summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Zeleny <jzeleny@redhat.com>2010-09-29 12:37:04 +0200
committerStephen Gallagher <sgallagh@redhat.com>2010-10-13 07:56:20 -0400
commit39b0adeaaf2429c7cbad045f7f8a79d51d02bee5 (patch)
treedc9e83062eb7a29fdaab535584b52e16c1799f84
parent3b1df539835367cb81cd5ff0f9959947d5642e55 (diff)
downloadsssd-39b0adeaaf2429c7cbad045f7f8a79d51d02bee5.tar.gz
sssd-39b0adeaaf2429c7cbad045f7f8a79d51d02bee5.tar.bz2
sssd-39b0adeaaf2429c7cbad045f7f8a79d51d02bee5.zip
Man pages should mention supported providers
Each back end can support id, auth or access provider, but each back end supports different subset of these. Man pages should describe which providers are supported by each back end. Ticket: #615
-rw-r--r--src/man/sssd-ipa.5.xml4
-rw-r--r--src/man/sssd-krb5.5.xml17
-rw-r--r--src/man/sssd-ldap.5.xml12
-rw-r--r--src/man/sssd.conf.5.xml8
4 files changed, 28 insertions, 13 deletions
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 95f8613d..afa52e3c 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -50,6 +50,10 @@
<manvolnum>5</manvolnum>
</citerefentry> authentication provider.
However, it is neither necessary nor recommended to set these options.
+ IPA provider can also be used as an access and chpass provider. As an
+ access provider it uses HBAC (host-based access control) rules. Please
+ refer to freeipa.org for more information about HBAC. No configuration
+ of access provider is required on the client side.
</para>
</refsect1>
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml
index 489a5072..dbe96a1d 100644
--- a/src/man/sssd-krb5.5.xml
+++ b/src/man/sssd-krb5.5.xml
@@ -33,14 +33,15 @@
</citerefentry> manual page
</para>
<para>
- The Kerberos 5 authentication backend does not contain an identity
- provider and must be paired with one in order to function properly (for
- example, id_provider = ldap). Some information required by the Kerberos
- 5 authentication backend must be provided by the identity provider, such
- as the user's Kerberos Principal Name (UPN). The configuration of the
- identity provider should have an entry to specify the UPN. Please refer
- to the man page for the applicable identity provider for details on how
- to configure this.
+ The Kerberos 5 authentication backend contains auth and chpass
+ providers. It must be paired with identity provider in
+ order to function properly (for example, id_provider = ldap). Some
+ information required by the Kerberos 5 authentication backend must
+ be provided by the identity provider, such as the user's Kerberos
+ Principal Name (UPN). The configuration of the identity provider
+ should have an entry to specify the UPN. Please refer to the man
+ page for the applicable identity provider for details on how to
+ configure this.
</para>
<para>
In the case where the UPN is not available in the identity backend
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index b32096dd..402ab906 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -35,11 +35,13 @@
You can configure SSSD to use more than one LDAP domain.
</para>
<para>
- If you want to authenticate against an LDAP server then TLS/SSL is
- required. <command>sssd</command> <emphasis>does not</emphasis>
- support authentication over an unencrypted channel. If the LDAP
- server is used only as an identify provider, an encrypted channel
- is not needed.
+ LDAP back end supports id, auth, access and chpass providers. If you want
+ to authenticate against an LDAP server either TLS/SSL, LDAPS, or
+ LDAP+GSSAPI is required. <command>sssd</command> <emphasis>does
+ not</emphasis> support authentication over an unencrypted channel.
+ If the LDAP server is used only as an identity provider, an encrypted
+ channel is not needed. Please refer to <quote>ldap_access_filter</quote>
+ config option for more information about using LDAP as an access provider.
</para>
</refsect1>
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 850dfdd3..d00de05c 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -639,6 +639,14 @@
Supported change password providers are:
</para>
<para>
+ <quote>ipa</quote> to change a password stored
+ in an IPA server. See
+ <citerefentry>
+ <refentrytitle>sssd-ipa</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry> for more information on configuring IPA.
+ </para>
+ <para>
<quote>ldap</quote> to change a password stored
in a LDAP server. See
<citerefentry>