summaryrefslogtreecommitdiffstats
path: root/src/man
Commit message (Collapse)AuthorAgeFilesLines
* MAN: Clarify the GC support a bitJakub Hrozek2014-03-111-5/+13
| | | | | | | | | | It should be noted that disabling GC does *not* disable lookups from trusted domains. Disabling GC might be a a good way for admins who wish to use POSIX attributes in trusted domains and the man page should hint this option. Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit fdaaf2525e333af04ee9b48429b6766b5fd6cab6)
* SUDO: AD providerSumit Bose2014-03-022-6/+15
| | | | | | | | | | | | | | | This patch adds the sudo target to the AD provider. The main reason is to cover different default settings in the LDAP and AD provider. E.g. the default for ldap_id_mapping is True in the AD provider and False in the LDAP provider. If ldap_id_mapping was not set explicitly in the config file both components worked with different setting. Fixes https://fedorahosted.org/sssd/ticket/2256 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 61804568ce5ede3b1a699cda17c033dd6c23f0e3)
* MAN: Clarify that changing ID mapping options might require purging the cacheJakub Hrozek2014-02-261-0/+42
| | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2252 Currently SSSD chokes when IDs of users change, we don't support ID changes yet. Because some users were confused about the failures, this patch adds additional clarification. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> (cherry picked from commit 3dfa09a826e5f63b4948462c2452937fc329834d)
* MAN: Clarify the ldap_access_filter option furtherJakub Hrozek2014-02-261-4/+5
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2235 The memberof example was misleading and was making aministrators think that the ldap_access_filter can resolve nested group memberships. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> (cherry picked from commit 604d46e028ab62f83060fb88bdd3319a31aca2d1)
* Updating translations for the 1.11.4 releasesssd-1_11_4Jakub Hrozek2014-02-1715-5990/+6425
|
* MAN: Clarify the new krb5_use_fast IPA defaultJakub Hrozek2014-02-172-1/+35
|
* MAN: update of subdomain_homedir usagePavel Reichl2014-02-111-1/+2
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2169 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: clarify which shell option takes precedenceJakub Hrozek2014-01-291-6/+7
|
* MAN: Fix a typoJakub Hrozek2014-01-201-1/+1
|
* Updating translations for the 1.11.3 releasesssd-1_11_3Jakub Hrozek2013-12-1915-4818/+5441
|
* AD: Add a new option to turn off GC lookupsJakub Hrozek2013-12-191-0/+17
| | | | | | | | | | SSSD now defaults to using GC by default. For some environments, for instance those that don't or can't replicate the POSIX attributes to Global Catalog, this might not be desirable. This patch introduces a new option ad_enable_gc, that is enabled by default. Setting this option to false makes the SSSD contact only the LDAP port of AD DCs.
* Add new option ldap_group_typeSumit Bose2013-12-191-0/+21
|
* AD: Fix a typo in the man pageJakub Hrozek2013-11-271-1/+1
| | | | https://fedorahosted.org/sssd/ticket/2154
* Updating translation for the 1.11.2 releasesssd-1_11_2Jakub Hrozek2013-10-3015-2244/+3694
|
* MAN: Document that krb5 directories can only be created as privateJakub Hrozek2013-10-291-10/+3
|
* AD: Add extended access filterJakub Hrozek2013-10-251-3/+38
| | | | | | | https://fedorahosted.org/sssd/ticket/2082 Adds a new option that allows the admin to specify a LDAP access filter that can be applied globally, per-domain or per-forest.
* AD: Add a new option ad_access_filterJakub Hrozek2013-10-251-0/+24
| | | | | | | This patch just adds the option, it doesn't do anything useful yet. Related: https://fedorahosted.org/sssd/ticket/2082
* MAN: Reflow debug_levels.xmlStephen Gallagher2013-10-071-13/+20
| | | | | | Many lines in debug_levels.xml violated our line-length conventsions. This patch provides no functional changes, it simply brings those lines into compliance.
* MAN: Clarify debug level documentationStephen Gallagher2013-10-071-6/+20
| | | | | | | Originally, we planned to deprecate the decimal values for the debug levels, but that has proven to be too difficult for most users to understand. Instead, we will document both the simple decimal and complex bitmask values and recommend the use of the decimal values.
* Updating the translations for the 1.11.1 releasesssd-1_11_1Jakub Hrozek2013-09-2715-5924/+7003
|
* MAN: Document that POSIX attributes must be replicated to GCJakub Hrozek2013-09-271-0/+5
| | | | | | Currently the AD provider relies on the presence of the POSIX attributes in the Global Catalog. This patch mentiones the fact in the sssd-ad(5) manual page.
* man: server side password policies always takes precedencePavel Březina2013-09-241-0/+5
| | | | https://fedorahosted.org/sssd/ticket/2091
* man: improve sssd-sudo manual pagePavel Březina2013-09-201-2/+22
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2085
* man sssd: Add note about SSS_NSS_USE_MEMCACHEMichal Zidek2013-09-131-0/+8
|
* Fix reference to sssd-krb5 man pageNikolai Kondrashov2013-09-051-1/+1
| | | | | Replace incorrect reference to "sssd-krb5.conf" manpage with the correct "sssd-krb5" in sssd_krb5_locator_plugin man page source.
