summaryrefslogtreecommitdiffstats
path: root/src/man
Commit message (Collapse)AuthorAgeFilesLines
* Standardize on correct spelling of "principal" for krb5Stephen Gallagher2010-06-161-1/+1
| | | | https://fedorahosted.org/sssd/ticket/542
* Remove the -g option from useraddJakub Hrozek2010-06-141-13/+0
|
* Undocument the krb5_changepw_principal optionJakub Hrozek2010-06-141-15/+0
| | | | Fixes: #531
* Change default min_id to 1Stephen Gallagher2010-06-091-3/+11
| | | | | Also update manpage for min_id/max_id to be more clear about how it relates to primary GID.
* Man page fixesJakub Hrozek2010-06-062-2/+6
| | | | Fixes: #496
* Add enumerate details to the manpage and examplesStephen Gallagher2010-05-201-1/+19
|
* Set ldap_search_timeout default to 5 secondsStephen Gallagher2010-05-181-0/+25
| | | | | | | | | The manpages had five seconds listed, but the source disagreed (it was set to 60 seconds). This resulted in long wait times when unlocking the screen after network disconnection, for example. If enumerate=True, we will set this value to a minimum of 30s
* Add ldap_krb5_ticket_lifetime optionSumit Bose2010-05-161-0/+13
|
* Add ldap_access_filter optionStephen Gallagher2010-05-161-0/+39
| | | | | | | | | | This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
* Add dynamic DNS updates to FreeIPAStephen Gallagher2010-05-071-0/+28
| | | | | | | | | | | | | | | | | | This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
* Use service discovery in backendsJakub Hrozek2010-05-074-3/+62
| | | | | | | | | Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
* Add retry option to pam_sssSumit Bose2010-05-071-0/+17
|
* Add support for delayed kinit if offlineSumit Bose2010-05-071-0/+18
| | | | | | | If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
* Add dns_resolver_timeout optionStephen Gallagher2010-04-301-0/+15
| | | | | | We had a hard-coded timeout of five seconds for DNS lookups in the async resolver. This patch adds an option 'dns_resolver_timeout' to specify this value (Default: 5)
* Display a message if a password reset by root failsSumit Bose2010-04-261-0/+22
|
* SELinux login managementJakub Hrozek2010-04-082-0/+23
| | | | | | | | | | Adds a new option -Z to sss_useradd and sss_usermod. This option allows user to specify the SELinux login context for the user. On deleting the user with sss_userdel, the login mapping is deleted, so subsequent adding of the same user would result in the default login context unless -Z is specified again. MLS security is not supported as of this patch.
* Make sss_userdel check for logged in usersJakub Hrozek2010-04-061-0/+11
| | | | | | | | | | sss_userdel now warns if the deleted user was logged in at the time of deletion. Also adds a new parameter --kick to userdel that kills all user processes before actually deleting ther user. Fixes: #229
* Add userdel_cmd paramJakub Hrozek2010-04-061-0/+14
| | | | Fixes: #231
* Add krb5_kpasswd optionSumit Bose2010-03-121-1/+22
|
* Add expandable sequences to krb5_ccachedirSumit Bose2010-03-111-1/+11
| | | | | | | As with krb5_ccname_template sequences like %u can be used in the krb5_ccachedir parameter which are expanded at runtime. If the directory does not exist, it will be created. Depending on the used sequences it is created as a public or private directory.
* Add simple access providerSumit Bose2010-03-082-0/+131
|
* Make filter_users and filter_groups also per-domainJakub Hrozek2010-03-081-1/+3
| | | | Fixes: #290
* groupshow: only show all parents in recursive modeJakub Hrozek2010-03-081-0/+2
|
* Fix check for values of expiration limitsJakub Hrozek2010-02-251-2/+2
| | | | | There were inconsistencies between what sssd.conf manpage said and what the code enforces.
* Better cleanup task handlingJakub Hrozek2010-02-231-0/+15
| | | | | | | | | | | | | | | | Implements a different mechanism for cleanup task. Instead of just deleting expired entries, this patch adds a new option account_cache_expiration for domains. If an entry is expired and the last login was more days in the past that account_cache_expiration, the entry is deleted. Groups are deleted if they are expired and and no user references them (no user has memberof: attribute pointing at that group). The parameter account_cache_expiration is not LDAP-specific, so that other future backends might use the same timeout setting. Fixes: #391
* Revert "Change default for enumeration to TRUE"Stephen Gallagher2010-02-231-1/+1
| | | | This reverts commit 75a9f18ad8ac6e885ac34cdeebc4d8f8734713f8.
* Do not check entries during cleanup taskJakub Hrozek2010-02-231-1/+1
| | | | | | | Do not attempt to validate expired entries in cache, just delete them. Also increase the cache timeouts. Fixes: #331
* Restrict family lookupsJakub Hrozek2010-02-221-0/+28
| | | | | | | Adds a new option that tells resolver which address family to prefer or use exclusively. Fixes: #404
* Build all manpages from a single locationStephen Gallagher2010-02-181-0/+97
|
* Rename server/ directory to src/Stephen Gallagher2010-02-1816-0/+2965
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-06 20:37:07 +0000