summaryrefslogtreecommitdiff
path: root/src/man/sssd.conf.5.xml
AgeCommit message (Collapse)AuthorFilesLines
2011-07-29Add vetoed_shells optionJohn Hodrien1-0/+8
There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2011-05-20Add new options to override shell valueJakub Hrozek1-0/+44
https://fedorahosted.org/sssd/ticket/742
2011-05-20Add a new option to override home directory valueJakub Hrozek1-0/+37
https://fedorahosted.org/sssd/ticket/551
2011-05-20Add a new option to override primary GID numberJakub Hrozek1-0/+9
https://fedorahosted.org/sssd/ticket/742
2011-01-19Add pam_pwd_expiration_warning config optionSumit Bose1-0/+18
2011-01-14Fix manpage typosYuri Chornoivan1-5/+5
2010-12-22Update the ID cache for any PAM requestStephen Gallagher1-0/+22
Also adds an option to limit how often we check the ID provider, so that conversations with multiple PAM requests won't update the cache multiple times. https://fedorahosted.org/sssd/ticket/749
2010-12-17Start first enumeration immediatelyStephen Gallagher1-0/+5
Previously, we would wait for ten seconds before starting an enumeration. However, this meant that on the first startup (before we had run our first enumeration) there was a ten-second window where clients would immediately get back a response with no entries instead of blocking until the enumeration completed. With this patch, SSSD will now run an enumeration immediately upon startup. Further startups will retain the ten-second delay so as not to slow down system bootups. https://fedorahosted.org/sssd/ticket/616
2010-11-15Introduce pam_verbosity config optionSumit Bose1-0/+31
Currently we display all PAM messages generated by sssd to the user. But only some of them are important and others are just some useful information. This patch introduces a new option to the PAM responder which controls what kind of messages are displayed. As an example the 'Authenticated with cached credentials' message is used. This message is only displayed if pam_verbosity=1 or if there is an expire date.
2010-10-19Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.Jan Zeleny1-1/+1
For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
2010-10-13Man pages should mention supported providersJan Zeleny1-0/+8
Each back end can support id, auth or access provider, but each back end supports different subset of these. Man pages should describe which providers are supported by each back end. Ticket: #615
2010-07-09Add try_inotify optionStephen Gallagher1-0/+28
There are some special cases where inotify cannot be used, even if the host OS claims that it is supported. In these cases, it should be possible to explicitly disable the use of inotify. https://fedorahosted.org/sssd/ticket/484
2010-06-30Add dns_discovery_domain optionJakub Hrozek1-0/+13
The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
2010-06-09Change default min_id to 1Stephen Gallagher1-3/+11
Also update manpage for min_id/max_id to be more clear about how it relates to primary GID.
2010-06-06Man page fixesJakub Hrozek1-1/+1
Fixes: #496
2010-05-20Add enumerate details to the manpage and examplesStephen Gallagher1-1/+19
2010-04-30Add dns_resolver_timeout optionStephen Gallagher1-0/+15
We had a hard-coded timeout of five seconds for DNS lookups in the async resolver. This patch adds an option 'dns_resolver_timeout' to specify this value (Default: 5)
2010-04-06Add userdel_cmd paramJakub Hrozek1-0/+14
Fixes: #231
2010-03-08Add simple access providerSumit Bose1-0/+7
2010-03-08Make filter_users and filter_groups also per-domainJakub Hrozek1-1/+3
Fixes: #290
2010-02-25Fix check for values of expiration limitsJakub Hrozek1-2/+2
There were inconsistencies between what sssd.conf manpage said and what the code enforces.
2010-02-23Better cleanup task handlingJakub Hrozek1-0/+15
Implements a different mechanism for cleanup task. Instead of just deleting expired entries, this patch adds a new option account_cache_expiration for domains. If an entry is expired and the last login was more days in the past that account_cache_expiration, the entry is deleted. Groups are deleted if they are expired and and no user references them (no user has memberof: attribute pointing at that group). The parameter account_cache_expiration is not LDAP-specific, so that other future backends might use the same timeout setting. Fixes: #391
2010-02-23Revert "Change default for enumeration to TRUE"Stephen Gallagher1-1/+1
This reverts commit 75a9f18ad8ac6e885ac34cdeebc4d8f8734713f8.
2010-02-23Do not check entries during cleanup taskJakub Hrozek1-1/+1
Do not attempt to validate expired entries in cache, just delete them. Also increase the cache timeouts. Fixes: #331
2010-02-22Restrict family lookupsJakub Hrozek1-0/+28
Adds a new option that tells resolver which address family to prefer or use exclusively. Fixes: #404
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+808
Also update BUILD.txt