* MAN: Document that sss_cache should be run after changing the cache timeoutJakub Hrozek2013-09-051-0/+13
|
* Updating translations for the 1.11.0 releaseJakub Hrozek2013-08-2815-4794/+5827
|
* Add a new option to control subdomain enumerationJakub Hrozek2013-08-281-0/+27
|
* krb5: Fetch ccname template from krb5.confStephen Gallagher2013-08-281-1/+10
| | | | | | | | | | | | | In order to use the same defaults in all system daemons that needs to know how to generate or search for ccaches we introduce ode here to take advantage of the new option called default_ccache_name provided by libkrb5. If set this variable we establish the same default for all programs that surce it out of krb5.conf therefore providing a consistent experience across the system. Related: https://fedorahosted.org/sssd/ticket/2036
* KRB5: Add support for KEYRING cache typeStephen Gallagher2013-08-271-6/+17
| | | | https://fedorahosted.org/sssd/ticket/2036
* MAN: AD provider only supports trusted domains from the same forestJakub Hrozek2013-08-241-0/+5
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2044
* Netgroups should ignore the 'use_fully_qualified_names' settingStephen Gallagher2013-07-291-0/+7
| | | | | | | | | | | Netgroups often have memberNisNetgroup entries included in them that will never process correctly if we require fully-qualified names on the nested lookup. This patch alters the behavior of netgroup lookups to check *all* domains for an unqualified netgroup name, instead of only the ones not requiring fully- qualified names. https://fedorahosted.org/sssd/ticket/2013
* Fix two minor typosYuri Chornoivan2013-07-251-1/+1
|
* Updating translations for the 1.11 beta2 releasesssd-1_11_0_beta2sssd-1_10_92Jakub Hrozek2013-07-2415-3402/+3974
|
* Set default DNS resolution timeout to 6 seconds.Michal Zidek2013-07-241-1/+1
| | | | | | | | Partially solves ticket: https://fedorahosted.org/sssd/ticket/1966 To avoid the problem mentioned in the ticket above, option dns_discovery_domain must be set properly.
* MAN: Clarify the min_id/max_id limits furtherJakub Hrozek2013-07-171-0/+4
| | | | | | | | | https://fedorahosted.org/sssd/ticket/2005 Some users were confused by our description of min_id/max_id and thought the limits only applied to returning entries from the NSS responder. However, the limits are actually enforced on the back end side, so the entries are not even saved to cache.
* MAN: IP addresss does not work when used for ad_serverJakub Hrozek2013-07-171-1/+1
| | | | | | | https://fedorahosted.org/sssd/ticket/1998 Currently using IP address as value of ad_server is not supported, so the man pages should not mention that as an option.
* MAN: clarify the default access provider for ADJakub Hrozek2013-07-171-0/+5
| | | | | | | | https://fedorahosted.org/sssd/ticket/1965 After we added a section that clarified what access_provider=ad did, some users were confused and thought that "ad" was also the default access provider if "id_provider=ad" was specified.
* sss_cache: Add option to invalidate all entriesMichal Zidek2013-07-101-0/+10
| | | | | | Option -E/--everething was added to invalide all types of entries. https://fedorahosted.org/sssd/ticket/1988
* Do not copy special files when creating homedirOndrej Kos2013-07-091-0/+4
| | | | | | https://fedorahosted.org/sssd/ticket/1778 When trying to copy special file, only message is logged now.
* Updating translations for the 1.11 beta1 releasesssd-1_11_0_beta1sssd-1_10_90Jakub Hrozek2013-06-2815-3715/+4331
|
* IPA: Add a server mode optionJakub Hrozek2013-06-281-0/+19
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1993 SSSD needs to know that it is running on an IPA server and should not look up trusted users and groups with the help of the extdom plugin but do the lookups on its own. For this a new boolean configuration option, is introduced which defaults to false but is set to true during ipa-server-install or during updates of the FreeIPA server if it is not already set.
* Add now options ldap_min_id and ldap_max_idSumit Bose2013-06-281-0/+21
| | | | | | | Currently the range for Posix IDs stored in an LDAP server is unbound. This might lead to conflicts in a setup with AD and trusts when the configured domain uses IDs from LDAP. With the two noe options this conflict can be avoided.
* Update the translations for the 1.10.0 releaseJakub Hrozek2013-06-2715-520/+287
|
* Fix minor typosYuri Chornoivan2013-06-123-4/+4
|
* Updating translations for the 1.10 beta2 releasesssd-1_9_94sssd-1_9_93sssd-1_10_beta2Jakub Hrozek2013-06-1115-12547/+14575
|
* A new option krb5_use_kdcinfoJakub Hrozek2013-06-102-0/+56
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/1883 The patch introduces a new Kerberos provider option called krb5_use_kdcinfo. The option is true by default in all providers. When set to false, the SSSD will not create krb5 info files that the locator plugin consumes and the user would have to set up the Kerberos options manually in krb5.conf
* back end: add refresh expired records periodic taskPavel Březina2013-06-101-0/+18
| | | | | | https://fedorahosted.org/sssd/ticket/1713 Add new option refresh_expired_interval.
* man: document the need to set ldap_access_orderJakub Hrozek2013-06-101-0/+21
| | | | | | | | https://fedorahosted.org/sssd/ticket/1789 ldap_access_order must be set in order to non-default access control options to work. This patch amends the sssd-ldap man page to document this fact with all non-default ldap_access_order options.
* Enhance PAC responder for AD usersSumit Bose2013-06-061-10/+10
| | | | | | | | | | | This patch modifies the PAC responder so that it can be used with the AD provider as well. The main difference is that the POSIX UIDs and GIDs are now lookup up with the help of the SID instead of being calculated algorithmically. This was necessary because the AD provider allows either algorithmic mapping or reading the value from attributes stored in AD. Fixes https://fedorahosted.org/sssd/ticket/1558
generated by cgit (git 2.34.1) at 2024-04-28 10:05:21 +0000