MAN: Document that the secrets provider can only be specified in a per-client section

Resolves: https://pagure.io/SSSD/sssd/issue/3417 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
author: Jakub Hrozek <jhrozek@redhat.com> 2017-06-01 10:04:21 +0200
committer: Lukas Slebodnik <lslebodn@redhat.com> 2017-09-06 08:04:44 +0200
commit: e8bad995fb1219df2a4fef8f55c80284c6ab36d3 (patch)
tree: 40158cdc241bec22ef6048f6a9eab9c8ff8e427f /src/man/sssd-secrets.5.xml
parent: 3bcf6b17a1bd8fbef99e1f8bfc33f4312b40e48b (diff)
download: sssd-e8bad995fb1219df2a4fef8f55c80284c6ab36d3.tar.gz
sssd-e8bad995fb1219df2a4fef8f55c80284c6ab36d3.tar.xz
sssd-e8bad995fb1219df2a4fef8f55c80284c6ab36d3.zip
1 files changed, 19 insertions, 8 deletions
diff --git a/src/man/sssd-secrets.5.xml b/src/man/sssd-secrets.5.xml
index d43dcf21c..08ab371c6 100644
--- a/src/man/sssd-secrets.5.xml
+++ b/src/man/sssd-secrets.5.xml
@@ -128,19 +128,30 @@ systemctl enable sssd-secrets.service
             </citerefentry> manual page for a complete list. In addition,
             there are some secrets-specific options as well.
         </para>
+        <para>
+            The secrets responder is configured with a global
+            <quote>[secrets]</quote> section and an optional per-user
+            <quote>[secrets/users/$uid]</quote> section in
+            <filename>sssd.conf</filename>. Please note that some options,
+            notably as the provider type, can only be specified in the per-user
+            subsections.
+        </para>
         <variablelist>
             <varlistentry>
                 <term>provider (string)</term>
                 <listitem>
                 <para>
-                    This option specifies where should the secrets
-                    be stored. The secrets responder can configure a
-                    per-user subsections that define which provider store
-                    the secrets for this particular user. The per-user
-                    subsections should contain all options for that user's
-                    provider. If a per-user section does not exist, the
-                    global settings from the secret responder's section
-                    are used.  The following providers are supported:
+                    This option specifies where should the secrets be
+                    stored. The secrets responder can configure a per-user
+                    subsections (e.g. <quote>[secrets/users/123]</quote>
+                    - see bottom of this manual page for a full example
+                    using Custodia for a particular user) that define
+                    which provider store the secrets for this particular
+                    user. The per-user subsections should contain all
+                    options for that user's provider. Please note that
+                    currently the global provider is always local, the
+                    proxy provider can only be specified in a per-user
+                    section. The following providers are supported:
                     <variablelist>
                         <varlistentry>
                             <term>local</term>
author	Jakub Hrozek <jhrozek@redhat.com>	2017-06-01 10:04:21 +0200
committer	Lukas Slebodnik <lslebodn@redhat.com>	2017-09-06 08:04:44 +0200
commit	e8bad995fb1219df2a4fef8f55c80284c6ab36d3 (patch)
tree	40158cdc241bec22ef6048f6a9eab9c8ff8e427f /src/man/sssd-secrets.5.xml
parent	3bcf6b17a1bd8fbef99e1f8bfc33f4312b40e48b (diff)
download	sssd-e8bad995fb1219df2a4fef8f55c80284c6ab36d3.tar.gz sssd-e8bad995fb1219df2a4fef8f55c80284c6ab36d3.tar.xz sssd-e8bad995fb1219df2a4fef8f55c80284c6ab36d3.zip