diff options
Diffstat (limited to 'server/man')
| -rw-r--r-- | server/man/include/failover.xml | 42 | ||||
| -rw-r--r-- | server/man/include/param_help.xml | 10 | ||||
| -rw-r--r-- | server/man/include/upstream.xml | 4 | ||||
| -rw-r--r-- | server/man/sss_groupadd.8.xml | 81 | ||||
| -rw-r--r-- | server/man/sss_groupdel.8.xml | 69 | ||||
| -rw-r--r-- | server/man/sss_groupmod.8.xml | 95 | ||||
| -rw-r--r-- | server/man/sss_groupshow.8.xml | 76 | ||||
| -rw-r--r-- | server/man/sss_useradd.8.xml | 191 | ||||
| -rw-r--r-- | server/man/sss_userdel.8.xml | 105 | ||||
| -rw-r--r-- | server/man/sss_usermod.8.xml | 150 | ||||
| -rw-r--r-- | server/man/sssd-ipa.5.xml | 159 | ||||
| -rw-r--r-- | server/man/sssd-krb5.5.xml | 250 | ||||
| -rw-r--r-- | server/man/sssd-ldap.5.xml | 688 | ||||
| -rw-r--r-- | server/man/sssd.8.xml | 148 | ||||
| -rw-r--r-- | server/man/sssd.conf.5.xml | 808 | ||||
| -rw-r--r-- | server/man/sssd_krb5_locator_plugin.8.xml | 89 |
16 files changed, 0 insertions, 2965 deletions
diff --git a/server/man/include/failover.xml b/server/man/include/failover.xml deleted file mode 100644 index efe3ee42..00000000 --- a/server/man/include/failover.xml +++ /dev/null @@ -1,42 +0,0 @@ -<refsect1 id='failover'> - <title>FAILOVER</title> - <para> - The failover feature allows back ends to automatically switch to - a different server if the primary server fails. - </para> - <refsect2 id='failover_syntax'> - <title>Failover Syntax</title> - <para> - The list of servers is given as a comma-separated list; any - number of spaces is allowed around the comma. The servers are - listed in order of preference. The list can contain any number - of servers. - </para> - </refsect2> - <refsect2 id='failover_mechanism'> - <title>The Failover Mechanism</title> - <para> - The failover mechanism distinguishes between a machine and a - service. The back end first tries to resolve the hostname of a - given machine; if this resolution attempt fails, the machine is - considered offline. No further attempts are made to connect - to this machine for any other service. If the resolution - attempt succeeds, the back end tries to connect to a service - on this machine. If the service connection attempt fails, - then only this particular service is considered offline and - the back end automatically switches over to the next service. - The machine is still considered online and might still be tried - for another service. - </para> - <para> - Further connection attempts are made to machines or services - marked as offline after a specified period of time; this is - currently hard coded to 30 seconds. - </para> - <para> - If there are no more machines to try, the back end as a whole - switches to offline mode, and then attempts to reconnect - every 30 seconds. - </para> - </refsect2> -</refsect1> diff --git a/server/man/include/param_help.xml b/server/man/include/param_help.xml deleted file mode 100644 index a2478bf2..00000000 --- a/server/man/include/param_help.xml +++ /dev/null @@ -1,10 +0,0 @@ -<varlistentry> - <term> - <option>-h</option>,<option>--help</option> - </term> - <listitem> - <para> - Display help message and exit. - </para> - </listitem> -</varlistentry> diff --git a/server/man/include/upstream.xml b/server/man/include/upstream.xml deleted file mode 100644 index b6f633cc..00000000 --- a/server/man/include/upstream.xml +++ /dev/null @@ -1,4 +0,0 @@ -<refentryinfo> - <productname>SSSD</productname> - <orgname>The SSSD upstream - http://fedorahosted.org/sssd</orgname> -</refentryinfo> diff --git a/server/man/sss_groupadd.8.xml b/server/man/sss_groupadd.8.xml deleted file mode 100644 index 15b7ea5a..00000000 --- a/server/man/sss_groupadd.8.xml +++ /dev/null @@ -1,81 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" -"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> -<reference> -<title>SSSD Manual pages</title> -<refentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" /> - - <refmeta> - <refentrytitle>sss_groupadd</refentrytitle> - <manvolnum>8</manvolnum> - </refmeta> - - <refnamediv id='name'> - <refname>sss_groupadd</refname> - <refpurpose>create a new group</refpurpose> - </refnamediv> - - <refsynopsisdiv id='synopsis'> - <cmdsynopsis> - <command>sss_groupadd</command> - <arg choice='opt'> - <replaceable>options</replaceable> - </arg> - <arg choice='plain'><replaceable>GROUP</replaceable></arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> - <command>sss_groupadd</command> creates a new group. These groups are compatible - with POSIX groups, with the additional feature that they can contain other groups - as members. - </para> - </refsect1> - - <refsect1 id='options'> - <title>OPTIONS</title> - <variablelist remap='IP'> - <varlistentry> - <term> - <option>-g</option>,<option>--gid</option> - <replaceable>GID</replaceable> - </term> - <listitem> - <para> - Set the GID of the group to the value of <replaceable>GID</replaceable>. - If not given, it is chosen automatically. - </para> - </listitem> - </varlistentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/param_help.xml" /> - </variablelist> - </refsect1> - - <refsect1 id='see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>. - </para> - </refsect1> -</refentry> -</reference> diff --git a/server/man/sss_groupdel.8.xml b/server/man/sss_groupdel.8.xml deleted file mode 100644 index 22f4fca0..00000000 --- a/server/man/sss_groupdel.8.xml +++ /dev/null @@ -1,69 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" -"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> -<reference> -<title>SSSD Manual pages</title> -<refentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" /> - - <refmeta> - <refentrytitle>sss_groupdel</refentrytitle> - <manvolnum>8</manvolnum> - </refmeta> - - <refnamediv id='name'> - <refname>sss_groupdel</refname> - <refpurpose>create a new group</refpurpose> - </refnamediv> - - <refsynopsisdiv id='synopsis'> - <cmdsynopsis> - <command>sss_groupdel</command> - <arg choice='opt'> - <replaceable>options</replaceable> - </arg> - <arg choice='plain'><replaceable>GROUP</replaceable></arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> - <command>sss_groupdel</command> deletes a group - identified by its name <replaceable>GROUP</replaceable> - from the system. - </para> - </refsect1> - - <refsect1 id='options'> - <title>OPTIONS</title> - <variablelist remap='IP'> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/param_help.xml" /> - </variablelist> - </refsect1> - - <refsect1 id='see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>. - </para> - </refsect1> -</refentry> -</reference> diff --git a/server/man/sss_groupmod.8.xml b/server/man/sss_groupmod.8.xml deleted file mode 100644 index b2226e2e..00000000 --- a/server/man/sss_groupmod.8.xml +++ /dev/null @@ -1,95 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" -"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> -<reference> -<title>SSSD Manual pages</title> -<refentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" /> - - <refmeta> - <refentrytitle>sss_groupmod</refentrytitle> - <manvolnum>8</manvolnum> - </refmeta> - - <refnamediv id='name'> - <refname>sss_groupmod</refname> - <refpurpose>modify a group</refpurpose> - </refnamediv> - - <refsynopsisdiv id='synopsis'> - <cmdsynopsis> - <command>sss_groupmod</command> - <arg choice='opt'> - <replaceable>options</replaceable> - </arg> - <arg choice='plain'><replaceable>GROUP</replaceable></arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> - <command>sss_groupmod</command> modifies the - group to reflect the changes that are specified on - the command line. - </para> - </refsect1> - - <refsect1 id='options'> - <title>OPTIONS</title> - <variablelist remap='IP'> - <varlistentry> - <term> - <option>-a</option>,<option>--append-group</option> - <replaceable>GROUPS</replaceable> - </term> - <listitem> - <para> - Append this group to groups specified by the - <replaceable>GROUPS</replaceable> parameter. - The <replaceable>GROUPS</replaceable> parameter - is a comma separated list of group names. