summaryrefslogtreecommitdiffstats
path: root/src/man
Commit message (Collapse)AuthorAgeFilesLines
* MAN: Move proxy_fast_alias to the correct man sectionJakub Hrozek2016-03-091-17/+18
| | | | | | The option was in the general section, belongs to the proxy section. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* MAN: Move subdomain_inherit to the correct man sectionJakub Hrozek2016-03-091-40/+41
| | | | | | The option was in the general section, belongs to the domain section. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* GPO: Add other display managers to interactive logonStephen Gallagher2016-02-291-0/+20
| | | | | | | | Gone are the days when all systems used GDM or KDM. We need to support other display managers in the default configuration to avoid issues when enrolled in AD domains. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* GPO: Add Cockpit to the Remote Interactive defaultsStephen Gallagher2016-02-291-0/+5
| | | | | | | | | The Cockpit Project is an administrative console that is gaining in popularity and is a default component on some operating systems (such as Fedora Server). Since it is becoming more common, we should ensure that it is part of the standard mapping. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Add a new option ldap_group_external_memberJakub Hrozek2016-02-241-0/+16
| | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2522 Reviewed-by: Sumit Bose <sbose@redhat.com>
* subdomains: inherit ldap_krb5_keytabSumit Bose2016-02-231-0/+4
| | | | | | | | | | If a non-default keytab is configured for the parent domain the subdomains will still use the default keytab because the alternative keytab is not inherited. As a consequence SSSD might not be able to connect to services in the subdomain because the default keytab is either not present or does not have suitable keys. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* PAM: Fix man for pam_account_{expired,locked}_messageDan Lavu2016-02-171-6/+29
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* PAM: Pass account lockout status and display messagePavel Reichl2016-02-171-0/+21
| | | | | | | | | Tested against Windows Server 2012. Resolves: https://fedorahosted.org/sssd/ticket/2839 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IDMAP: Man change for ldap_idmap_range_size optionPavel Reichl2016-02-031-1/+3
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2922 Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* IDMAP: Add support for automatic adding of rangesPavel Reichl2016-01-201-0/+20
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2188 Reviewed-by: Sumit Bose <sbose@redhat.com>
* AD: add task to renew the machine account password if neededSumit Bose2016-01-191-0/+33
| | | | | | | | | | | | | | | | | | AD expects its clients to renew the machine account password on a regular basis, be default every 30 days. Even if a client does not renew the password it might not cause issues because AD does not enforce the renewal. But the password age might be used to identify unused machine accounts in large environments which might get disabled or deleted automatically. With this patch SSSD calls an external program to check the age of the machine account password and renew it if needed. Currently 'adcli' is used as external program which is able to renew the password since version 0.8.0. Resolves https://fedorahosted.org/sssd/ticket/1041 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Clarify when should TGs be disabled for group nesting restrictionJakub Hrozek2015-12-111-2/+4
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2796 Reviewed-by: Michal Židek <mzidek@redhat.com> Reviewed-by: Striker Leggette <striker@redhat.com>
* MAN: sssd.conf should mention SSS_NSS_USE_MEMCACHEMichal Židek2015-12-101-1/+7
| | | | | | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2787 We already mention SSS_NSS_USE_MEMCACHE in sssd(8) but it makes sense to note it in sssd.conf(5) together with the memcache_timeout. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Clarify that subdomains always use service discoveryDan Lavu2015-12-101-3/+11
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Clarify that subdomain_inherit only works for IPA and ADDan Lavu2015-11-301-0/+4
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2683 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* man sssd-ad: fix typoPavel Březina2015-11-271-1/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD: Add autofs providerJakub Hrozek2015-11-262-3/+20
| | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1632 Adds the possibility to configure: autofs_provider = ad The AD autofs provider uses the rfc2307 (nis*) attribute maps. This is different (at the moment) from using autofs_provider=ldap with ldap_schema=ad. Reviewed-by: Ondrej Valousek <ondrejv2@fedoraproject.org> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* p11: enable ocsp checksSumit Bose2015-11-261-0/+29
| | | | | | | | | | | This patch enables the Online Certificate Status Protocol in NSS and adds an option to disable it if needed. To make further tuning of certificate verification more easy it is not an option on its own but an option to the new certificate_verification configuration option. Resolves https://fedorahosted.org/sssd/ticket/2812 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sss_override: add group-showPavel Březina2015-10-301-0/+11
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2736 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: add user-showPavel Březina2015-10-301-0/+11
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2736 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: add group-findPavel Březina2015-10-301-0/+13
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2736 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: add user-findPavel Březina2015-10-301-0/+13
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2736 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: Removed overrides might be in memcachePavel Reichl2015-10-301-2/+8
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sss_override: Add restart requirements to man pageDan Lavu2015-10-301-2/+9
