summaryrefslogtreecommitdiff
path: root/src/man
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-02-25 17:30:47 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-03-08 17:03:11 -0500
commit16ac0d6e148b1e07e579d47de1da7ac541447bd2 (patch)
treeba8fb7ce106004196fe250d148e6e1dd56bc40c1 /src/man
parentbe808d684da855e09741a1dcfec0865e57c46321 (diff)
downloadsssd-16ac0d6e148b1e07e579d47de1da7ac541447bd2.tar.gz
sssd-16ac0d6e148b1e07e579d47de1da7ac541447bd2.tar.bz2
sssd-16ac0d6e148b1e07e579d47de1da7ac541447bd2.zip
Add simple access provider
Diffstat (limited to 'src/man')
-rw-r--r--src/man/sssd-simple.5.xml124
-rw-r--r--src/man/sssd.conf.5.xml7
2 files changed, 131 insertions, 0 deletions
diff --git a/src/man/sssd-simple.5.xml b/src/man/sssd-simple.5.xml
new file mode 100644
index 00000000..260d15ab
--- /dev/null
+++ b/src/man/sssd-simple.5.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
+"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
+<reference>
+<title>SSSD Manual pages</title>
+<refentry>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" />
+
+ <refmeta>
+ <refentrytitle>sssd-simple</refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id='name'>
+ <refname>sssd-simple</refname>
+ <refpurpose>the configuration file for SSSD's 'simple' access-control
+ provider</refpurpose>
+ </refnamediv>
+
+ <refsect1 id='description'>
+ <title>DESCRIPTION</title>
+ <para>
+ This manual page describes the configuration of the simple
+ access-control provider for
+ <citerefentry>
+ <refentrytitle>sssd</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>.
+ For a detailed syntax reference, refer to the
+ <quote>FILE FORMAT</quote> section of the
+ <citerefentry>
+ <refentrytitle>sssd.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry> manual page.
+ </para>
+ <para>
+ The simple access provider grants or denies access based on an
+ access or deny list of user names. Here to following rules apply:
+ <itemizedlist>
+ <listitem>
+ <para>If both lists are empty, access is granted</para>
+ </listitem>
+ <listitem>
+ <para>If simple_allow_users is set, only users from this
+ list are allowed access.</para>
+ <para>This setting supersedes the simple_deny_users list
+ (which would be redundant).</para>
+ </listitem>
+ <listitem>
+ <para>If the simple_allow_users list is empty, users are
+ allowed access unless they appear in the
+ simple_deny_users list</para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </refsect1>
+
+ <refsect1 id='file-format'>
+ <title>CONFIGURATION OPTIONS</title>
+ <para>Refer to the section <quote>DOMAIN SECTIONS</quote> of the
+ <citerefentry>
+ <refentrytitle>sssd.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry> manual page for details on the configuration of an
+ SSSD domain.
+ <variablelist>
+ <varlistentry>
+ <term>simple_allow_users (string)</term>
+ <listitem>
+ <para>
+ Comma separated list of users who are allowed to log
+ in.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>simple_deny_users (string)</term>
+ <listitem>
+ <para>
+ Comma separated list of users who are rejected if
+ simple_allow_users is not set.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </para>
+ <para>
+ Please note that it is an configuration error if both,
+ simple_allow_users and simple_deny_users, are defined.
+ </para>
+ </refsect1>
+
+ <refsect1 id='example'>
+ <title>EXAMPLE</title>
+ <para>
+ The following example assumes that SSSD is correctly
+ configured and example.com is one of the domains in the
+ <replaceable>[sssd]</replaceable> section. This examples shows only
+ the simple access provider-specific options.
+ </para>
+ <para>
+<programlisting>
+ [domain/example.com]
+ access_provider = simple
+ simple_allow_users = user1, user2
+</programlisting>
+ </para>
+ </refsect1>
+
+ <refsect1 id='see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+</refentry>
+</reference>
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 6303fcbc..daf61afc 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -565,6 +565,13 @@
<quote>deny</quote> always deny access.
</para>
<para>
+ <quote>simple</quote> access control based on access
+ or deny lists. See <citerefentry>
+ <refentrytitle>sssd-simple</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry> for more
+ information on configuring the simple access module.
+ </para>
+ <para>
Default: <quote>permit</quote>
</para>
</listitem>