diff options
author | amitkuma <amitkuma@redhat.com> | 2018-01-02 21:05:27 +0530 |
---|---|---|
committer | Florence Blanc-Renaud <flo@redhat.com> | 2018-01-12 20:33:20 +0100 |
commit | 5c361f5450294e9d7b187112cbcb3b08bd037ae5 (patch) | |
tree | 6fb6f4cc9bea4b8ea6a539999c00ff87e282a8c0 /client | |
parent | 0cab090f4d8a5ed0e4afd9fcc2a14efa442c9d46 (diff) | |
download | freeipa-5c361f5450294e9d7b187112cbcb3b08bd037ae5.tar.gz freeipa-5c361f5450294e9d7b187112cbcb3b08bd037ae5.tar.xz freeipa-5c361f5450294e9d7b187112cbcb3b08bd037ae5.zip |
Documenting kinit_lifetime in /etc/ipa/default.conf
Describing the parameter kinit_lifetime that allows to limit the lifetime of ticket obtained by users authenticating to the WebGUI using login/password. Removing session_auth_duration and session_duration_type since these parameters are not relevant anymore.
Resolves: https://pagure.io/freeipa/issue/7333
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Diffstat (limited to 'client')
-rw-r--r-- | client/man/default.conf.5 | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/client/man/default.conf.5 b/client/man/default.conf.5 index 35ce6bb9f..f21d9d5b7 100644 --- a/client/man/default.conf.5 +++ b/client/man/default.conf.5 @@ -107,6 +107,9 @@ This is used in development and is generally a detected value. It means that the .B interactive <boolean> Specifies whether values should be prompted for or not. The default is True. .TP +.B kinit_lifetime <time duration spec> +Controls the lifetime of ticket obtained by users authenticating to the WebGUI using login/password. The expected format is a time duration string. Examples are "2 hours", "1h:30m", "10 minutes", "5min, 30sec". When the parameter is not set in default.conf, the ticket will have a duration inherited from the default value for kerberos clients, that can be set as ticket_lifetime in krb5.conf. When the ticket lifetime has expired, the ticket is not valid anymore and the GUI will prompt to re-login with a message "Your session has expired. Please re-login." +.TP .B ldap_uri <URI> Specifies the URI of the IPA LDAP server to connect to. The URI scheme may be one of \fBldap\fR or \fBldapi\fR. The default is to use ldapi, e.g. ldapi://%2fvar%2frun%2fslapd\-EXAMPLE\-COM.socket .TP @@ -157,12 +160,6 @@ Specifies the name of the CA back end to use. The current options are \fBdogtag\ .B realm <realm> Specifies the Kerberos realm. .TP -.B session_auth_duration <time duration spec> -Specifies the length of time authentication credentials cached in the session are valid. After the duration expires credentials will be automatically reacquired. Examples are "2 hours", "1h:30m", "10 minutes", "5min, 30sec". -.TP -.B session_duration_type <inactivity_timeout|from_start> -Specifies how the expiration of a session is computed. With \fBinactivity_timeout\fR the expiration time is advanced by the value of session_auth_duration everytime the user accesses the service. With \fBfrom_start\fR the session expiration is the start of the user's session plus the value of session_auth_duration. -.TP .B server <hostname> Specifies the IPA Server hostname. .TP |