diff options
| author | Sumit Bose <sbose@redhat.com> | 2016-03-18 16:24:18 +0100 |
|---|---|---|
| committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-06-09 11:58:07 +0200 |
| commit | 875c90d531e6869a92da4b515db729ffce7c4244 (patch) | |
| tree | a23cde461527c9620b356c7bcc84faa5e5c93532 | |
| parent | cc4caf88344210ea9777d618f0f71935ca5e7f8b (diff) | |
| download | sssd-875c90d531e6869a92da4b515db729ffce7c4244.tar.gz sssd-875c90d531e6869a92da4b515db729ffce7c4244.tar.xz sssd-875c90d531e6869a92da4b515db729ffce7c4244.zip | |
p11: add missing man page entry and config API
The pam_cert_auth and pam_cert_db_path option where missing in the
config API and had no man page entries.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
| -rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 2 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.conf | 2 | ||||
| -rw-r--r-- | src/man/sssd.conf.5.xml | 26 |
3 files changed, 30 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 1a0893cbc..e7bf43dfd 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -92,6 +92,8 @@ option_strings = { 'pam_public_domains' : _('List of domains accessible even for untrusted users.'), 'pam_account_expired_message' : _('Message printed when user account is expired.'), 'pam_account_locked_message' : _('Message printed when user account is locked.'), + 'pam_cert_auth' : _('Allow certificate based/Smartcard authentication.'), + 'pam_cert_db_path' : _('Path to certificate databse with PKCS#11 modules.'), 'p11_child_timeout' : _('How many seconds will pam_sss wait for p11_child to finish'), # [sudo] diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index a15f2bd05..a0a82543f 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -62,6 +62,8 @@ pam_trusted_users = str, None, false pam_public_domains = str, None, false pam_account_expired_message = str, None, false pam_account_locked_message = str, None, false +pam_cert_auth = bool, None, false +pam_cert_db_path = str, None, false p11_child_timeout = int, None, false [sudo] diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 09db9cd32..9633dacb7 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -1027,6 +1027,32 @@ pam_account_locked_message = Account locked, please contact help desk. </listitem> </varlistentry> <varlistentry> + <term>pam_cert_auth (bool)</term> + <listitem> + <para> + Enable certificate based Smartcard authentication. + Since this requires additional communication with + the Smartcard which will delay the authentication + process this option is disabled by default. + </para> + <para> + Default: False + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>pam_cert_db_path (string)</term> + <listitem> + <para> + The path to the certificate database which contain + the PKCS#11 modules to access the Smartcard. + </para> + <para> + Default: /etc/pki/nssdb (NSS version) + </para> + </listitem> + </varlistentry> + <varlistentry> <term>p11_child_timeout (integer)</term> <listitem> <para> |