From 830ded27453015080a54d6ba85fd4999ee7e9af1 Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date: Thu, 25 Sep 2014 14:52:31 +0100 Subject: PAM: new options pam_trusted_users & pam_public_domains MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit pam_public_domains option is a list of numerical UIDs or user names that are trusted. pam_public_domains option is a list of domains accessible even for untrusted users. Based on: https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM Reviewed-by: Lukáš Slebodník --- src/config/SSSDConfig/__init__.py.in | 2 ++ src/config/etc/sssd.api.conf | 2 ++ 2 files changed, 4 insertions(+) (limited to 'src/config') diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 9a49b91b9..ee48094d0 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -82,6 +82,8 @@ option_strings = { 'pam_verbosity' : _('What kind of messages are displayed to the user during authentication'), 'pam_id_timeout' : _('How many seconds to keep identity information cached for PAM requests'), 'pam_pwd_expiration_warning' : _('How many days before password expiration a warning should be displayed'), + 'pam_trusted_users' : _('List of trusted uids or user\'s name'), + 'pam_public_domains' : _('List of domains accessible even for untrusted users.'), # [sudo] 'sudo_timed' : _('Whether to evaluate the time-based attributes in sudo rules'), diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 52629ded4..c47ce348c 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -55,6 +55,8 @@ pam_verbosity = int, None, false pam_id_timeout = int, None, false pam_pwd_expiration_warning = int, None, false get_domains_timeout = int, None, false +pam_trusted_users = str, None, false +pam_public_domains = str, None, false [sudo] # sudo service -- cgit