# Format:
# option = type, subtype, mandatory[, default]

[service]
# Options available to all services
debug = int, None, false
debug_level = int, None, false
debug_timestamps = bool, None, false
debug_microseconds = bool, None, false
debug_to_files = bool, None, false
command = str, None, false
reconnection_retries = int, None, false
fd_limit = int, None, false
client_idle_timeout = int, None, false
force_timeout = int, None, false
description = str, None, false
diag_cmd = str, None, false

[sssd]
# Monitor service
services = list, str, true, nss, pam
domains = list, str, true
timeout = int, None, false
sbus_timeout = int, None, false
re_expression = str, None, false
full_name_format = str, None, false
krb5_rcache_dir = str, None, false
user = str, None, false
default_domain_suffix = str, None, false
certificate_verification = str, None, false

[nss]
# Name service
enum_cache_timeout = int, None, false
entry_cache_nowait_percentage = int, None, false
entry_negative_timeout = int, None, false
local_negative_timeout = int, None, false
filter_users = list, str, false
filter_groups = list, str, false
filter_users_in_groups = bool, None, false
pwfield = str, None, false
override_homedir = str, None, false
fallback_homedir = str, None, false
homedir_substring = str, None, false, /home
override_shell = str, None, false
allowed_shells = list, str, false
vetoed_shells = list, str, false
shell_fallback = str, None, false
default_shell = str, None, false
get_domains_timeout = int, None, false
memcache_timeout = int, None, false
override_space = str, None, false

[pam]
# Authentication service
offline_credentials_expiration = int, None, false
offline_failed_login_attempts = int, None, false
offline_failed_login_delay = int, None, false
pam_verbosity = int, None, false
pam_id_timeout = int, None, false
pam_pwd_expiration_warning = int, None, false
get_domains_timeout = int, None, false
pam_trusted_users = str, None, false
pam_public_domains = str, None, false
pam_account_expired_message = str, None, false
pam_account_locked_message = str, None, false
pam_cert_auth = bool, None, false
pam_cert_db_path = str, None, false
p11_child_timeout = int, None, false

[sudo]
# sudo service
sudo_timed = bool, None, false
sudo_inverse_order = bool, None, false

[autofs]
# autofs service
autofs_negative_timeout = int, None, false

[ssh]
# ssh service
ssh_hash_known_hosts = bool, None, false
ssh_known_hosts_timeout = int, None, false
ca_db = str, None, false

[pac]
# PAC responder
allowed_uids = str, None, false
user_attributes = str, None, false
pac_lifetime = int, None, false

[ifp]
# InfoPipe responder
allowed_uids = str, None, false
user_attributes = str, None, false

[provider]
#Available provider types
id_provider = str, None, true
auth_provider = str, None, false
access_provider = str, None, false
chpass_provider = str, None, false
sudo_provider = str, None, false
autofs_provider = str, None, false
session_provider = str, None, false
hostid_provider = str, None, false
subdomains_provider = str, None, false

[domain]
# Options available to all domains
description = str, None, false
debug = int, None, false
debug_level = int, None, false
debug_timestamps = bool, None, false
command = str, None, false
min_id = int, None, false
max_id = int, None, false
timeout = int, None, false
try_inotify = bool, None, false
enumerate = bool, None, false
subdomain_enumerate = str, None, false
force_timeout = int, None, false
offline_timeout = int, None, false
cache_credentials = bool, None, false
cache_credentials_minimal_first_factor_length = int, None, false
store_legacy_passwords = bool, None, false
use_fully_qualified_names = bool, None, false
ignore_group_members = bool, None, false
entry_cache_timeout = int, None, false
lookup_family_order = str, None, false
account_cache_expiration = int, None, false
pwd_expiration_warning = int, None, false
filter_users = list, str, false
filter_groups = list, str, false
dns_resolver_timeout = int, None, false
dns_discovery_domain = str, None, false
override_gid = int, None, false
case_sensitive = str, None, false
override_homedir = str, None, false
fallback_homedir = str, None, false
homedir_substring = str, None, false
override_shell = str, None, false
default_shell = str, None, false
description = str, None, false
realmd_tags = str, None, false
subdomain_refresh_interval = int, None, false
subdomain_inherit = str, None, false
cached_auth_timeout = int, None, false

#Entry cache timeouts
entry_cache_user_timeout = int, None, false
entry_cache_group_timeout = int, None, false
entry_cache_netgroup_timeout = int, None, false
entry_cache_service_timeout = int, None, false
entry_cache_autofs_timeout = int, None, false
entry_cache_sudo_timeout = int, None, false
entry_cache_ssh_host_timeout = int, None, false
refresh_expired_interval = int, None, false

# Dynamic DNS updates
dyndns_update = bool, None, false
dyndns_ttl = int, None, false
dyndns_iface = str, None, false
dyndns_refresh_interval = int, None, false
dyndns_update_ptr = bool, None, false
dyndns_force_tcp = bool, None, false
dyndns_auth = str, None, false
dyndns_server = str, None, false

# Special providers
[provider/permit]

[provider/permit/access]

[provider/deny]

[provider/deny/access]