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-r</option>,<option>--remove-group</option> - <replaceable>GROUPS</replaceable> - </term> - <listitem> - <para> - Remove this group from groups specified by the - <replaceable>GROUPS</replaceable> parameter. - </para> - </listitem> - </varlistentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/param_help.xml" /> - </variablelist> - </refsect1> - - <refsect1 id='see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>. - </para> - </refsect1> -</refentry> -</reference> diff --git a/server/man/sss_groupshow.8.xml b/server/man/sss_groupshow.8.xml deleted file mode 100644 index 13e2dfcb..00000000 --- a/server/man/sss_groupshow.8.xml +++ /dev/null @@ -1,76 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" -"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> -<reference> -<title>SSSD Manual pages</title> -<refentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" /> - - <refmeta> - <refentrytitle>sss_groupshow</refentrytitle> - <manvolnum>8</manvolnum> - </refmeta> - - <refnamediv id='name'> - <refname>sss_groupshow</refname> - <refpurpose>print properties of a group</refpurpose> - </refnamediv> - - <refsynopsisdiv id='synopsis'> - <cmdsynopsis> - <command>sss_groupshow</command> - <arg choice='opt'> - <replaceable>options</replaceable> - </arg> - <arg choice='plain'><replaceable>GROUP</replaceable></arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> - <command>sss_groupshow</command> displays information about a group - identified by its name <replaceable>GROUP</replaceable>. The information - includes the group ID number, members of the group and the parent group. - </para> - </refsect1> - - <refsect1 id='options'> - <title>OPTIONS</title> - <variablelist remap='IP'> - <varlistentry> - <term> - <option>-R</option>,<option>--recursive</option> - </term> - <listitem> - <para> - Also print indirect group members in a tree-like hierarchy. - </para> - </listitem> - </varlistentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/param_help.xml" /> - </variablelist> - </refsect1> - - <refsect1 id='see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>. - </para> - </refsect1> -</refentry> -</reference> diff --git a/server/man/sss_useradd.8.xml b/server/man/sss_useradd.8.xml deleted file mode 100644 index 7620ffda..00000000 --- a/server/man/sss_useradd.8.xml +++ /dev/null @@ -1,191 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" -"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> -<reference> -<title>SSSD Manual pages</title> -<refentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" /> - - <refmeta> - <refentrytitle>sss_useradd</refentrytitle> - <manvolnum>8</manvolnum> - </refmeta> - - <refnamediv id='name'> - <refname>sss_useradd</refname> - <refpurpose>create a new user</refpurpose> - </refnamediv> - - <refsynopsisdiv id='synopsis'> - <cmdsynopsis> - <command>sss_useradd</command> - <arg choice='opt'> - <replaceable>options</replaceable> - </arg> - <arg choice='plain'><replaceable>LOGIN</replaceable></arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> - <command>sss_useradd</command> creates a new user account using - the values specified on the command line plus the default values from - the system. - </para> - </refsect1> - - <refsect1 id='options'> - <title>OPTIONS</title> - <variablelist remap='IP'> - <varlistentry> - <term> - <option>-u</option>,<option>--uid</option> - <replaceable>UID</replaceable> - </term> - <listitem> - <para> - Set the UID of the user to the value of <replaceable>UID</replaceable>. - If not given, it is chosen automatically. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-g</option>,<option>--gid</option> - <replaceable>GID</replaceable> - </term> - <listitem> - <para> - Set the GID or group membership of the user to the value - of <replaceable>GID</replaceable>. If not given, it is - chosen automatically. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-c</option>,<option>--gecos</option> - <replaceable>COMMENT</replaceable> - </term> - <listitem> - <para> - Any text string describing the user. Often used as - the field for the user's full name. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-h</option>,<option>--home</option> - <replaceable>HOME_DIR</replaceable> - </term> - <listitem> - <para> - The home directory of the user account. - The default is to append the <replaceable>LOGIN</replaceable> name - to <filename>/home</filename> and use that as the home directory. - The base that is prepended before <replaceable>LOGIN</replaceable> is tunable - with <quote>user_defaults/baseDirectory</quote> setting in sssd.conf. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-s</option>,<option>--shell</option> - <replaceable>SHELL</replaceable> - </term> - <listitem> - <para> - The user's login shell. The default is currently <filename>/bin/bash</filename>. - The default can be changed with - <quote>user_defaults/defaultShell</quote> setting - in sssd.conf. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-G</option>,<option>--groups</option> - <replaceable>GROUPS</replaceable> - </term> - <listitem> - <para> - A list of existing groups this user is also a member of. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-m</option>,<option>--create-home</option> - </term> - <listitem> - <para> - Create the user's home directory if it does not - exist. The files and directories contained in the - skeleton directory (which can be defined with the - -k option or in the config file) will be copied - to the home directory. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-M</option>,<option>--no-create-home</option> - </term> - <listitem> - <para> - Do not create the user's home directory. Overrides - configuration settings. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-k</option>,<option>--skel</option> - <replaceable>SKELDIR</replaceable> - </term> - <listitem> - <para> - The skeleton directory, which contains files - and directories to be copied in the user's home - directory, when the home directory is - created by <command>sss_useradd</command>. - </para> - <para> - This option is only valid if the <option>-m</option> - (or <option>--create-home</option>) option is - specified, or creation of home directories is set to TRUE - in the configuration. - </para> - </listitem> - </varlistentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/param_help.xml" /> - </variablelist> - </refsect1> - - <refsect1 id='see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>. - </para> - </refsect1> -</refentry> -</reference> diff --git a/server/man/sss_userdel.8.xml b/server/man/sss_userdel.8.xml deleted file mode 100644 index 0c495297..00000000 --- a/server/man/sss_userdel.8.xml +++ /dev/null @@ -1,105 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" -"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> -<reference> -<title>SSSD Manual pages</title> -<refentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" /> - - <refmeta> - <refentrytitle>sss_userdel</refentrytitle> - <manvolnum>8</manvolnum> - </refmeta> - - <refnamediv id='name'> - <refname>sss_userdel</refname> - <refpurpose>delete a user account</refpurpose> - </refnamediv> - - <refsynopsisdiv id='synopsis'> - <cmdsynopsis> - <command>sss_userdel</command> - <arg choice='opt'> - <replaceable>options</replaceable> - </arg> - <arg choice='plain'><replaceable>LOGIN</replaceable></arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> - <command>sss_userdel</command> deletes a user - identified by login name <replaceable>LOGIN</replaceable> - from the system. - </para> - </refsect1> - - <refsect1 id='options'> - <title>OPTIONS</title> - <variablelist remap='IP'> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/param_help.xml" /> - <varlistentry> - <term> - <option>-r</option>,<option>--remove</option> - </term> - <listitem> - <para> - Files in the user's home directory will be - removed along with the home directory itself and - the user's mail spool. Overrides the configuration. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-R</option>,<option>--no-remove</option> - </term> - <listitem> - <para> - Files in the user's home directory will NOT be - removed along with the home directory itself and - the user's mail spool. Overrides the configuration. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-f</option>,<option>--force</option> - </term> - <listitem> - <para> - This option forces <command>sss_userdel</command> - to remove the user's home directory and mail spool, - even if they are not owned by the specified user. