub Hrozek2012-11-191-0/+5
|
* MAN: document the ldap_sasl_realm optionJakub Hrozek2012-11-191-0/+13
| | | | The option was completely undocumented.
* MAN: quotation fixOndrej Kos2012-11-161-1/+1
| | | | | I noticed that the proxy in auth_provider section of sssd.conf manpage isn't quoted when all others are.
generated by cgit (git 2.34.1) at 2024-05-04 11:22:09 +0000