ruby.git - Ruby GIT repository

diff options

author	ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2007-11-23 08:35:29 +0000
committer	ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2007-11-23 08:35:29 +0000
commit	d54d8c3bafd2a08885a55fd92b02bfcb42b7422d (patch)
tree	38e161a8ca4b62b9429ecea47005c0a851279f36 /ext/Win32API/lib
parent	2e35e1e0f3840528d9890674489b7ab25d1372a3 (diff)
download	ruby-d54d8c3bafd2a08885a55fd92b02bfcb42b7422d.tar.gz ruby-d54d8c3bafd2a08885a55fd92b02bfcb42b7422d.tar.xz ruby-d54d8c3bafd2a08885a55fd92b02bfcb42b7422d.zip

* io.c: add rb_read_internal() as blocking function.

git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@14007 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Diffstat (limited to 'ext/Win32API/lib')

0 files changed, 0 insertions, 0 deletions

href='#n104'>104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<reference>
<title>SSSD Manual pages</title>
<refentry>
    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" />

    <refmeta>
        <refentrytitle>sssd-krb5</refentrytitle>
        <manvolnum>5</manvolnum>
        <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
    </refmeta>

    <refnamediv id='name'>
        <refname>sssd-krb5</refname>
        <refpurpose>the configuration file for SSSD</refpurpose>
    </refnamediv>

    <refsect1 id='description'>
        <title>DESCRIPTION</title>
        <para>
            This manual page describes the configuration of the Kerberos
            5 authentication backend for
            <citerefentry>
                <refentrytitle>sssd</refentrytitle>
                <manvolnum>8</manvolnum>
            </citerefentry>.
            For a detailed syntax reference, please refer to the <quote>FILE FORMAT</quote> section of the
            <citerefentry>
                <refentrytitle>sssd.conf</refentrytitle>
                <manvolnum>5</manvolnum>
            </citerefentry> manual page
        </para>
        <para>
            The Kerberos 5 authentication backend contains auth and chpass
            providers. It must be paired with identity provider in
            order to function properly (for example, id_provider = ldap). Some
            information required by the Kerberos 5 authentication backend must
            be provided by the identity provider, such as the user's Kerberos
            Principal Name (UPN). The configuration of the identity provider
            should have an entry to specify the UPN. Please refer to the man
            page for the applicable identity provider for details on how to
            configure this.
        </para>
        <para>
            This backend also provides access control based on the .k5login
            file in the home directory of the user. See <citerefentry>
            <refentrytitle>.k5login</refentrytitle><manvolnum>5</manvolnum>
            </citerefentry> for more details. Please note that an empty .k5login
            file will deny all access to this user. To activate this feature
            use 'access_provider = krb5' in your sssd configuration.
        </para>
        <para>
            In the case where the UPN is not available in the identity backend
            <command>sssd</command> will construct a UPN using the format
            <replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>.
        </para>