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>. - </para> - </refsect1> -</refentry> -</reference> diff --git a/server/man/sss_usermod.8.xml b/server/man/sss_usermod.8.xml deleted file mode 100644 index b94fc738..00000000 --- a/server/man/sss_usermod.8.xml +++ /dev/null @@ -1,150 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" -"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> -<reference> -<title>SSSD Manual pages</title> -<refentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" /> - - <refmeta> - <refentrytitle>sss_usermod</refentrytitle> - <manvolnum>8</manvolnum> - </refmeta> - - <refnamediv id='name'> - <refname>sss_usermod</refname> - <refpurpose>modify a user account</refpurpose> - </refnamediv> - - <refsynopsisdiv id='synopsis'> - <cmdsynopsis> - <command>sss_usermod</command> - <arg choice='opt'> - <replaceable>options</replaceable> - </arg> - <arg choice='plain'><replaceable>LOGIN</replaceable></arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> - <command>sss_usermod</command> modifies the - account specified by <replaceable>LOGIN</replaceable> - to reflect the changes that are specified on the command line. - </para> - </refsect1> - - <refsect1 id='options'> - <title>OPTIONS</title> - <variablelist remap='IP'> - <varlistentry> - <term> - <option>-c</option>,<option>--gecos</option> - <replaceable>COMMENT</replaceable> - </term> - <listitem> - <para> - Any text string describing the user. Often used as - the field for the user's full name. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-h</option>,<option>--home</option> - <replaceable>HOME_DIR</replaceable> - </term> - <listitem> - <para> - The home directory of the user account. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-s</option>,<option>--shell</option> - <replaceable>SHELL</replaceable> - </term> - <listitem> - <para> - The user's login shell. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-a</option>,<option>--append-group</option> - <replaceable>GROUPS</replaceable> - </term> - <listitem> - <para> - Append this user to groups specified by the - <replaceable>GROUPS</replaceable> parameter. - The <replaceable>GROUPS</replaceable> parameter - is a comma separated list of group names. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-r</option>,<option>--remove-group</option> - <replaceable>GROUPS</replaceable> - </term> - <listitem> - <para> - Remove this user from groups specified by the - <replaceable>GROUPS</replaceable> parameter. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-l</option>,<option>--lock</option> - </term> - <listitem> - <para> - Lock the user account. The user won't be able - to log in. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-u</option>,<option>--unlock</option> - </term> - <listitem> - <para> - Unlock the user account. - </para> - </listitem> - </varlistentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/param_help.xml" /> - </variablelist> - </refsect1> - - <refsect1 id='see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>. - </para> - </refsect1> -</refentry> -</reference> diff --git a/server/man/sssd-ipa.5.xml b/server/man/sssd-ipa.5.xml deleted file mode 100644 index d1ba1c52..00000000 --- a/server/man/sssd-ipa.5.xml +++ /dev/null @@ -1,159 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" -"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> -<reference> -<title>SSSD Manual pages</title> -<refentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" /> - - <refmeta> - <refentrytitle>sssd-ipa</refentrytitle> - <manvolnum>5</manvolnum> - <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo> - </refmeta> - - <refnamediv id='name'> - <refname>sssd-ipa</refname> - <refpurpose>the configuration file for SSSD</refpurpose> - </refnamediv> - - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> - This manual page describes the configuration of the IPA provider - for - <citerefentry> - <refentrytitle>sssd</refentrytitle> - <manvolnum>8</manvolnum> - </citerefentry>. - For a detailed syntax reference, refer to the <quote>FILE FORMAT</quote> section of the - <citerefentry> - <refentrytitle>sssd.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> manual page. - </para> - <para> - The IPA provider is a back end used to connect to an IPA server. - (Refer to the freeipa.org web site for information about IPA servers.) - This provider requires that the machine be joined to the IPA domain; - configuration is almost entirely self-discovered and obtained - directly from the server. - </para> - <para> - The IPA provider accepts the same options used by the - <citerefentry> - <refentrytitle>sssd-ldap</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> identity provider and the - <citerefentry> - <refentrytitle>sssd-krb5</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> authentication provider. - However, it is neither necessary nor recommended to set these options. - </para> - </refsect1> - - <refsect1 id='file-format'> - <title>CONFIGURATION OPTIONS</title> - <para>Refer to the section <quote>DOMAIN SECTIONS</quote> of the - <citerefentry> - <refentrytitle>sssd.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> manual page for details on the configuration of an SSSD domain. - <variablelist> - <varlistentry> - <term>ipa_domain (string)</term> - <listitem> - <para> - Specifies the name of the IPA domain. - This is optional. If not provided, the configuration - domain name is used. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ipa_server (string)</term> - <listitem> - <para> - The list of IP addresses or hostnames of the - IPA servers to which SSSD should connect in - the order of preference. For more information - on failover and server redundancy, see the - <quote>FAILOVER</quote> section. - This is optional if autodiscovery is enabled. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ipa_hostname (string)</term> - <listitem> - <para> - Optional. May be set on machines where the - hostname(5) does not reflect the fully qualified - name used in the IPA domain to identify this host. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>krb5_validate (boolean)</term> - <listitem> - <para> - Verify with the help of krb5_keytab that the TGT - obtained has not been spoofed. - </para> - <para> - Default: true - </para> - <para> - Note that this default differs from the - traditional Kerberos provider back end. - </para> - </listitem> - </varlistentry> - - </variablelist> - </para> - </refsect1> - - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/failover.xml" /> - - <refsect1 id='example'> - <title>EXAMPLE</title> - <para> - The following example assumes that SSSD is correctly - configured and example.com is one of the domains in the - <replaceable>[sssd]</replaceable> section. This examples shows only - the ipa provider-specific options. - </para> - <para> -<programlisting> - [domain/example.com] - id_provider = ipa - ipa_server = ipaserver.example.com - ipa_hostname = myhost.example.com -</programlisting> - </para> - </refsect1> - - <refsect1 id='see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> -</reference> diff --git a/server/man/sssd-krb5.5.xml b/server/man/sssd-krb5.5.xml deleted file mode 100644 index 32b6c293..00000000 --- a/server/man/sssd-krb5.5.xml +++ /dev/null @@ -1,250 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" -"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> -<reference> -<title>SSSD Manual pages</title> -<refentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" /> - - <refmeta> - <refentrytitle>sssd-krb5</refentrytitle> - <manvolnum>5</manvolnum> - <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo> - </refmeta> - - <refnamediv id='name'> - <refname>sssd-krb5</refname> - <refpurpose>the configuration file for SSSD</refpurpose> - </refnamediv> - - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> - This manual page describes the configuration of the Kerberos - 5 authentication backend for - <citerefentry> - <refentrytitle>sssd</refentrytitle> - <manvolnum>8</manvolnum> - </citerefentry>. - For a detailed syntax reference, please refer to the <quote>FILE FORMAT</quote> section of the - <citerefentry> - <refentrytitle>sssd.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> manual page - </para> - <para> - The Kerberos 5 authentication backend does not contain an identity - provider and must be paired with one in order to function properly (for - example, id_provider = ldap). Some information required by the Kerberos - 5 authentication backend must be provided by the identity provider, such - as the user's Kerberos Principal Name (UPN). The configuration of the - identity provider should have an entry to specify the UPN. Please refer - to the man page for the applicable identity provider for details on how - to configure this. - </para> - <para> - In the case where the UPN is not available in the identity backend - <command>sssd</command> will construct a UPN using the format - <replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>. - </para> - - </refsect1> - - <refsect1 id='file-format'> - <title>CONFIGURATION OPTIONS</title> - <para> - If the auth-module krb5 is used in a SSSD domain, the following - options must be used. See the - <citerefentry> - <refentrytitle>sssd.