diff options
Diffstat (limited to 'src/man/pam_sss.8.xml')
| -rw-r--r-- | src/man/pam_sss.8.xml | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/man/pam_sss.8.xml b/src/man/pam_sss.8.xml index 7794d3acf..b03ac2dc8 100644 --- a/src/man/pam_sss.8.xml +++ b/src/man/pam_sss.8.xml @@ -46,6 +46,9 @@ <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> + <arg choice='opt'> + <replaceable>allow_missing_name</replaceable> + </arg> </cmdsynopsis> </refsynopsisdiv> @@ -157,6 +160,30 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term> + <option>allow_missing_name</option> + </term> + <listitem> + <para> + The main purpose of this option is to let SSSD determine + the user name based on additional information, e.g. the + certificate from a Smartcard. + </para> + <para> + The current use case are login managers which can + monitor a Smartcard reader for card events. In case a + Smartcard is inserted the login manager will call a PAM + stack which includes a line like + <programlisting> + auth sufficient pam_sss.so allow_missing_name + </programlisting> + In this case SSSD will try to determine the user name + based on the content of the Smartcard, returns it to + pam_sss which will finally put it on the PAM stack. + </para> + </listitem> + </varlistentry> </variablelist> </refsect1> |