summaryrefslogtreecommitdiff
path: root/server/man
AgeCommit message (Collapse)AuthorFilesLines
2009-12-03Copy-edit sssd-ipa man pageDavid O'Brien1-18/+17
Mainly typo fixes and grammar updates. Application of RH doc styles where appropriate.
2009-11-25Get TGT in a child process.Jakub Hrozek1-1/+2
To avoid blocking in a synchronous call, the TGT is saved in a separate process Fixes: #277
2009-11-23Add ldap_pwd_policy optionSumit Bose1-0/+33
2009-11-20Add reference to sssd-krb5 man page.Simo Sorce1-0/+3
Thanks to Marko Myllynen for spotting this.
2009-11-20Validate Kerberos credentials with local keytabSumit Bose2-0/+42
2009-11-13Fix option name krb5_changepw_principalSumit Bose1-3/+3
2009-11-12Make 'permit' the default for the access targetSumit Bose1-3/+1
2009-11-12Fixes for proxy providerSumit Bose1-1/+3
- use the correct private data for each PAM task - make proxy_pam_target a mandatory option for auth, chpass and access
2009-11-09Assorted manpage fixesJakub Hrozek1-27/+14
* do not mention the sbus_timeout parameter at all * document the config_file_version parameter * different wording for negative cache
2009-11-05Update midpoint refresh logic to be relative to cache timeoutStephen Gallagher1-4/+23
2009-10-29Tidy up ipa optionsSimo Sorce2-67/+40
Do not replicate every and each option we may want to set in ipa. Just read out ldap and krb provider options (added reference in the manual too, and removed mention of ipa specific timeout values, use ldap options for that) Avoid calling auth module initialization twice, just pass the auth context to the chpass module too. Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be used for both users and groups. the user and group search bases can still be set separately if necessary but they are now optional and set to be identical to SDAP_SEARCH_BASE if not explicitly specified in the configuration.
2009-10-27Move responsibility for entry expiration timeoutSimo Sorce1-13/+12
The providers are now responsible for determining how long a cached entry is considered valid. The default is the same as before (600s)
2009-10-27Remove [dp] section from example configStephen Gallagher1-10/+3
Also remove references to the DP service from the sssd.conf manpages.
2009-10-22Add support for offline auth cache timeoutStephen Gallagher1-0/+21
This adds a new option (offline_credentials_expiration) to the [PAM] section of the sssd.conf If the user does not perform an online authentication within the timeout (in days), they will be denied auth once the timeout passes.
2009-10-22User home directories managementJakub Hrozek3-0/+154
Create and populate user directories on useradd, delete them on userdel Fixes: #212
2009-10-20Start implementing ipa specific options.Simo Sorce1-0/+182
First step generate ldap options from ipa options. Add sssd-ipa man page too.
2009-10-15more implicit provider target settingsSumit Bose1-1/+28
If auth_provider or access_provider is ont set explicitly id_provider is used if it can handle auth or access control requests respectively. If not auth defaults to 'none' and the access_provider is set to 'permit'. The option 'deny' is added for the access_provider to explicitly deny access.
2009-10-15set chpass_provider implicit if not set explicitSumit Bose1-0/+7
- if chpass_provider is not given in the configuration file but an auth_provider and the auth_provider can also handle change password requests it is used as chpass_provider.
2009-10-09Remove magicPrivateGroups optionSimo Sorce1-41/+0
In sssd only local is a native mpg domain, and it is forced. All other providers will have to unroll mpg users into a user/group pair of entries in the db. This allows the provider to automatically establish if the remote server provides mpg users w/o possibily conflicting manual configurations on the client trying to force an mpg behavior where none is provided.
2009-10-08add description of chpass_provider option to sssd.conf man pageSumit Bose1-0/+30
2009-10-05more documentation and test for sssd.confSumit Bose1-0/+5
- add a hint to the man page about permissions on sssd.conf - add a test if a symbolic link can be opened
2009-10-01Initial implementation of sasl bind supportSimo Sorce1-0/+79
Inits krb5 credentials, if sasl mech is GSSAPI. Tested with GSSAPI and host keytab as well as user credentials. Updates also manpages with the new options.
2009-09-25remove krb5_try_simple_upn option and make it a default fallbackSumit Bose1-14/+16
2009-09-25Send debug messages to logfileJakub Hrozek1-0/+12
Introduces a new option --debug-to-files which makes SSSD output its debug information to a file instead of stderr, which is still the default. Also introduces a new confdb option debug_to_files which does the same, but can be specified per-service in the config file. The logfiles are stored in /var/log/sssd by default. Changes the initscript to log to files by default.