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> manual page, section <quote>DOMAIN SECTIONS</quote> - for details on the configuration of a SSSD domain. - <variablelist> - <varlistentry> - <term>krb5_kdcip (string)</term> - <listitem> - <para> - Specifies the list of IP addresses or hostnames - of the Kerberos servers to which SSSD should - connect in the order of preference. For more - information on failover and server redundancy, - see the <quote>FAILOVER</quote> section. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>krb5_realm (string)</term> - <listitem> - <para> - The name of the Kerberos realm. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>krb5_changepw_principal (string)</term> - <listitem> - <para> - The priciple of the change password service. - If only the 'identifier/instance' part of the - principal are given the realm part is added - automatically. - </para> - <para> - Default: kadmin/changepw - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>krb5_ccachedir (string)</term> - <listitem> - <para> - Directory to store credential caches. - </para> - <para> - Default: /tmp - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>krb5_ccname_template (string)</term> - <listitem> - <para> - Location of the user's credential cache. Currently - only file based credential caches are supported. In - the template the following sequences are - substituted: - <variablelist> - <varlistentry> - <term>%u</term> - <listitem><para>login name</para></listitem> - </varlistentry> - <varlistentry> - <term>%U</term> - <listitem><para>login UID</para></listitem> - </varlistentry> - <varlistentry> - <term>%p</term> - <listitem><para>principal name</para> - </listitem> - </varlistentry> - <varlistentry> - <term>%r</term> - <listitem><para>realm name</para></listitem> - </varlistentry> - <varlistentry> - <term>%h</term> - <listitem><para>home directory</para> - </listitem> - </varlistentry> - <varlistentry> - <term>%d</term> - <listitem><para>value of krb5ccache_dir - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>%P</term> - <listitem><para>the process ID of the sssd - client</para> - </listitem> - </varlistentry> - <varlistentry> - <term>%%</term> - <listitem><para>a literal '%'</para> - </listitem> - </varlistentry> - </variablelist> - If the template ends with 'XXXXXX' mkstemp(3) is - used to create a unique filename in a safe way. - </para> - <para> - Default: FILE:%d/krb5cc_%U_XXXXXX - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>krb5_auth_timeout (integer)</term> - <listitem> - <para> - Timeout in seconds after an online authentication or - change password request is aborted. If possible the - authentication request is continued offline. - </para> - <para> - Default: 15 - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>krb5_validate (boolean)</term> - <listitem> - <para> - Verify with the help of krb5_keytab that the TGT obtained has not been spoofed. - </para> - <para> - Default: false - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>krb5_keytab (string)</term> - <listitem> - <para> - The location of the keytab to use when validating - credentials obtained from KDCs. - </para> - <para> - Default: /etc/krb5.keytab - </para> - </listitem> - </varlistentry> - - </variablelist> - </para> - </refsect1> - - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/failover.xml" /> - - <refsect1 id='example'> - <title>EXAMPLE</title> - <para> - The following example assumes that SSSD is correctly - configured and FOO is one of the domains in the - <replaceable>[sssd]</replaceable> section. This example shows - only configuration of Kerberos authentication, it does not include - any identity provider. - </para> - <para> -<programlisting> - [domain/FOO] - auth_provider = krb5 - krb5_kdcip = 192.168.1.1 - krb5_realm = EXAMPLE.COM -</programlisting> - </para> - </refsect1> - - <refsect1 id='see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> -</reference> diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml deleted file mode 100644 index b79cbbc9..00000000 --- a/server/man/sssd-ldap.5.xml +++ /dev/null @@ -1,688 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" -"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> -<reference> -<title>SSSD Manual pages</title> -<refentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" /> - - <refmeta> - <refentrytitle>sssd-ldap</refentrytitle> - <manvolnum>5</manvolnum> - <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo> - </refmeta> - - <refnamediv id='name'> - <refname>sssd-ldap</refname> - <refpurpose>the configuration file for SSSD</refpurpose> - </refnamediv> - - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> - This manual page describes the configuration of LDAP - domains for - <citerefentry> - <refentrytitle>sssd</refentrytitle> - <manvolnum>8</manvolnum> - </citerefentry>. - Refer to the <quote>FILE FORMAT</quote> section of the - <citerefentry> - <refentrytitle>sssd.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> manual page for detailed syntax information.</para> - <para> - You can configure SSSD to use more than one LDAP domain. - </para> - <para> - If you want to authenticate against an LDAP server then TLS/SSL is - required. <command>sssd</command> <emphasis>does not</emphasis> - support authentication over an unencrypted channel. If the LDAP - server is used only as an identify provider, an encrypted channel - is not needed. - </para> - </refsect1> - - <refsect1 id='file-format'> - <title>CONFIGURATION OPTIONS</title> - <para> - All of the common configuration options that apply to SSSD domains also apply - to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section of the - <citerefentry> - <refentrytitle>sssd.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> manual page for full details. - - <variablelist> - <varlistentry> - <term>ldap_uri (string)</term> - <listitem> - <para> - Specifies the list of URIs of the LDAP servers to which - SSSD should connect in the order of preference. Refer to the - <quote>FAILOVER</quote> section for more information on failover and server redundancy. - </para> - <para> - Default: ldap://localhost - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_search_base (string)</term> - <listitem> - <para> - The default base DN to use for - performing LDAP user operations. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_schema (string)</term> - <listitem> - <para> - Specifies the Schema Type in use on the target LDAP - server. - Depending on the selected schema, the default - attribute names retrieved from the servers may vary. - The way that some attributes are handled may also differ. - - Two schema types are currently supported: - rfc2307 - rfc2307bis - - The main difference between these two schema types is - how group memberships are recorded in the server. - With rfc2307, group members are listed by name in the - <emphasis>memberUid</emphasis> attribute. - With rfc2307bis, group members are listed by DN and - stored in the <emphasis>member</emphasis> attribute. - - </para> - <para> - Default: rfc2307 - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_default_bind_dn (string)</term> - <listitem> - <para> - The default bind DN to use for - performing LDAP operations. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_default_authtok_type (string)</term> - <listitem> - <para> - The type of the authentication token of the - default bind DN. The only currently supported value is "password". - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_default_authtok (string)</term> - <listitem> - <para> - The authentication token of the default bind DN. - Only clear text passwords are currently supported. