summaryrefslogtreecommitdiff
path: root/src/man/sssd.conf.5.xml
AgeCommit message (Collapse)AuthorFilesLines
2012-06-25Set default for subdomain_homedirSumit Bose1-0/+3
2012-06-25Add man page section for the PAC responderSumit Bose1-0/+36
2012-06-18Make the client idle timeout configurableStephen Gallagher1-0/+15
2012-06-12Clarify how comments work in sssd.confAriel Barria1-1/+2
2012-06-12Make re_expression and full_name_format per domain optionsStef Walter1-18/+49
* Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
2012-06-10Allow fast memcache timeout to be configurableJan Zeleny1-0/+12
https://fedorahosted.org/sssd/ticket/1318
2012-05-14Fix typos in message and man pages.Yuri Chornoivan1-2/+2
2012-05-11Bad check for id_provider=local and access_provider=permitAriel Barria1-1/+1
documentation-access_provider Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2012-05-09NSS: Add default_shell optionStephen Gallagher1-0/+15
This option will allow administrators to set a default shell to be used if a user does not have one set in the identity provider. https://fedorahosted.org/sssd/ticket/1289
2012-05-09NSS: Add fallback_homedir optionStephen Gallagher1-0/+18
This option is similar to override_homedir, except that it will take effect only for users that do not have an explicit home directory specified in LDAP. https://fedorahosted.org/sssd/ticket/1250
2012-05-09Clearer documentation for use_fully_qualified_namesStef Walter1-0/+5
* Previously only the side effect was described.
2012-05-04Modify behavior of pam_pwd_expiration_warningJan Zeleny1-1/+34
New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider.
2012-04-24SSH: Add support for hashed known_hostsJan Cholasta1-0/+25
https://fedorahosted.org/sssd/ticket/1203
2012-04-24New config option for subdomainsJan Zeleny1-0/+15
subdomain_homedir - if set, it contains default value, can be overriden in further processing
2012-04-24data provider: added subdomainsSumit Bose1-0/+24
2012-04-24Responder part of the subdomain retrieval workJan Zeleny1-0/+24
2012-04-20Fix typo: retreiving->retrievingYuri Chornoivan1-1/+1
2012-04-20Two manual pages fixesMarco Pizzoli1-0/+2
2012-04-20Make the monitor SIGKILL time configurableJakub Hrozek1-0/+16
https://fedorahosted.org/sssd/ticket/1119
2012-04-20proxy: new option proxy_fast_aliasJakub Hrozek1-0/+17
2012-04-18MAN: document the hostid and autofs providersJakub Hrozek1-0/+60
2012-04-18MAN: timeout can be specified for services, tooJakub Hrozek1-14/+13
2012-04-18Remove the "command" option from documentationJakub Hrozek1-16/+0
It is a low-level developer option not indended to be consumed by users https://fedorahosted.org/sssd/ticket/1174
2012-02-17RESPONDERS: Make the fd_limit setting configurableStephen Gallagher1-0/+17
This code will now attempt first to see if it has privilege to set the value as specified, and if not it will fall back to the previous behavior. So on systems with the CAP_SYS_RESOURCE capability granted to SSSD, it will be able to ignore the limits.conf hard limit. https://fedorahosted.org/sssd/ticket/1197
2012-02-07fix typos in manualYuri Chornoivan1-1/+1
2012-02-06Man pages for the session target and SELinux user maps fetchingJan Zeleny1-0/+25
2012-02-05AUTOFS: responderJakub Hrozek1-0/+28
2012-02-04Fixes for sudo_timedJakub Hrozek1-0/+13
https://fedorahosted.org/sssd/ticket/1116
2012-02-04SUDO Integration - in-memory cache in responderPavel Březina1-0/+38
New sudo responder option: cache_timeout https://fedorahosted.org/sssd/ticket/1111
2012-02-04NSS: Add individual timeouts for entry typesStephen Gallagher1-0/+53
https://fedorahosted.org/sssd/ticket/1016
2012-01-30Include sudo manual pages only conditionallyJakub Hrozek1-3/+8
2012-01-30SUDO Integration - manual pagePavel Březina1-1/+24
https://fedorahosted.org/sssd/ticket/1109
2011-12-16Use the case sensitivity flag in respondersJakub Hrozek1-0/+14
2011-11-10Fix typos in manual pagesYuri Chornoivan1-1/+1
2011-09-21Enable the midpoint cache update by defaultStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/918
2011-09-20MAN: Add more information about internal credential storageStephen Gallagher1-0/+4
2011-09-08DEBUG timestamps offer higher precision - man page updatedPavel Březina1-0/+11
https://fedorahosted.org/sssd/ticket/956
2011-09-02Add option to specify the kerberos replay cache dirStephen Gallagher1-0/+20
Adds a configure option to set the distribution default as well as an sssd.conf option to override it. https://fedorahosted.org/sssd/ticket/980
2011-08-25New DEBUG facility - man pagesPavel Březina1-10/+1
https://fedorahosted.org/sssd/ticket/925 Modified sssd and sssd.conf man pages to reflect new levels. Added new man include: include/debug_levels.xml
2011-07-29Add vetoed_shells optionJohn Hodrien1-0/+8
There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2011-05-20Add new options to override shell valueJakub Hrozek1-0/+44
https://fedorahosted.org/sssd/ticket/742
2011-05-20Add a new option to override home directory valueJakub Hrozek1-0/+37
https://fedorahosted.org/sssd/ticket/551
2011-05-20Add a new option to override primary GID numberJakub Hrozek1-0/+9
https://fedorahosted.org/sssd/ticket/742
2011-01-19Add pam_pwd_expiration_warning config optionSumit Bose1-0/+18
2011-01-14Fix manpage typosYuri Chornoivan1-5/+5
2010-12-22Update the ID cache for any PAM requestStephen Gallagher1-0/+22
Also adds an option to limit how often we check the ID provider, so that conversations with multiple PAM requests won't update the cache multiple times. https://fedorahosted.org/sssd/ticket/749
2010-12-17Start first enumeration immediatelyStephen Gallagher1-0/+5
Previously, we would wait for ten seconds before starting an enumeration. However, this meant that on the first startup (before we had run our first enumeration) there was a ten-second window where clients would immediately get back a response with no entries instead of blocking until the enumeration completed. With this patch, SSSD will now run an enumeration immediately upon startup. Further startups will retain the ten-second delay so as not to slow down system bootups. https://fedorahosted.org/sssd/ticket/616
2010-11-15Introduce pam_verbosity config optionSumit Bose1-0/+31
Currently we display all PAM messages generated by sssd to the user. But only some of them are important and others are just some useful information. This patch introduces a new option to the PAM responder which controls what kind of messages are displayed. As an example the 'Authenticated with cached credentials' message is used. This message is only displayed if pam_verbosity=1 or if there is an expire date.
2010-10-19Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.Jan Zeleny1-1/+1
For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
2010-10-13Man pages should mention supported providersJan Zeleny1-0/+8
Each back end can support id, auth or access provider, but each back end supports different subset of these. Man pages should describe which providers are supported by each back end. Ticket: #615