summaryrefslogtreecommitdiff
path: root/server/man
AgeCommit message (Collapse)AuthorFilesLines
2010-02-18Rename server/ directory to src/Stephen Gallagher16-2965/+0
Also update BUILD.txt
2010-02-12Add check for broken LDAP connection callbacksSumit Bose1-1/+1
2010-02-10sss_groupshow improvementsJakub Hrozek1-1/+11
This patch fixes the following issues: * man page issues (#395) * show info on MPGs (#396) * recursively print indirect members (#397) * the list of groupnames is comma separated (#398) * output inconsistencies (#399)
2010-02-10Few misc minor man page bugsJakub Hrozek3-26/+23
* sssd.conf * sbus_timeout was used in an example but explained nowhere * enum_cache_timeout unit was not defined * same for entry_cache_timeout * store_legacy_passwords option does not exist anymore * better example than domain/LOCAL - domain/LDAP which uses krb5/ldap * sssd.conf(5) listed sssd.conf(5) in SEE ALSO section * sssd-krb5, sssd-ldap * these include each other in SEE ALSO section Fixes: #393
2010-02-05Document when LDAP referral chasing is availableSumit Bose1-0/+5
2010-02-05Enable debug_timestamps by defaultStephen Gallagher1-1/+1
It can be overridden in the sssd.conf or on the commandline with --debug-timestamps=0
2010-02-02Add offline failed login counterSumit Bose1-1/+35
2010-02-02Add new option ldap_referralsSumit Bose1-0/+13
2010-01-20Deleting nonexistent users or groups is not a noopJakub Hrozek2-4/+2
The manual pages for userdel and groupdel utilities incorrectly stated that deleting a nonexistent user or group is a noop. We changed that behavior, but forgot to sync the documentation.
2010-01-20document debug_timestampsJakub Hrozek2-0/+22
2010-01-20sss_groupshow - a utility to print properties of a local groupJakub Hrozek7-0/+84
This patch adds a utility called sss_groupshow that allows user to print properties of a group in the local domain. Fixes: #306
2010-01-14Copy-edit, mainly fixing typos and EnglishDavid O'Brien2-71/+68
Some reformatting to stay within 79 char line length. Better definition of server vs. machine usage in failover section.
2009-12-17Clarify access_provider manpage entryStephen Gallagher1-1/+3
We support installed access providers as well as permit and deny
2009-12-17Change default for enumeration to TRUEStephen Gallagher1-1/+1
2009-12-15Fix tight loop in monitorStephen Gallagher1-4/+4
If the domain heartbeat time was explicitly set in the configuration to 0, we would enter a tight loop in the heartbeat check and never answer requests from the child processes.
2009-12-10Document the failover feature in manpagesJakub Hrozek4-4/+61
Fixes: #309
2009-12-03Copy-edit sssd-ipa man pageDavid O'Brien1-18/+17
Mainly typo fixes and grammar updates. Application of RH doc styles where appropriate.
2009-11-25Get TGT in a child process.Jakub Hrozek1-1/+2
To avoid blocking in a synchronous call, the TGT is saved in a separate process Fixes: #277
2009-11-23Add ldap_pwd_policy optionSumit Bose1-0/+33
2009-11-20Add reference to sssd-krb5 man page.Simo Sorce1-0/+3
Thanks to Marko Myllynen for spotting this.
2009-11-20Validate Kerberos credentials with local keytabSumit Bose2-0/+42
2009-11-13Fix option name krb5_changepw_principalSumit Bose1-3/+3
2009-11-12Make 'permit' the default for the access targetSumit Bose1-3/+1
2009-11-12Fixes for proxy providerSumit Bose1-1/+3
- use the correct private data for each PAM task - make proxy_pam_target a mandatory option for auth, chpass and access
2009-11-09Assorted manpage fixesJakub Hrozek1-27/+14
* do not mention the sbus_timeout parameter at all * document the config_file_version parameter * different wording for negative cache
2009-11-05Update midpoint refresh logic to be relative to cache timeoutStephen Gallagher1-4/+23
2009-10-29Tidy up ipa optionsSimo Sorce2-67/+40
Do not replicate every and each option we may want to set in ipa. Just read out ldap and krb provider options (added reference in the manual too, and removed mention of ipa specific timeout values, use ldap options for that) Avoid calling auth module initialization twice, just pass the auth context to the chpass module too. Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be used for both users and groups. the user and group search bases can still be set separately if necessary but they are now optional and set to be identical to SDAP_SEARCH_BASE if not explicitly specified in the configuration.
2009-10-27Move responsibility for entry expiration timeoutSimo Sorce1-13/+12
The providers are now responsible for determining how long a cached entry is considered valid. The default is the same as before (600s)
2009-10-27Remove [dp] section from example configStephen Gallagher1-10/+3
Also remove references to the DP service from the sssd.conf manpages.
2009-10-22Add support for offline auth cache timeoutStephen Gallagher1-0/+21
This adds a new option (offline_credentials_expiration) to the [PAM] section of the sssd.conf If the user does not perform an online authentication within the timeout (in days), they will be denied auth once the timeout passes.
2009-10-22User home directories managementJakub Hrozek3-0/+154
Create and populate user directories on useradd, delete them on userdel Fixes: #212
2009-10-20Start implementing ipa specific options.Simo Sorce1-0/+182
First step generate ldap options from ipa options. Add sssd-ipa man page too.
2009-10-15more implicit provider target settingsSumit Bose1-1/+28
If auth_provider or access_provider is ont set explicitly id_provider is used if it can handle auth or access control requests respectively. If not auth defaults to 'none' and the access_provider is set to 'permit'. The option 'deny' is added for the access_provider to explicitly deny access.
2009-10-15set chpass_provider implicit if not set explicitSumit Bose1-0/+7
- if chpass_provider is not given in the configuration file but an auth_provider and the auth_provider can also handle change password requests it is used as chpass_provider.
2009-10-09Remove magicPrivateGroups optionSimo Sorce1-41/+0
In sssd only local is a native mpg domain, and it is forced. All other providers will have to unroll mpg users into a user/group pair of entries in the db. This allows the provider to automatically establish if the remote server provides mpg users w/o possibily conflicting manual configurations on the client trying to force an mpg behavior where none is provided.
2009-10-08add description of chpass_provider option to sssd.conf man pageSumit Bose1-0/+30
2009-10-05more documentation and test for sssd.confSumit Bose1-0/+5
- add a hint to the man page about permissions on sssd.conf - add a test if a symbolic link can be opened
2009-10-01Initial implementation of sasl bind supportSimo Sorce1-0/+79
Inits krb5 credentials, if sasl mech is GSSAPI. Tested with GSSAPI and host keytab as well as user credentials. Updates also manpages with the new options.
2009-09-25remove krb5_try_simple_upn option and make it a default fallbackSumit Bose1-14/+16
2009-09-25Send debug messages to logfileJakub Hrozek1-0/+12
Introduces a new option --debug-to-files which makes SSSD output its debug information to a file instead of stderr, which is still the default. Also introduces a new confdb option debug_to_files which does the same, but can be specified per-service in the config file. The logfiles are stored in /var/log/sssd by default. Changes the initscript to log to files by default.
2009-09-25add new config options ldap_tls_cacert and ldap_tls_cacertdirSumit Bose1-0/+43
2009-09-25Manpages updateJakub Hrozek3-224/+193
2009-09-24added support for older MIT kerberos versionssbose1-0/+89
- make the build of the locator plugin optional - added a man page for the locator plugin - use krb5.h if krb5/krb5.h cannot be found - added alternatives for missing functions - set -DDBUS_API_SUBJECT_TO_CHANGE if libdbus version is lesser than 1.0.0
2009-09-23add a man page for pam_sssSumit Bose1-0/+3
2009-09-23Remove provider=filesJakub Hrozek1-11/+1
Remove this provider type, as well as any references in the docs and examples to the "LEGACYLOCAL" migration domain. Fixes: #165
2009-09-18Include groupSearchBase in sssd-ldap(5) manpageStephen Gallagher1-1/+11
2009-09-18Add missing reference to sssd-ldap(5) in sssd.conf(5) manpageStephen Gallagher1-0/+3
2009-09-14added child timeout handlerSumit Bose1-0/+14
2009-09-14add krb5ccache_dir and krb5ccname_template optionSumit Bose1-0/+71
The configuration options krb5ccache_dir and krb5ccname_template are added to the Kerberos provider to create the user's credential caches the same way as pam_krb5 does. Due to the design of the sssd and the supported ccache types of MIT Kerberos only files are allowed.
2009-09-11add change password target to krb5 backendSumit Bose1-1/+16