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_user_search_base (string)</term> - <listitem> - <para> - An optional base DN to restrict user searches - to a specific subtree. - </para> - <para> - Default: the value of - <emphasis>ldap_search_base</emphasis> - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_user_object_class (string)</term> - <listitem> - <para> - The object class of a user entry in LDAP. - </para> - <para> - Default: posixAccount - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_user_name (string)</term> - <listitem> - <para> - The LDAP attribute that corresponds to the - user's login name. - </para> - <para> - Default: uid - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_user_uid_number (string)</term> - <listitem> - <para> - The LDAP attribute that corresponds to the - user's id. - </para> - <para> - Default: uidNumber - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_user_gid_number (string)</term> - <listitem> - <para> - The LDAP attribute that corresponds to the - user's primary group id. - </para> - <para> - Default: gidNumber - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_user_gecos (string)</term> - <listitem> - <para> - The LDAP attribute that corresponds to the - user's gecos field. - </para> - <para> - Default: gecos - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_user_home_directory (string)</term> - <listitem> - <para> - The LDAP attribute that contains the name of the user's - home directory. - </para> - <para> - Default: homeDirectory - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_user_shell (string)</term> - <listitem> - <para> - The LDAP attribute that contains the path to the - user's default shell. - </para> - <para> - Default: loginShell - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_user_uuid (string)</term> - <listitem> - <para> - The LDAP attribute that contains the UUID/GUID of - an LDAP user object. - </para> - <para> - Default: nsUniqueId - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_user_principal (string)</term> - <listitem> - <para> - The LDAP attribute that contains the user's Kerberos - User Principle Name (UPN). - </para> - <para> - Default: krbPrincipalName - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_force_upper_case_realm (boolean)</term> - <listitem> - <para> - Some directory servers, for example Active Directory, - might deliver the realm part of the UPN in lower case, - which might cause the authentication to fail. Set this - option to a non-zero value if you want to use an - upper-case realm. - </para> - <para> - Default: false - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_user_fullname (string)</term> - <listitem> - <para> - The LDAP attribute that corresponds to the - user's full name. - </para> - <para> - Default: cn - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_user_member_of (string)</term> - <listitem> - <para> - The LDAP attribute that lists the user's - group memberships. - </para> - <para> - Default: memberOf - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_group_search_base (string)</term> - <listitem> - <para> - An optional base DN to restrict group searches - to a specific subtree. - </para> - <para> - Default: the value of - <emphasis>ldap_search_base</emphasis> - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_group_object_class (string)</term> - <listitem> - <para> - The object class of a group entry in LDAP. - </para> - <para> - Default: posixGroup - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_group_name (string)</term> - <listitem> - <para> - The LDAP attribute that corresponds to - the group name. - </para> - <para> - Default: cn - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_group_gid_number (string)</term> - <listitem> - <para> - The LDAP attribute that corresponds to the - group's id. - </para> - <para> - Default: gidNumber - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_group_member (string)</term> - <listitem> - <para> - The LDAP attribute that contains the names of - the group's members. - </para> - <para> - Default: memberuid (rfc2307) / member (rfc2307bis) - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_group_uuid (string)</term> - <listitem> - <para> - The LDAP attribute that contains the UUID/GUID of - an LDAP group object. - </para> - <para> - Default: nsUniqueId - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_network_timeout (integer)</term> - <listitem> - <para> - Specifies the timeout (in seconds) after which - the - <citerefentry> - <refentrytitle>poll</refentrytitle> - <manvolnum>2</manvolnum> - </citerefentry>/<citerefentry> - <refentrytitle>select</refentrytitle> - <manvolnum>2</manvolnum> - </citerefentry> - following a - <citerefentry> - <refentrytitle>connect</refentrytitle> - <manvolnum>2</manvolnum> - </citerefentry> - returns in case of no activity. - </para> - <para> - Default: 5 - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_opt_timeout (integer)</term> - <listitem> - <para> - Specifies a timeout (in seconds) after which - calls to synchronous LDAP APIs will abort if no - response is received. Also controls the timeout - when communicating with the KDC in case of SASL bind. - </para> - <para> - Default: 5 - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_tls_reqcert (string)</term> - <listitem> - <para> - Specifies what checks to perform on server - certificates in a TLS session, if any. It - can be specified as one of the following - values: - </para> - <para> - <emphasis>never</emphasis> = The client will - not request or check any server certificate. - </para> - <para> - <emphasis>allow</emphasis> = The server - certificate is requested. If no certificate is - provided, the session proceeds normally. If a - bad certificate is provided, it will be ignored - and the session proceeds normally. - </para> - <para> - <emphasis>try</emphasis> = The server certificate - is requested. If no certificate is provided, the - session proceeds normally. If a bad certificate - is provided, the session is immediately terminated. - </para> - <para> - <emphasis>demand</emphasis> = The server - certificate is requested. If no certificate - is provided, or a bad certificate is provided, - the session is immediately terminated. - </para> - <para> - <emphasis>hard</emphasis> = Same as - <quote>demand</quote> - </para> - <para> - Default: hard - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_tls_cacert (string)</term> - <listitem> - <para> - Specifies the file that contains certificates for - all of the Certificate Authorities that - <command>sssd</command> will recognize. - </para> - <para> - Default: use OpenLDAP defaults, typically in - <filename>/etc/openldap/ldap.conf</filename> - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_tls_cacertdir (string)</term> - <listitem> - <para> - Specifies the path of a directory that contains - Certificate Authority certificates in separate - individual files. Typically the file names need to - be the hash of the certificate followed by '.0'. - If available, <command>cacertdir_rehash</command> - can be used to create the correct names. - </para> - <para> - Default: use OpenLDAP defaults, typically in - <filename>/etc/openldap/ldap.conf</filename> - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_id_use_start_tls (boolean)</term> - <listitem> - <para> - Specifies that the id_provider connection must also - use <systemitem class="protocol">tls</systemitem> to protect the channel. - </para> - <para> - Default: false - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_sasl_mech (string)</term> - <listitem> - <para> - Specify the SASL mechanism to use. - Currently only GSSAPI is tested and supported. - </para> - <para> - Default: none - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_sasl_authid (string)</term> - <listitem> - <para> - Specify the SASL authorization id to use. - When GSSAPI is used, this represents the Kerberos - principal used for authentication to the directory. - </para> - <para> - Default: host/machine.fqdn@REALM - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_krb5_keytab (string)</term> - <listitem> - <para> - Specify the keytab to use when using SASL/GSSAPI. - </para> - <para> - Default: System keytab, normally <filename>/etc/krb5.keytab</filename> - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_krb5_init_creds (boolean)</term> - <listitem> - <para> - Specifies that the id_provider should init - Kerberos credentials (TGT). - This action is performed only if SASL is used and - the mechanism selected is GSSAPI. - </para> - <para> - Default: true - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>krb5_realm (string)</term> - <listitem> - <para> - Specify the Kerberos REALM (for SASL/GSSAPI auth). - </para> - <para> - Default: System defaults, see <filename>/etc/krb5.conf</filename> - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_pwd_policy (string)</term> - <listitem> - <para> - Select the policy to evaluate the password - expiration on the client side. The following values - are allowed: - </para> - <para> - <emphasis>none</emphasis> - No evaluation on the - client side. This option cannot disable server-side - password policies. - </para> - <para> - <emphasis>shadow</emphasis> - Use - <citerefentry><refentrytitle>shadow</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> style - attributes to evaluate if the password has expired. - Note that the current version of sssd cannot - update this attribute during a password change. - </para> - <para> - <emphasis>mit_kerberos</emphasis> - Use the attributes - used by MIT Kerberos to determine if the password has - expired. Use chpass_provider=krb5 to update these - attributes when the password is changed. - </para> - <para> - Default: none - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ldap_referrals (boolean)</term> - <listitem> - <para> - Specifies whether automatic referral chasing should - be enabled. - </para> - <para> - Please note that sssd only supports referral chasing - when it is compiled with OpenLDAP version 2.4.13 or - higher. - </para> - <para> - Default: true - </para> - </listitem> - </varlistentry> - - </variablelist> - </para> - </refsect1> - - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/failover.xml" /> - - <refsect1 id='example'> - <title>EXAMPLE</title> - <para> - The following example assumes that SSSD is correctly - configured and LDAP is set to one of the domains in the - <replaceable>[domains]</replaceable> section. - </para> - <para> -<programlisting> - [domain/LDAP] - id_provider = ldap - auth_provider = ldap - ldap_uri = ldap://ldap.mydomain.org - ldap_search_base = dc=mydomain,dc=org - ldap_tls_reqcert = demand - cache_credentials = true - enumerate = true -</programlisting> - </para> - </refsect1> - - <refsect1 id='notes'> - <title>NOTES</title> - <para> - The descriptions of some of the configuration options in this manual - page are based on the <citerefentry> - <refentrytitle>ldap.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> manual page from the OpenLDAP 2.4 distribution. - </para> - </refsect1> - - <refsect1 id='see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> -</reference> diff --git a/server/man/sssd.8.xml b/server/man/sssd.8.xml deleted file mode 100644 index 5e45a336..00000000 --- a/server/man/sssd.8.xml +++ /dev/null @@ -1,148 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" -"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> -<reference> -<title>SSSD Manual pages</title> -<refentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" /> - - <refmeta> - <refentrytitle>sssd</refentrytitle> - <manvolnum>8</manvolnum> - </refmeta> - - <refnamediv id='name'> - <refname>sssd</refname> - <refpurpose>System Security Services Daemon</refpurpose> - </refnamediv> - - <refsynopsisdiv id='synopsis'> - <cmdsynopsis> - <command>sssd</command> - <arg choice='opt'> - <replaceable>options</replaceable> - </arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> - <command>SSSD</command> provides a set of daemons to manage access to remote - directories and authentication mechanisms. It provides an NSS and - PAM interface toward the system and a pluggable backend system to - connect to multiple different account sources as well as D-Bus - interface. It is also the basis to provide client auditing and - policy services for projects like FreeIPA. It provides a more robust database - to store local users as well as extended user data. - </para> - </refsect1> - - <refsect1 id='options'> - <title>OPTIONS</title> - <variablelist remap='IP'> - <varlistentry> - <term> - <option>-d</option>,<option>--debug-level</option> - <replaceable>LEVEL</replaceable> - </term> - <listitem> - <para> - Debug level to run the daemon with. 0 is the default as well - as the lowest allowed value, 10 is the most verbose mode. This setting - overrides the settings from config file. This parameter implies <option>-i</option>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>debug_timestamps (bool)</term> - <listitem> - <para> - Add a timestamp to the debug messages - </para> - <para> - Default: false - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-f</option>,<option>--debug-to-files</option> - </term> - <listitem> - <para> - Send the debug output to files instead of stderr. By default, the - log files are stored in <filename>/var/log/sssd</filename> and - there are separate log files for every SSSD service and domain. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-D</option>,<option>--daemon</option> - </term> - <listitem> - <para> - Become a daemon after starting up. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-i</option>,<option>--interactive</option> - </term> - <listitem> - <para> - Run in the foreground, don't become a daemon. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>-c</option>,<option>--config</option> - </term> - <listitem> - <para> - Specify a non-default config file. The default is - <filename>/etc/sssd/sssd.conf</filename>. For reference - on the config file syntax and options, consult the - <citerefentry> - <refentrytitle>sssd.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> - manual page. - </para> - </listitem> - </varlistentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/param_help.xml" /> - </variablelist> - </refsect1> - - <refsect1 id='see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>. - </para> - </refsect1> -</refentry> -</reference> diff --git a/server/man/sssd.conf.5.xml b/server/man/sssd.conf.5.xml deleted file mode 100644 index 7b240c8f..00000000 --- a/server/man/sssd.conf.5.xml +++ /dev/null @@ -1,808 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" -"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> -<reference> -<title>SSSD Manual pages</title> -<refentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" /> - - <refmeta> - <refentrytitle>sssd.conf</refentrytitle> - <manvolnum>5</manvolnum> - <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo> - </refmeta> - - <refnamediv id='name'> - <refname>sssd.conf</refname> - <refpurpose>the configuration file for SSSD</refpurpose> - </refnamediv> - - <refsect1 id='file-format'> - <title>FILE FORMAT</title> - - <para> - The file has an ini-style syntax and consists of sections and - parameters. A section begins with the name of the section in - square brackets and continues until the next section begins. An - example of section with single and multi-valued parameters: - <programlisting> - <replaceable>[section]</replaceable> - <replaceable>key</replaceable> = <replaceable>value</replaceable> - <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable> - </programlisting> - </para> - - <para> - The data types used are string (no quotes needed), integer - and bool (with values of <quote>TRUE/FALSE</quote>). - </para> - - <para> - A line comment starts with a hash sign (<quote>#</quote>) or a - semicolon (<quote>;</quote>) - </para> - - <para> - All sections can have an optional - <replaceable>description</replaceable> parameter. Its function - is only as a label for the section. - </para> - - <para> - <filename>sssd.conf</filename> must be a regular file, owned by - root and only root may read from or write to the file. - </para> - </refsect1> - - <refsect1 id='special-sections'> - <title>SPECIAL SECTIONS</title> - - <refsect2 id='services'> - <title>The [sssd] section</title> - <para> - Individual pieces of SSSD functionality are provided by special - SSSD services that are started and stopped together with SSSD. - The services are managed by a special service frequently called - <quote>monitor</quote>. The <quote>[sssd]</quote> section is used - to configure the monitor as well as some other important options - like the identity domains. - <variablelist> - <title>Section parameters</title> - <varlistentry> - <term>config_file_version (integer)</term> - <listitem> - <para> - Indicates what is the syntax of the config - file. SSSD 0.6.0 and later use version 2. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>services</term> - <listitem> - <para> - Comma separated list of services that are - started when sssd itself starts. - </para> - <para> - Supported services: nss, pam - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>reconnection_retries (integer)</term> - <listitem> - <para> - Number of times services should attempt to - reconnect in the event of a Data Provider - crash or restart before they give up - </para> - <para> - Default: 3 - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>domains</term> - <listitem> - <para> - A domain is a database containing user - information. SSSD can use more domains - at the same time, but at least one - must be configured or SSSD won't start. - This parameter described the list of domains - in the order you want them to be queried. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>re_expression (string)</term> - <listitem> - <para> - Regular expression that describes how to parse the string - containing user name and domain into these components. - </para> - <para> - Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> - which translates to "the name is everything up to the - <quote>@</quote> sign, the domain everything after that" - </para> - <para> - PLEASE NOTE: the support for non-unique named - subpatterns is not available on all plattforms - (e.g. RHEL5 and SLES10). Only plattforms with - libpcre version 7 or higher can support non-unique - named subpatterns. - </para> - <para> - PLEASE NOTE ALSO: older version of libpcre only - support the Python syntax (?P<name>) to label - subpatterns. