diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2017-05-30 12:51:19 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-09-01 20:26:04 +0200 |
commit | 4db56d8c90a6467a216590e5ba3bdcd2a2bf1ae9 (patch) | |
tree | 2301c7fa1a6d16428a46a1833ddbabde140076ba /src/man/sssd-secrets.5.xml | |
parent | 7a162ca3ea0bf8ef6b13795a00baa28d17f6131d (diff) | |
download | sssd-4db56d8c90a6467a216590e5ba3bdcd2a2bf1ae9.tar.gz sssd-4db56d8c90a6467a216590e5ba3bdcd2a2bf1ae9.tar.xz sssd-4db56d8c90a6467a216590e5ba3bdcd2a2bf1ae9.zip |
SECRETS: Read the quotas for cn=secrets from [secrets/secrets] configuration subsection
This patch makes obsoletes the old way of configuring quotas for the
secrets responder. Instead, adds a new way of configuring each hive
separately in a configuration subsection, e.g.
[secrets/secrets]
max_secrets = 123
The old way is still supported as a backwards-compatible method.
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
Diffstat (limited to 'src/man/sssd-secrets.5.xml')
-rw-r--r-- | src/man/sssd-secrets.5.xml | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/src/man/sssd-secrets.5.xml b/src/man/sssd-secrets.5.xml index 44a86c3fb..d50cb13d8 100644 --- a/src/man/sssd-secrets.5.xml +++ b/src/man/sssd-secrets.5.xml @@ -57,6 +57,32 @@ collide between users. Secrets can be stored inside <quote>containers</quote> which can be nested. </para> + <para> + Since the secrets responder can be used both externally to store + general secrets, as described in the rest of this man page, but + also internally by other SSSD components to store their secret + material, some configuration options, like quotas can be configured + per <quote>hive</quote> in a configuration subsection named after + the hive. The currently supported hives are: + <variablelist> + <varlistentry> + <term>secrets</term> + <listitem><para>secrets for general usage</para></listitem> + </varlistentry> + <varlistentry> + <term>kcm</term> + <listitem> + <para>used by the + <citerefentry> + <refentrytitle>sssd-kcm</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry> + service. + </para> + </listitem> + </varlistentry> + </variablelist> + </para> </refsect1> <refsect1 id='usage'> @@ -144,6 +170,12 @@ systemctl enable sssd-secrets.service </para> </listitem> </varlistentry> + </variablelist> + <para> + The following options affect only the secrets <quote>hive</quote> + and therefore should be set in a per-hive subsection. + </para> + <variablelist> <varlistentry> <term>containers_nest_level (integer)</term> <listitem> @@ -161,7 +193,7 @@ systemctl enable sssd-secrets.service <listitem> <para> This option specifies the maximum number of secrets that - can be stored. + can be stored in the hive. </para> <para> Default: 1024 @@ -182,6 +214,17 @@ systemctl enable sssd-secrets.service </varlistentry> </variablelist> <para> + For example, to adjust quotas differently for both the <quote>secrets</quote> + and the <quote>kcm</quote> hives, configure the following: + <programlisting> +[secrets/secrets] +max_payload_size = 128 + +[secrets/kcm] +max_payload_size = 256 + </programlisting> + </para> + <para> The following options are only applicable for configurations that use the <quote>proxy</quote> provider. </para> |