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* BUILD: Fix cleanup without NLSLukas Slebodnik2015-10-301-9/+2
| | | | | | | Manual pages were not cleaned by default. They were cleaned in make distcheck because USE_NLS was yes. Reviewed-by: Michal Židek <mzidek@redhat.com>
* man: Note filter_groups are not affecting nestingNikolai Kondrashov2015-10-071-0/+8
| | | | | | | Note that the "filter_groups" option doesn't affect nested member inheritance, on the sssd.conf(5) manpage. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* man: Mention groups in filter_groups descriptionNikolai Kondrashov2015-10-071-5/+5
| | | | | | | | Mention groups (not only users) in the combined "filter_users"/"filter_groups" option description on the sssd.conf(5) manpage. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sss_override: amend man page - overrides do not stackPavel Reichl2015-10-041-2/+6
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* MAN: proxy and krb5 are valid access control modulesJakub Hrozek2015-10-021-0/+10
| | | | Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
* MAN: Clarify pam_trusted_users option descriptionJakub Hrozek2015-10-021-5/+9
| | | | Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
* Add Catalan translation to LINGUASRobert Antoni Buj Gelonch2015-10-021-0/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Updating translations for the 1.13.1 releaseJakub Hrozek2015-09-3016-8043/+13684
|
* PAM: Make p11_child timeout configurableMichal Židek2015-09-231-0/+12
| | | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2773 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: remove -d from manpagePavel Březina2015-09-211-1/+1
| | | | | | Short version of --debug is not acepted. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Remove trailing whitespacePavel Reichl2015-09-031-4/+4
| | | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
* sss_override: document --debug optionsPavel Březina2015-08-311-0/+16
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2758 Reviewed-by: Petr Cech <pcech@redhat.com>
* sss_override: support import and exportPavel Březina2015-08-201-0/+88
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2737 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DYNDNS: Don't use server cmd in nsupdate by defaultPavel Reichl2015-08-142-1/+10
| | | | | | | | | | | nsupdate command `server` should not be used for the first attempt to udpate DNS. It should be used only in subsequent attempts after the first attempt failed. Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DYNDNS: Add a new option dyndns_serverJakub Hrozek2015-08-142-0/+39
| | | | | | | | | | | Some environments use a different DNS server than identity server. For these environments, it would be useful to be able to override the DNS server used to perform DNS updates. This patch adds a new option dyndns_server that, if set, would be used to hardcode a DNS server address into the nsupdate message. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* IPA: Change the default of ldap_user_certificate to userCertificate;binaryJakub Hrozek2015-08-141-1/+1
| | | | | | | | | | This is safe from ldb point of view, because ldb gurantees the data is NULL-terminated. We must be careful before we save the data, though. Resolves: https://fedorahosted.org/sssd/ticket/2742 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* ssh: generate public keys from certificateSumit Bose2015-07-311-0/+13
| | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2711 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TOOLS: add sss_override for local overridesPavel Březina2015-07-273-0/+110
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2584 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DYNDNS: special value '*' for dyndns_iface optionPavel Reichl2015-07-242-7/+8
| | | | | Option dyndns_iface has now special value '*' which implies that IPs from add interfaces should be sent during DDNS update.
* DYNDNS: support mult. interfaces for dyndns_iface optPavel Reichl2015-07-242-7/+12
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2549
* Fix minor typosYuri Chornoivan2015-07-231-2/+2
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* man: List alternative schema defaults for LDAP AutoFS parametersRobin McCorkell2015-07-221-7/+10
| | | | | | | | | | | | | | | ldap_autofs_map_name and ldap_autofs_entry_key have their rfc2307bis defaults listed alongside the rfc2307 defaults. ldap_autofs_entry_object_class has a fixed description and default This patch replaces the other one I posted, implementing the alternative schema defaults Jakub suggested. Regards, Robin McCorkell Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: Add wildcard requestsJakub Hrozek2015-07-151-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2553 Can be used as: dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Users.ListByName \ string:r\* uint32:10 dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Groups \ org.freedesktop.sssd.infopipe.Groups.ListByName \ string:r\* uint32:10 dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Users.ListByDomainAndName \ string:ipaldap string:r\* uint32:10 dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Groups \ org.freedesktop.sssd.infopipe.Groups.ListByDomainAndName \ string:ipaldap string:r\* uint32:10 By default the wildcard_limit is unset, that is, the request will return all cached entries that match. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* LDAP: Add the wildcard_limit optionJakub Hrozek2015-07-151-0/+17
| | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2553 Adds a new wildcard_limit option that is set by default to 1000 (one page). This option limits the number of entries that can by default be returned by a wildcard search. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Updating the translations for the 1.13.0 releaseJakub Hrozek2015-07-0616-2565/+1496
|
* PAM: authenticate agains cachePavel Reichl2015-07-061-0/+24
| | | | | | | | | | | Enable authenticating users from cache even when SSSD is in online mode. Introduce new option `cached_auth_timeout`. Resolves: https://fedorahosted.org/sssd/ticket/1807 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-27 16:52:45 +0000