From c2d7b2271eafd27b41736624e4e5da121073279d Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 22 Oct 2009 11:58:06 -0400
Subject: Add support for offline auth cache timeout

This adds a new option (offline_credentials_expiration) to the
[PAM] section of the sssd.conf

If the user does not perform an online authentication within the
timeout (in days), they will be denied auth once the timeout
passes.
---
 server/man/sssd.conf.5.xml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'server/man')

diff --git a/server/man/sssd.conf.5.xml b/server/man/sssd.conf.5.xml
index 9baed088..f735b076 100644
--- a/server/man/sssd.conf.5.xml
+++ b/server/man/sssd.conf.5.xml
@@ -327,6 +327,27 @@
                 </varlistentry>
             </variablelist>
         </refsect2>
+        <refsect2 id='PAM'>
+            <title>PAM configuration options</title>
+            <para>
+                These options can be used to configure the
+                Pluggable Authentication Module (PAM) service.
+            </para>
+            <variablelist>
+                <varlistentry>
+                    <term>offline_credentials_expiration (integer)</term>
+                    <listitem>
+                        <para>
+                            If the authentication provider is offline, how
+                            long should we allow cached logins (in days).
+                        </para>
+                        <para>
+                            Default: 0 (No limit)
+                        </para>
+                    </listitem>
+                </varlistentry>
+            </variablelist>
+        </refsect2>
     </refsect1>
 
     <refsect1 id='domain-sections'>
-- 
cgit