From c57b54505dbeca931fcf47b243d59eb73d8683bb Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 30 Sep 2015 09:33:17 +0200
Subject: MAN: Clarify pam_trusted_users option description

Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
---
 src/man/sssd.conf.5.xml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 9701f2a15..92bfbb255 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -927,14 +927,18 @@ fallback_homedir = /home/%u
                     <term>pam_trusted_users (string)</term>
                     <listitem>
                         <para>
-                            Specifies the comma-separated list of UID values or
-                            user names that are allowed to access the PAM
-                            responder. User names are resolved to UIDs at
+                            Specifies the comma-separated list of UID
+                            values or user names that are allowed to run
+                            PAM conversations against trusted domains.
+                            Users not included in this list can only access
+                            domains marked as public with
+                            <quote>pam_public_domains</quote>.
+                            User names are resolved to UIDs at
                             startup.
                         </para>
                         <para>
-                            Default: all (All users are allowed to access
-                            the PAM responder)
+                            Default: All users are considered trusted
+                            by default
                         </para>
                         <para>
                             Please note that UID 0 is always allowed to access
-- 
cgit