2009-09-25add new config options ldap_tls_cacert and ldap_tls_cacertdirSumit Bose1-0/+43
2009-09-25Manpages updateJakub Hrozek3-224/+193
2009-09-24added support for older MIT kerberos versionssbose1-0/+89
- make the build of the locator plugin optional - added a man page for the locator plugin - use krb5.h if krb5/krb5.h cannot be found - added alternatives for missing functions - set -DDBUS_API_SUBJECT_TO_CHANGE if libdbus version is lesser than 1.0.0
2009-09-23add a man page for pam_sssSumit Bose1-0/+3
2009-09-23Remove provider=filesJakub Hrozek1-11/+1
Remove this provider type, as well as any references in the docs and examples to the "LEGACYLOCAL" migration domain. Fixes: #165
2009-09-18Include groupSearchBase in sssd-ldap(5) manpageStephen Gallagher1-1/+11
2009-09-18Add missing reference to sssd-ldap(5) in sssd.conf(5) manpageStephen Gallagher1-0/+3
2009-09-14added child timeout handlerSumit Bose1-0/+14
2009-09-14add krb5ccache_dir and krb5ccname_template optionSumit Bose1-0/+71
The configuration options krb5ccache_dir and krb5ccname_template are added to the Kerberos provider to create the user's credential caches the same way as pam_krb5 does. Due to the design of the sssd and the supported ccache types of MIT Kerberos only files are allowed.
2009-09-11add change password target to krb5 backendSumit Bose1-1/+16
2009-09-11Update documentation and examplesSimo Sorce2-15/+30
Remove the "legacy" option from examples and man pages. Legacy is is finally R.I.P Add docs for ldapSchema in sssd-ldap man page.
2009-09-11Small changes to the example config and manpageJakub Hrozek1-12/+25
Remove magicPrivateGroups since it's set automatically, use bool values for enumerate. Also add a notice about krb5 auth-module with a link to specialized manpage to sssd.conf(5) similar to what we have for ldap auth-module. Move both outside proxy domain description.
2009-09-10Update manpage to reflect new syntax for enumerateStephen Gallagher1-12/+6
2009-09-09Add support for the EntryCacheNoWaitRefreshTimeoutStephen Gallagher1-0/+13
This timeout specifies the lifetime of a cache entry before it is updated out-of-band. When this timeout is hit, the request will still complete from cache, but the SSSD will also go and update the cached entry in the background to extend the life of the cache entry and reduce the wait time of a future request.
2009-09-09more fixes for older libpcre versionssbose1-1/+6
- older version of libpcre only support the Python syntax (?P<name>) for named subpatterns
2009-09-01check if libpcre version is above or below 7Sumit Bose1-0/+7
PCRE_DUPNAMES is a new feature of libpcre 7. It is used in sssd to make the splitting of fully qualified user names more flexible.
2009-08-24some UPN handling fixesSumit Bose2-0/+30
- making the realm part upper case is now optional and done in the LDAP backend - using a username@realm UPN is now optional
2009-08-21extended the documentation of LDAP backendSumit Bose1-4/+185
Added man pages sections about user and group attribute mapping. Added an example configuration to access an AD server.
2009-08-21fix handling of filtersUsers in groupsSumit Bose1-0/+12
- with the boolean option filterUsersInGroups it can be controlled wether filtered users appear in groups or not. - fixed an error which prevented the display of groups with filtered members - removed some tab indents
2009-08-20Support Docbook 4.4Stephen Gallagher10-20/+20
RHEL5 did not support Docbook 4.5, and we are not using any 4.5 features.
2009-08-20Make the LOCAL provider always use MagicPrivateGroupsStephen Gallagher1-1/+7
Also updates the manpage for sssd.conf to denote this
2009-08-19enable usage of defaultBindDnSumit Bose1-0/+21
2009-08-13Make "files" a reserved word for legacy local domainJakub Hrozek1-1/+11
This patch introduces provider=files as a valid provider. Upon loading the backend, its properties in confdb are overwritten to those that represent legacy local domain. Also document this in sssd.conf(5) and example config
2009-07-02added kerberos backend with tevent_req event handlingSumit Bose1-0/+98
2009-06-30Remove redundant libPath option from proxy providerStephen Gallagher1-12/+0
The libPath should be constructed from the libName. There is no benefit to specifying it separately.
2009-06-03man page for LDAP domainsJakub Hrozek1-0/+232