summaryrefslogtreecommitdiff
path: root/src/man/sssd.conf.5.xml
AgeCommit message (Collapse)AuthorFilesLines
2013-05-07AD: read flat name and SID of the AD domainSumit Bose1-0/+4
For various features either the flat/short/NetBIOS domain name or the domain SID is needed. Since the responders already try to do a subdomain lookup when and known domain name is encountered I added a subdomain lookup to the AD provider which currently only reads the SID from the base DN and the NetBIOS name from a reply of a LDAP ping. The results are written to the cache to have them available even if SSSD is started in offline mode. Looking up trusted domains can be added later. Since all the needed responder code is already available from the corresponding work for the IPA provider this patch fixes https://fedorahosted.org/sssd/ticket/1468
2013-04-26Document the naming convention for SSSD domainsJakub Hrozek1-0/+2
https://fedorahosted.org/sssd/ticket/1809
2013-04-10Allow using flatname for subdomain home dir templateJakub Hrozek1-1/+9
https://fedorahosted.org/sssd/ticket/1609
2013-04-10Put the override_homedir into an included xml fileJakub Hrozek1-54/+1
The description was duplicated on two places, leading to errors where one was amended but the other was not.
2013-02-10NSS: Add original homedir to home directory template optionsStephen Gallagher1-0/+7
https://fedorahosted.org/sssd/ticket/1805
2013-01-28MAN: Clarify that saving users after enumerating large domain might be CPU ↵Jakub Hrozek1-1/+9
intensive https://fedorahosted.org/sssd/ticket/1732
2012-12-05MAN: Move ssh_known_hosts_timeout documentation to the correct sectionJan Cholasta1-12/+12
2012-11-16MAN: quotation fixOndrej Kos1-1/+1
I noticed that the proxy in auth_provider section of sssd.conf manpage isn't quoted when all others are.
2012-11-15Add ignore_group_members option.Paul B. Henson1-0/+17
https://fedorahosted.org/sssd/ticket/1376
2012-11-14Run IPA subdomain provider if IPA ID provider is configuredSumit Bose1-5/+9
To make configuration easier the IPA subdomain provider should be always loaded if the IPA ID provider is configured and the subdomain provider is not explicitly disabled. But to avoid the overhead of regular subdomain requests in setups where no subdomains are used the IPA subdomain provider should behave differently if configured explicit or implicit. If the IPA subdomain provider is configured explicitly, i.e. 'subdomains_provider = ipa' can be found in the domain section of sssd.conf subdomain request are always send to the server if needed. If it is configured implicitly and a request to the server fails with an indication that the server currently does not support subdomains at all, e.g. is not configured to handle trust relationships, a new request will be only send to the server after a long timeout or after a going-online event. To be able to make this distinction this patch save the configuration status to the subdomain context. Fixes https://fedorahosted.org/sssd/ticket/1613
2012-11-08MAN: Specify the correct location for the force_timeout optionStephen Gallagher1-16/+32
2012-10-18Allow setting the default_shell option per-domain as wellJakub Hrozek1-1/+2
https://fedorahosted.org/sssd/ticket/1583
2012-10-12MAN: improve wording of default_domain parameterJakub Hrozek1-5/+5
2012-10-09Fix typosYuri Chornoivan1-1/+1
2012-10-05man: Note that automounter must be restarted to re-read the master mapJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/1563
2012-10-05SSH: Expire hosts in known_hostsJan Cholasta1-0/+12
2012-10-02Add man page section about provider specific re_expressionSumit Bose1-8/+33
Fixes: https://fedorahosted.org/sssd/ticket/1525
2012-10-01Add new option default_domain_suffixSumit Bose1-0/+24
2012-09-24autofs, sudo, ssh and PAC are not experimental anymoreJakub Hrozek1-21/+0
2012-08-10Document entry_cache_autofs_timeoutJakub Hrozek1-0/+14
2012-08-03Fix various typos in documentation.Yuri Chornoivan1-1/+1
2012-07-27Renamed session provider to selinux providerJan Zeleny1-7/+8
2012-07-20NSS: Add override_shell optionStephen Gallagher1-0/+14
If override_shell is specified in the [nss] section, all users managed by SSSD will have their shell set to this value. If it is specified in the [domain/DOMAINNAME] section, it will apply to only that domain (and override the [nss] value, if any). https://fedorahosted.org/sssd/ticket/1087
2012-07-20MAN: Improvements to the AD provider manpageStephen Gallagher1-0/+16
Add information about ID mapping (including how to disable it) as well as information on how to handle homedir and shell. https://fedorahosted.org/sssd/ticket/1433
2012-07-20MAN: List all available backends for provider optionsStephen Gallagher1-14/+84
https://fedorahosted.org/sssd/ticket/1432
2012-07-10Fix typo: exhasution->exhaustion.Yuri Chornoivan1-1/+1
2012-07-10pac responder: limit access by checking UIDsSumit Bose1-4/+27
A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
2012-07-06MAN: Unify "SEE ALSO" sectionsStephen Gallagher1-32/+2
2012-06-29sudo: manpage updatedPavel Březina1-26/+14
Removes old options and adds new ones.
2012-06-25Set default for subdomain_homedirSumit Bose1-0/+3
2012-06-25Add man page section for the PAC responderSumit Bose1-0/+36
2012-06-18Make the client idle timeout configurableStephen Gallagher1-0/+15
2012-06-12Clarify how comments work in sssd.confAriel Barria1-1/+2
2012-06-12Make re_expression and full_name_format per domain optionsStef Walter1-18/+49
* Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
2012-06-10Allow fast memcache timeout to be configurableJan Zeleny1-0/+12
https://fedorahosted.org/sssd/ticket/1318
2012-05-14Fix typos in message and man pages.Yuri Chornoivan1-2/+2
2012-05-11Bad check for id_provider=local and access_provider=permitAriel Barria1-1/+1
documentation-access_provider Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2012-05-09NSS: Add default_shell optionStephen Gallagher1-0/+15
This option will allow administrators to set a default shell to be used if a user does not have one set in the identity provider. https://fedorahosted.org/sssd/ticket/1289
2012-05-09NSS: Add fallback_homedir optionStephen Gallagher1-0/+18
This option is similar to override_homedir, except that it will take effect only for users that do not have an explicit home directory specified in LDAP. https://fedorahosted.org/sssd/ticket/1250
2012-05-09Clearer documentation for use_fully_qualified_namesStef Walter1-0/+5
* Previously only the side effect was described.
2012-05-04Modify behavior of pam_pwd_expiration_warningJan Zeleny1-1/+34
New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider.
2012-04-24SSH: Add support for hashed known_hostsJan Cholasta1-0/+25
https://fedorahosted.org/sssd/ticket/1203
2012-04-24New config option for subdomainsJan Zeleny1-0/+15
subdomain_homedir - if set, it contains default value, can be overriden in further processing
2012-04-24data provider: added subdomainsSumit Bose1-0/+24
2012-04-24Responder part of the subdomain retrieval workJan Zeleny1-0/+24
2012-04-20Fix typo: retreiving->retrievingYuri Chornoivan1-1/+1
2012-04-20Two manual pages fixesMarco Pizzoli1-0/+2
2012-04-20Make the monitor SIGKILL time configurableJakub Hrozek1-0/+16
https://fedorahosted.org/sssd/ticket/1119
2012-04-20proxy: new option proxy_fast_aliasJakub Hrozek1-0/+17
2012-04-18MAN: document the hostid and autofs providersJakub Hrozek1-0/+60