From c71ff1e4615ec8560b90ca7d4827d99424ad0355 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 22 Dec 2010 11:00:22 -0500
Subject: Update the ID cache for any PAM request

Also adds an option to limit how often we check the ID provider,
so that conversations with multiple PAM requests won't update the
cache multiple times.

https://fedorahosted.org/sssd/ticket/749
---
 src/man/sssd.conf.5.xml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'src/man/sssd.conf.5.xml')

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 7392dd093..96b7a4c3c 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -440,6 +440,28 @@
                         </para>
                     </listitem>
                 </varlistentry>
+                <varlistentry>
+                  <term>pam_id_timeout (integer)</term>
+                  <listitem>
+                    <para>
+                      For any PAM request while SSSD is online, the SSSD will
+                      attempt to immediately update the cached identity
+                      information for the user in order to ensure that
+                      authentication takes place with the latest information.
+                    </para>
+                    <para>
+                      A complete PAM conversation may perform multiple PAM
+                      requests, such as account management and session
+                      opening. This option controls (on a
+                      per-client-application basis) how long (in seconds) we
+                      can cache the identity information to avoid excessive
+                      round-trips to the identity provider.
+                    </para>
+                    <para>
+                      Default: 5
+                    </para>
+                  </listitem>
+                </varlistentry>
             </variablelist>
         </refsect2>
     </refsect1>
-- 
cgit