From 0aa18cc0bf3447ca734476926724f1632e160807 Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date: Thu, 16 Apr 2015 03:41:58 -0400 Subject: PAM: authenticate agains cache Enable authenticating users from cache even when SSSD is in online mode. Introduce new option `cached_auth_timeout`. Resolves: https://fedorahosted.org/sssd/ticket/1807 Reviewed-by: Jakub Hrozek --- src/man/sssd.conf.5.xml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'src/man/sssd.conf.5.xml') diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 75d13a631..7d3a57b0e 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -2176,6 +2176,30 @@ pam_account_expired_message = Account expired, please call help desk. + + cached_auth_timeout (int) + + + Specifies time in seconds since last successful + online authentication for which user will be + authenticated using cached credentials while + SSSD is in the online mode. + + + Special value 0 implies that this feature is + disabled. + + + Please note that if cached_auth_timeout + is longer than pam_id_timeout then the + back end could be called to handle + initgroups. + + + Default: 0 + + + -- cgit