From b8e70735b8aaabb3de2a063daa60cfadf185b269 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Mon, 14 May 2012 16:45:22 +0200 Subject: sudo: manpage updated Removes old options and adds new ones. --- src/man/sssd-ldap.5.xml | 125 ++++++++++++++++++++++++++++++++++++++++++++---- src/man/sssd.conf.5.xml | 40 ++++++---------- 2 files changed, 131 insertions(+), 34 deletions(-) diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index d20d84bca..d7e29e221 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1923,27 +1923,136 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com - ldap_sudo_refresh_enabled (boolean) + ldap_sudo_full_refresh_interval (integer) - Enables periodical download of all sudo rules. - The cache is purged before each update. + How many seconds SSSD will wait between executing + a full refresh of sudo rules (which downloads all + rules that are stored on the server). - Default: false + The value must be greater than + ldap_sudo_smart_refresh_interval + + + + Default: 21600 (6 hours) - ldap_sudo_refresh_timeout (integer) + ldap_sudo_smart_refresh_interval (integer) - How many seconds SSSD has to wait before refreshing - its cache of sudo rules. + How many seconds SSSD has to wait before executing + a smart refresh of sudo rules (which downloads all + rules that have USN higher than the highest USN of + cached rules). - Default: 300 + If USN attributes are not supported by the server, + the modifyTimestamp attribute is used instead. + + + Default: 900 (15 minutes) + + + + + + ldap_sudo_use_host_filter (boolean) + + + If true, SSSD will download only rules that are + applicable to this machine (using the IPv4 or IPv6 + host/network addresses and hostnames). + + + Default: true + + + + + + ldap_sudo_hostnames (string) + + + Space separated list of hostnames or fully qualified + domain names that should be used to filter + the rules. + + + Note: autoconfiguration is not + yet supported, therefore if this option is left + empty then hostname matching will be disabled. + + + If ldap_sudo_use_host_filter + is false then this option + has no effect. + + + Default: not specified + + + + + + ldap_sudo_ip (string) + + + Space separated list of IPv4 or IPv6 + host/network addresses that should be used to filter + the rules. + + + If this option is empty, SSSD will try to + discover the addresses automatically. + + + If ldap_sudo_use_host_filter + is false then this option + has no effect. + + + Default: not specified + + + + + + ldap_sudo_include_netgroups (boolean) + + + If true then SSSD will download every rule that + contains a netgroup in sudoHost attribute. + + + If ldap_sudo_use_host_filter + is false then this option + has no effect. + + + Default: true + + + + + + ldap_sudo_include_regexp (boolean) + + + If true then SSSD will download every rule that + contains a regular expression in sudoHost attribute. + + + If ldap_sudo_use_host_filter + is false then this option + has no effect. + + + Default: true diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index e6a1bbcdf..bb9b91296 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -720,31 +720,6 @@ - - sudo_cache_timeout (integer) - - - For any sudo request that comes while SSSD is - online, the SSSD will attempt to update the cached - rules in order to ensure that sudo has the latest - ruleset. - - - The user may, however, run a couple of sudo commands - successively, which would trigger multiple LDAP requests. - In order to speed up this use-case, the sudo service - maintains an in-memory cache that would be used for - performing fast replies. - - - This option controls how long (in seconds) can the sudo - service cache rules for a user. - - - Default: 180 - - - sudo_timed (bool) @@ -985,7 +960,20 @@ - + + + entry_cache_sudo_timeout (integer) + + + How many seconds should sudo consider + rules valid before asking the backend again + + + Default: entry_cache_timeout + + + + cache_credentials (bool) -- cgit