    </refsect1>

    <refsect1 id='file-format'>
        <title>CONFIGURATION OPTIONS</title>
        <para>
            If the auth-module krb5 is used in a SSSD domain, the following
            options must be used. See the
            <citerefentry>
                <refentrytitle>sssd.conf</refentrytitle>
                <manvolnum>5</manvolnum>
            </citerefentry> manual page, section <quote>DOMAIN SECTIONS</quote>
            for details on the configuration of a SSSD domain.
            <variablelist>
                <varlistentry>
                    <term>krb5_server (string)</term>
                    <listitem>
                        <para>
                            Specifies the list of IP addresses or hostnames
                            of the Kerberos servers to which SSSD should
                            connect in the order of preference. For more
                            information on failover and server redundancy,
                            see the <quote>FAILOVER</quote> section. An optional
                            port number (preceded by a colon) may be appended to
                            the addresses or hostnames.
                            If empty, service discovery is enabled -
                            for more information, refer to the
                            <quote>SERVICE DISCOVERY</quote> section.
                        </para>
                        <para>
                            When using service discovery for KDC or kpasswd servers,
                            SSSD first searches for DNS entries that specify _udp as
                            the protocol and falls back to _tcp if none are found.
                        </para>
                        <para>
                            This option was named <quote>krb5_kdcip</quote> in
                            earlier releases of SSSD. While the legacy name is recognized
                            for the time being, users are advised to migrate their config
                            files to use <quote>krb5_server</quote> instead.
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>krb5_realm (string)</term>
                    <listitem>
                        <para>
                            The name of the Kerberos realm. This option is required
                            and must be specified.
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>krb5_kpasswd (string)</term>
                    <listitem>
                        <para>
                            If the change password service is not running on the
                            KDC alternative servers can be defined here. An
                            optional port number (preceded by a colon) may be
                            appended to the addresses or hostnames.
                        </para>
                        <para>
                            For more information on failover and server
                            redundancy, see the <quote>FAILOVER</quote> section.
                            Please note that even if there are no more kpasswd
                            servers to try the back end is not switch to offline
                            if authentication against the KDC is still possible.
                        </para>
                        <para>
                            Default: Use the KDC
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>krb5_ccachedir (string)</term>
                    <listitem>
                        <para>
                            Directory to store credential caches. All the
                            substitution sequences of krb5_ccname_template can
                            be used here, too, except %d and %P. If the
                            directory does not exist it will be created. If %u,
                            %U, %p or %h are used a private directory belonging
                            to the user is created. Otherwise a public directory
                            with restricted deletion flag (aka sticky bit, see
                            <citerefentry>
                                <refentrytitle>chmod</refentrytitle>
                                <manvolnum>1</manvolnum>
                            </citerefentry> for details) is created.
                        </para>
                        <para>
                            Default: /tmp
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>krb5_ccname_template (string)</term>
                    <listitem>
                        <para>
                            Location of the user's credential cache. Currently
                            only file based credential caches are supported. In
                            the template the following sequences are
                            substituted:
                            <variablelist>
                                <varlistentry>
                                    <term>%u</term>
                                    <listitem><para>login name</para></listitem>
                                </varlistentry>
                                <varlistentry>
                                    <term>%U</term>
                                    <listitem><para>login UID</para></listitem>
                                </varlistentry>
                                <varlistentry>
                                    <term>%p</term>
                                    <listitem><para>principal name</para>
                                    </listitem>
                                </varlistentry>
                                <varlistentry>
                                    <term>%r</term>
                                    <listitem><para>realm name</para></listitem>
                                </varlistentry>
                                <varlistentry>
                                    <term>%h</term>
                                    <listitem><para>home directory</para>
                                    </listitem>
                                </varlistentry>
                                <varlistentry>
                                    <term>%d</term>
                                    <listitem><para>value of krb5ccache_dir
                                              </para>
                                    </listitem>
                                </varlistentry>
                                <varlistentry>
                                    <term>%P</term>
                                    <listitem><para>the process ID of the sssd
                                                    client</para>
                                    </listitem>
                                </varlistentry>
                                <varlistentry>
                                    <term>%%</term>
                                    <listitem><para>a literal '%'</para>
                                    </listitem>
                                </varlistentry>
                            </variablelist>
                            If the template ends with 'XXXXXX' mkstemp(3) is
                            used to create a unique filename in a safe way.
                        </para>
                        <para>
                            Default: FILE:%d/krb5cc_%U_XXXXXX
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>krb5_auth_timeout (integer)</term>
                    <listitem>
                        <para>
                            Timeout in seconds after an online authentication or
                            change password request is aborted. If possible the
                            authentication request is continued offline.
                        </para>
                        <para>
                            Default: 15
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>krb5_validate (boolean)</term>
                    <listitem>
                        <para>
                            Verify with the help of krb5_keytab that the TGT obtained has not been spoofed.
                        </para>
                        <para>
                            Default: false
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>krb5_keytab (string)</term>
                    <listitem>
                        <para>
                            The location of the keytab to use when validating
                            credentials obtained from KDCs.
                        </para>
                        <para>
                            Default: /etc/krb5.keytab
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>krb5_store_password_if_offline (boolean)</term>
                    <listitem>
                        <para>
                            Store the password of the user if the provider is
                            offline and use it to request a TGT when the
                            provider gets online again.
                        </para>
                        <para>
                            Please note that this feature currently only
                            available on a Linux plattform.
                        </para>
                        <para>
                            Default: false
                        </para>
                    </listitem>
                </varlistentry>

            </variablelist>
        </para>
    </refsect1>

    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/failover.xml" />

    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/service_discovery.xml" />

    <refsect1 id='example'>
        <title>EXAMPLE</title>
        <para>
            The following example assumes that SSSD is correctly
            configured and FOO is one of the domains in the
            <replaceable>[sssd]</replaceable> section. This example shows
            only configuration of Kerberos authentication, it does not include
            any identity provider.
        </para>
        <para>
<programlisting>
    [domain/FOO]
    auth_provider = krb5
    krb5_server = 192.168.1.1
    krb5_realm = EXAMPLE.COM
</programlisting>
        </para>
    </refsect1>

    <refsect1 id='see_also'>
        <title>SEE ALSO</title>
        <para>
            <citerefentry>
                <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum>
            </citerefentry>,
            <citerefentry>
                <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum>
            </citerefentry>,
            <citerefentry>
                <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum>
            </citerefentry>
        </para>
    </refsect1>
</refentry>
</reference>


context:
space:
mode: