diff options
Diffstat (limited to 'src/examples')
-rw-r--r-- | src/examples/sssd.conf | 81 | ||||
-rw-r--r-- | src/examples/sssdproxytest | 5 | ||||
-rw-r--r-- | src/examples/sudo | 6 |
3 files changed, 92 insertions, 0 deletions
diff --git a/src/examples/sssd.conf b/src/examples/sssd.conf new file mode 100644 index 00000000..82c6d6b0 --- /dev/null +++ b/src/examples/sssd.conf @@ -0,0 +1,81 @@ +[sssd] +config_file_version = 2 +# Number of times services should attempt to reconnect in the +# event of a crash or restart before they give up +reconnection_retries = 3 +# if a backend is particularly slow you can raise this timeout here +sbus_timeout = 30 +services = nss, pam +; domains = LOCAL,LDAP +# SSSD will not start if you don't configure any domain. +# Add new domains condifgurations as [domain/<NAME>] sections. +# Then add the list of domains (in the order you want them to be +# queried in the 'domains" attribute above and uncomment it + + +[nss] +# the following prevents sssd for searching for the root user/group in +# all domains (you can add here a comma separated list of system accounts are +# always going to be /etc/passwd users, or that you want to filter out) +filter_groups = root +filter_users = root +reconnection_retries = 3 + +# The EntryCacheTimeout indicates the number of seconds to retain before +# an entry in cache is considered stale and must block to refresh. +# The EntryCacheNoWaitRefreshTimeout indicates the number of seconds to +# wait before updating the cache out-of-band. (NSS requests will still +# be returned from cache until the full EntryCacheTimeout). Setting this +# value to 0 turns this feature off (default) +; entry_cache_timeout = 600 +; entry_cache_nowait_timeout = 300 + +[pam] +reconnection_retries = 3 + +# Example LOCAL domain that stores all users natively in the SSSD internal +# directory. These local users and groups are not visibile in /etc/passwd, it +# now contains only root and system accounts. +; [domain/LOCAL] +; description = LOCAL Users domain +; id_provider = local +; enumerate = true +; min_id = 500 +; max_id = 999 + +# Example native LDAP domain +; [domain/LDAP] +; id_provider = ldap +; auth_provider = ldap +; ldap_uri = ldap://ldap.mydomain.org +; ldap_user_search_base = dc=mydomain,dc=org +; ldap_tls_reqcert = demand +; cache_credentials = true +; enumerate = true + +# Example LDAP domain where the LDAP server is an Active Directory server. + +; [domain/AD] +; description = LDAP domain with AD server +; enumerate = false +; min_id = 1000 +; +; id_provider = ldap +; auth_provider = ldap +; ldap_uri = ldap://your.ad.server.com +; ldap_schema = rfc2307bis +; ldap_user_search_base = cn=users,dc=example,dc=com +; ldap_group_search_base = cn=users,dc=example,dc=com +; ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com +; ldap_default_authtok_type = password +; ldap_default_authtok = YOUR_PASSWORD +; ldap_user_object_class = person +; ldap_user_name = msSFU30Name +; ldap_user_uid_number = msSFU30UidNumber +; ldap_user_gid_number = msSFU30GidNumber +; ldap_user_home_directory = msSFU30HomeDirectory +; ldap_user_shell = msSFU30LoginShell +; ldap_user_principal = userPrincipalName +; ldap_group_object_class = group +; ldap_group_name = msSFU30Name +; ldap_group_gid_number = msSFU30GidNumber diff --git a/src/examples/sssdproxytest b/src/examples/sssdproxytest new file mode 100644 index 00000000..14217969 --- /dev/null +++ b/src/examples/sssdproxytest @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth irequired pam_ldap.so + +account required pam_ldap.so + diff --git a/src/examples/sudo b/src/examples/sudo new file mode 100644 index 00000000..4af91ba6 --- /dev/null +++ b/src/examples/sudo @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_sss.so +account required pam_sss.so +password required pam_sss.so +session optional pam_keyinit.so revoke +session required pam_limits.so |