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>full_name_format (string)</term> - <listitem> - <para> - A <citerefentry> - <refentrytitle>printf</refentrytitle> - <manvolnum>3</manvolnum> - </citerefentry>-compatible format that describes how to - translate a (name, domain) tuple into a fully qualified - name. - </para> - <para> - Default: <quote>%1$s@%2$s</quote>. - </para> - </listitem> - </varlistentry> - </variablelist> - </para> - </refsect2> - - </refsect1> - - <refsect1 id='services-sections'> - <title>SERVICES SECTIONS</title> - <para> - Settings that can be used to configure different services - are described in this section. They should reside in the - [<replaceable>$NAME</replaceable>] section, for example, - for NSS service, the section would be <quote>[nss]</quote> - </para> - - <refsect2 id='general'> - <title>General service configuration options</title> - <para> - These options can be used to configure any service. - </para> - <variablelist> - <varlistentry> - <term>debug_level (integer)</term> - <listitem> - <para> - Sets the debug level for the service. The - value can be in range from 0 (only critical - messages) to 10 (very verbose). - </para> - <para> - Default: 0 - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>debug_timestamps (bool)</term> - <listitem> - <para> - Add a timestamp to the debug messages - </para> - <para> - Default: true - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>reconnection_retries (integer)</term> - <listitem> - <para> - Number of times services should attempt to - reconnect in the event of a Data Provider - crash or restart before they give up - </para> - <para> - Default: 3 - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>command (string)</term> - <listitem> - <para> - By default, the executable - representing this service is called - <command>sssd_${service_name}</command>. - This directive allows to change the executable - name for the service. In the vast majority of - configurations, the default values should suffice. - </para> - <para> - Default: <command>sssd_${service_name}</command> - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect2> - - <refsect2 id='NSS'> - <title>NSS configuration options</title> - <para> - These options can be used to configure the - Name Service Switch (NSS) service. - </para> - <variablelist> - <varlistentry> - <term>enum_cache_timeout (integer)</term> - <listitem> - <para> - How many seconds should nss_sss cache enumerations - (requests for info about all users) - </para> - <para> - Default: 120 - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>entry_cache_nowait_percentage (integer)</term> - <listitem> - <para> - The entry cache can be set to automatically update - entries in the background if they are requested - beyond a percentage of the entry_cache_timeout - value for the domain. - </para> - <para> - For example, if the domain's entry_cache_timeout - is set to 30s and entry_cache_nowait_percentage is - set to 50 (percent), entries that come in after 15 - seconds past the last cache update will be - returned immediately, but the SSSD will go and - update the cache on its own, so that future - requests will not need to block waiting for a - cache update. - </para> - <para> - Valid values for this option are 0-99 and - represent a percentage of the entry_cache_timeout - for each domain. For performance reasons, this - percentage will never reduce the nowait timeout to - less than 10 seconds. - (0 disables this feature) - </para> - <para> - Default: 0 - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>entry_negative_timeout (integer)</term> - <listitem> - <para> - Specifies for how long nss_sss should cache - negative cache hits (that is, queries for - invalid database entries, like nonexistent ones) - before asking the back end again. - </para> - <para> - Default: 15 - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>filter_users, filter_groups (string)</term> - <listitem> - <para> - Exclude certain users from being fetched from the sss - NSS database. This is particulary useful for system - accounts. - </para> - <para> - Default: root - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>filter_users_in_groups (bool)</term> - <listitem> - <para> - If you want filtered user still be group members - set this option to false. - </para> - <para> - Default: true - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect2> - <refsect2 id='PAM'> - <title>PAM configuration options</title> - <para> - These options can be used to configure the - Pluggable Authentication Module (PAM) service. - </para> - <variablelist> - <varlistentry> - <term>offline_credentials_expiration (integer)</term> - <listitem> - <para> - If the authentication provider is offline, how - long should we allow cached logins (in days since - the last successful online login). - </para> - <para> - Default: 0 (No limit) - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>offline_failed_login_attempts (integer)</term> - <listitem> - <para> - If the authentication provider is offline, how - many failed login attempts are allowed. - </para> - <para> - Default: 0 (No limit) - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>offline_failed_login_delay (integer)</term> - <listitem> - <para> - The time in minutes which has to pass after - offline_failed_login_attempts has been reached - before a new login attempt is possible. - </para> - <para> - If set to 0 the user cannot authenticate offline if - offline_failed_login_attempts has been reached. Only - a successful online authentication can enable - enable offline authentication again. - </para> - <para> - Default: 5 - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect2> - </refsect1> - - <refsect1 id='domain-sections'> - <title>DOMAIN SECTIONS</title> - <para> - These configuration options can be present in a domain - configuration section, that is, in a section called - <quote>[domain/<replaceable>NAME</replaceable>]</quote> - <variablelist> - <varlistentry> - <term>min_id,max_id (integer)</term> - <listitem> - <para> - UID limits for the domain. If a domain contains - entry that is outside these limits, it is ignored - </para> - <para> - Default: 1000 for min_id, 0 (no limit) for max_id - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>timeout (integer)</term> - <listitem> - <para> - Timeout in seconds between heartbeats for this domain. - This is used to ensure that the backend process is - alive and capable of answering requests. - </para> - <para> - Default: 10 - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>enumerate (bool)</term> - <listitem> - <para> - Determines if a domain can be enumerated. This - parameter can have one of the following values: - </para> - <para> - TRUE = Users and groups are enumerated - </para> - <para> - FALSE = No enumerations for this domain - </para> - <para> - Default: TRUE - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>entry_cache_timeout (integer)</term> - <listitem> - <para> - How many seconds should nss_sss consider - entries valid before asking the backend again - </para> - <para> - Default: 600 - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>cache_credentials (bool)</term> - <listitem> - <para> - Determines if user credentials are also cached - in the local LDB cache - </para> - <para> - Default: FALSE - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>id_provider (string)</term> - <listitem> - <para> - The Data Provider identity backend to use for this - domain. - </para> - <para> - Supported backends: - </para> - <para> - proxy: Support a legacy NSS provider - </para> - <para> - local: SSSD internal local provider - </para> - <para> - ldap: LDAP provider - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>use_fully_qualified_names (bool)</term> - <listitem> - <para> - If set to TRUE, all requests to this domain - must use fully qualified names. For example, - if used in LOCAL domain that contains a "test" - user, <command>getent passwd test</command> - wouldn't find the user while <command>getent - passwd test@LOCAL</command> would. - </para> - <para> - Default: FALSE - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>auth_provider (string)</term> - <listitem> - <para> - The authentication provider used for the domain. - Supported auth providers are: - </para> - <para> - <quote>ldap</quote> for native LDAP authentication. See - <citerefentry> - <refentrytitle>sssd-ldap</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> for more information on configuring LDAP. - </para> - <para> - <quote>krb5</quote> for Kerberos authentication. See - <citerefentry> - <refentrytitle>sssd-krb5</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> for more information on configuring Kerberos. - </para> - <para> - <quote>proxy</quote> for relaying authentication to some other PAM target. - </para> - <para> - <quote>none</quote> disables authentication explicitly. - </para> - <para> - Default: <quote>id_provider</quote> is used if it - is set and can handle authentication requests. