| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Thanks to Marko Myllynen for spotting this.
|
|
|
|
- use the correct private data for each PAM task
- make proxy_pam_target a mandatory option for auth, chpass and access
|
|
* do not mention the sbus_timeout parameter at all
* document the config_file_version parameter
* different wording for negative cache
|
|
|
|
The providers are now responsible for determining how long a cached
entry is considered valid. The default is the same as before (600s)
|
|
Also remove references to the DP service from the sssd.conf
manpages.
|
|
This adds a new option (offline_credentials_expiration) to the
[PAM] section of the sssd.conf
If the user does not perform an online authentication within the
timeout (in days), they will be denied auth once the timeout
passes.
|
|
Create and populate user directories on useradd, delete them on userdel
Fixes: #212
|
|
If auth_provider or access_provider is ont set explicitly id_provider is
used if it can handle auth or access control requests respectively. If
not auth defaults to 'none' and the access_provider is set to 'permit'.
The option 'deny' is added for the access_provider to explicitly deny
access.
|
|
- if chpass_provider is not given in the configuration file but an
auth_provider and the auth_provider can also handle change password
requests it is used as chpass_provider.
|
|
In sssd only local is a native mpg domain, and it is forced.
All other providers will have to unroll mpg users into a user/group pair of
entries in the db. This allows the provider to automatically establish if
the remote server provides mpg users w/o possibily conflicting manual
configurations on the client trying to force an mpg behavior where none
is provided.
|
|
|
|
- add a hint to the man page about permissions on sssd.conf
- add a test if a symbolic link can be opened
|
|
|
|
|
|
Remove this provider type, as well as any references in the docs and
examples to the "LEGACYLOCAL" migration domain.
Fixes: #165
|
|
|
|
Remove the "legacy" option from examples and man pages.
Legacy is is finally R.I.P
Add docs for ldapSchema in sssd-ldap man page.
|
|
Remove magicPrivateGroups since it's set automatically, use bool values
for enumerate.
Also add a notice about krb5 auth-module with a link to specialized
manpage to sssd.conf(5) similar to what we have for ldap auth-module.
Move both outside proxy domain description.
|
|
|
|
This timeout specifies the lifetime of a cache entry before it is
updated out-of-band. When this timeout is hit, the request will
still complete from cache, but the SSSD will also go and update
the cached entry in the background to extend the life of the
cache entry and reduce the wait time of a future request.
|
|
- older version of libpcre only support the Python syntax (?P<name>)
for named subpatterns
|
|
PCRE_DUPNAMES is a new feature of libpcre 7. It is used in sssd to
make the splitting of fully qualified user names more flexible.
|
|
- with the boolean option filterUsersInGroups it can be controlled
wether filtered users appear in groups or not.
- fixed an error which prevented the display of groups with filtered
members
- removed some tab indents
|
|
RHEL5 did not support Docbook 4.5, and we are not using
any 4.5 features.
|
|
Also updates the manpage for sssd.conf to denote this
|
|
This patch introduces provider=files as a valid provider.
Upon loading the backend, its properties in confdb are overwritten to
those that represent legacy local domain.
Also document this in sssd.conf(5) and example config
|
|
The libPath should be constructed from the libName. There is no
benefit to specifying it separately.
|
|
|