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>access_provider (string)</term> - <listitem> - <para> - The access control provider used for the domain. - There are two built-in access providers (in - addition to any included in installed backends) - Internal special providers are: - </para> - <para> - <quote>permit</quote> always allow access. - </para> - <para> - <quote>deny</quote> always deny access. - </para> - <para> - Default: <quote>permit</quote> - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>chpass_provider (string)</term> - <listitem> - <para> - The provider which should handle change password - operations for the domain. - Supported change password providers are: - </para> - <para> - <quote>ldap</quote> to change a password stored - in a LDAP server. See - <citerefentry> - <refentrytitle>sssd-ldap</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> for more information on configuring LDAP. - </para> - <para> - <quote>krb5</quote> to change the Kerberos - password. See - <citerefentry> - <refentrytitle>sssd-krb5</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> for more information on configuring Kerberos. - </para> - <para> - <quote>proxy</quote> for relaying password changes - to some other PAM target. - </para> - <para> - <quote>none</quote> disallows password changes explicitly. - </para> - <para> - Default: <quote>auth_provider</quote> is used if it - is set and can handle change password requests. - </para> - </listitem> - </varlistentry> - </variablelist> - </para> - - <para> - Options valid for proxy domains. - - <variablelist> - <varlistentry> - <term>proxy_pam_target (string)</term> - <listitem> - <para> - The proxy target PAM proxies to. - </para> - <para> - Default: not set by default, you have to take an - existing pam configuration or create a new one and - add the service name here. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>proxy_lib_name (string)</term> - <listitem> - <para> - The name of the NSS library to use in proxy - domains. The NSS functions searched for in the - library are in the form of - _nss_$(libName)_$(function), for example - _nss_files_getpwent. - </para> - </listitem> - </varlistentry> - </variablelist> - </para> - - <refsect2 id='local_domain'> - <title>The local domain section</title> - <para> - This section contains settings for domain that stores users and - groups in SSSD native database, that is, a domain that uses - <replaceable>id_provider=local</replaceable>. - </para> - <variablelist> - <title>Section parameters</title> - <varlistentry> - <term>default_shell (string)</term> - <listitem> - <para> - The default shell for users created - with SSSD userspace tools. - </para> - <para> - Default: <filename>/bin/bash</filename> - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>base_directory (string)</term> - <listitem> - <para> - The tools append the login name to - <replaceable>base_directory</replaceable> and - use that as the home directory. - </para> - <para> - Default: <filename>/home</filename> - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>create_homedir (bool)</term> - <listitem> - <para> - Indicate if a home directory should be created by default for new users. - Can be overriden on command line. - </para> - <para> - Default: TRUE - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>remove_homedir (bool)</term> - <listitem> - <para> - Indicate if a home directory should be removed by default for deleted users. - Can be overriden on command line. - </para> - <para> - Default: TRUE - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>homedir_umask (integer)</term> - <listitem> - <para> - Used by - <citerefentry> - <refentrytitle>sss_useradd</refentrytitle> - <manvolnum>8</manvolnum> - </citerefentry> to specify the default permissions on a newly created - home directory. - </para> - <para> - Default: 077 - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>skel_dir (string)</term> - <listitem> - <para> - The skeleton directory, which contains files - and directories to be copied in the user's - home directory, when the home directory is - created by - <citerefentry> - <refentrytitle>sss_useradd</refentrytitle> - <manvolnum>8</manvolnum> - </citerefentry> - </para> - <para> - Default: <filename>/etc/skel</filename> - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>mail_dir (string)</term> - <listitem> - <para> - The mail spool directory. This is needed to - manipulate the mailbox when its corresponding - user account is modified or deleted. - If not specified, a default - value is used. - </para> - <para> - Default: <filename>/var/mail</filename> - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect2> - - </refsect1> - - <refsect1 id='example'> - <title>EXAMPLE</title> - <para> - The following example shows a typical SSSD config. It does - not describe configuration of the domains themselves - refer to - documentation on configuring domains for more details. -<programlisting> -[sssd] -domains = LDAP -services = nss, pam -config_file_version = 2 - -[nss] -filter_groups = root -filter_users = root - -[pam] - -[domain/LDAP] -id_provider = ldap -ldap_uri = ldap://ldap.example.com -ldap_search_base = dc=example,dc=com - -auth_provider = krb5 -krb5_kdcip = kerberos.example.com -krb5_realm = EXAMPLE.COM -cache_credentials = true - -min_id = 10000 -max_id = 20000 -enumerate = true -</programlisting> - </para> - </refsect1> - - <refsect1 id='see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>. - </para> - </refsect1> -</refentry> -</reference> diff --git a/server/man/sssd_krb5_locator_plugin.8.xml b/server/man/sssd_krb5_locator_plugin.8.xml deleted file mode 100644 index 6c60431f..00000000 --- a/server/man/sssd_krb5_locator_plugin.8.xml +++ /dev/null @@ -1,89 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" -"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> -<reference> -<title>SSSD Manual pages</title> -<refentry> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" /> - - <refmeta> - <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> - <manvolnum>8</manvolnum> - </refmeta> - - <refnamediv id='name'> - <refname>sssd_krb5_locator_plugin</refname> - <refpurpose>the configuration file for SSSD</refpurpose> - </refnamediv> - - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> - The Kerberos locator plugin - <command>sssd_krb5_locator_plugin</command> is used by the Kerberos - provider of - <citerefentry> - <refentrytitle>sssd</refentrytitle> - <manvolnum>8</manvolnum> - </citerefentry> - to tell the Kerberos libraries what Realm and which KDC to use. - Typically this is done in - <citerefentry> - <refentrytitle>krb5.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> - which is always read by the Kerberos libraries. To simplyfy the - configuration the Realm and the KDC can be defined in - <citerefentry> - <refentrytitle>sssd.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> - as described in - <citerefentry> - <refentrytitle>sssd-krb5.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> - </para> - <para> - <citerefentry> - <refentrytitle>sssd</refentrytitle> - <manvolnum>8</manvolnum> - </citerefentry> - puts the Realm and the name or IP address of the KDC into the - enviroment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. - When <command>sssd_krb5_locator_plugin</command> is called by the - kerberos libraries it reads and evaluates these variable and returns - them to the libraries. - </para> - </refsect1> - - <refsect1 id='notes'> - <title>NOTES</title> - <para> - Not all Kerberos implementations support the use of plugins. If - <command>sssd_krb5_locator_plugin</command> is not available on - your system you have to edit /etc/krb5.conf to reflect your - Kerberos setup. - </para> - <para> - If the enviroment variable SSSD_KRB5_LOCATOR_DEBUG is set to any - value debug messages will be sent to stderr. - </para> - </refsect1> - - <refsect1 id='see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> -</reference> |