summaryrefslogtreecommitdiff
path: root/src/man
AgeCommit message (Collapse)AuthorFilesLines
2013-05-14man: Note that IPA updates are secured with GSS-TSIGJakub Hrozek1-1/+2
2013-05-14man: Clarify the AD site discovery documentationJakub Hrozek1-1/+3
https://fedorahosted.org/sssd/ticket/1909
2013-05-13man: Clarify that AD dyndns updates are secured using GSS-TSIGJakub Hrozek1-1/+4
https://fedorahosted.org/sssd/ticket/1910
2013-05-13Enable the AD dynamic DNS updates by defaultJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/1915
2013-05-13Fix a typo in sssd-ad man pageJakub Hrozek1-1/+1
s/IPA/AD/
2013-05-07AD: read flat name and SID of the AD domainSumit Bose2-0/+8
For various features either the flat/short/NetBIOS domain name or the domain SID is needed. Since the responders already try to do a subdomain lookup when and known domain name is encountered I added a subdomain lookup to the AD provider which currently only reads the SID from the base DN and the NetBIOS name from a reply of a LDAP ping. The results are written to the cache to have them available even if SSSD is started in offline mode. Looking up trusted domains can be added later. Since all the needed responder code is already available from the corresponding work for the IPA provider this patch fixes https://fedorahosted.org/sssd/ticket/1468
2013-05-06Fix minor typosYuri Chornoivan1-1/+1
2013-05-03Updating the translations for the 1.10 beta1 releaseJakub Hrozek15-11401/+12875
2013-05-03Active Directory dynamic DNS updatesJakub Hrozek1-0/+90
https://fedorahosted.org/sssd/ticket/1504 Implements dynamic DNS updates for the AD provider. By default, the updates also update the reverse zone and run periodically every 24 hours.
2013-05-03dyndns: new option dyndns_force_tcpJakub Hrozek1-0/+13
https://fedorahosted.org/sssd/ticket/1831 Adds a new option that can be used to force nsupdate to only use TCP to communicate with the DNS server.
2013-05-03dyndns: New option dyndns_update_ptrJakub Hrozek1-0/+20
https://fedorahosted.org/sssd/ticket/1832 While some servers, such as FreeIPA allow the PTR record to be synchronized when the forward record is updated, other servers, including Active Directory, require that the PTR record is synchronized manually. This patch adds a new option, dyndns_update_ptr that automatically generates appropriate DNS update message for updating the reverse zone. This option is off by default in the IPA provider. Also renames be_nsupdate_create_msg to be_nsupdate_create_fwd_msg
2013-05-03dyndns: new option dyndns_refresh_intervalJakub Hrozek1-0/+16
This new options adds the possibility of updating the DNS entries periodically regardless if they have changed or not. This feature will be useful mainly in AD environments where the Windows clients periodically update their DNS records.
2013-05-03Convert IPA-specific options to be back-end agnosticJakub Hrozek1-5/+23
This patch introduces new options for dynamic DNS updates that are not specific to any back end. The current ipa dyndns options are still usable, just with a deprecation warning.
2013-05-03SUDO: IPA providerLukas Slebodnik1-27/+3
This patch added auto configuration SUDO with ipa provider and compat tree. https://fedorahosted.org/sssd/ticket/1733
2013-05-02DNS sites support - add AD SRV pluginPavel Březina1-0/+21
https://fedorahosted.org/sssd/ticket/1032
2013-04-29Add override_homedir.xml to po4a.cfgSumit Bose1-0/+1
Every man page source which should be translated must be listed in po4a.cfg. Please remember to add a line whenever a new man page or a new include file is created
2013-04-26Document that the AD provider is case-insensitiveJakub Hrozek1-0/+3
https://fedorahosted.org/sssd/ticket/1867
2013-04-26Document the naming convention for SSSD domainsJakub Hrozek1-0/+2
https://fedorahosted.org/sssd/ticket/1809
2013-04-23Add exit status section to sss_ssh_* man pagesJan Cholasta2-0/+16
2013-04-22Allow usage of enterprise principalsSumit Bose2-0/+34
Enterprise principals are currently most useful for the AD provider and hence enabled here by default while for the other Kerberos based authentication providers they are disabled by default. If additional UPN suffixes are configured for the AD domain the user principal stored in the AD LDAP server might not contain the real Kerberos realm of the AD domain but one of the additional suffixes which might be completely randomly chooses, e.g. are not related to any existing DNS domain. This make it hard for a client to figure out the right KDC to send requests to. To get around this enterprise principals (see http://tools.ietf.org/html/rfc6806 for details) were introduced. Basically a default realm is added to the principal so that the Kerberos client libraries at least know where to send the request to. It is not in the responsibility of the KDC to either handle the request itself, return a client referral if he thinks a different KDC can handle the request or return and error. This feature is also use to allow authentication in AD environments with cross forest trusts. Fixes https://fedorahosted.org/sssd/ticket/1842
2013-04-10DNS sites support - add IPA SRV pluginPavel Březina1-0/+26
https://fedorahosted.org/sssd/ticket/1032
2013-04-10Allow using flatname for subdomain home dir templateJakub Hrozek1-1/+9
https://fedorahosted.org/sssd/ticket/1609
2013-04-10Put the override_homedir into an included xml fileJakub Hrozek3-141/+56
The description was duplicated on two places, leading to errors where one was amended but the other was not.
2013-04-03Allow setting krb5_renew_interval with a delimiterAriel Barria1-2/+24
https://fedorahosted.org/sssd/ticket/902 changed the data type the krb5_renew_interval to string. function krb5_string_to_deltat is used to convert and allow delimiters
2013-04-03Fix typos in man pagesYuri Chornoivan2-2/+2
2013-04-02Updating the translations for the 1.10 alpha releaseJakub Hrozek16-8900/+31591
2013-03-21Document what does access_provider=ad doJakub Hrozek1-0/+14
https://fedorahosted.org/sssd/ticket/1841
2013-03-20ldap: Fallback option for rfc2307 schemaSimo Sorce1-0/+31
Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
2013-03-19Make the SELinux refresh time configurable.Michal Zidek1-0/+17
Option ipa_selinux_refresh is added to basic ipa options.
2013-03-18Decrease krb5_auth_timeout defaultOndrej Kos1-1/+1
https://fedorahosted.org/sssd/ticket/1738
2013-02-26Remove enumerate=true from man sssd-ldapJakub Hrozek1-1/+0
https://fedorahosted.org/sssd/ticket/1737
2013-02-10NSS: Add original homedir to home directory template optionsStephen Gallagher1-0/+7
https://fedorahosted.org/sssd/ticket/1805
2013-02-01Correct sss_ssh_knowhostsproxy typo in man pagesJohn Hodrien1-1/+1
2013-01-28MAN: Clarify that saving users after enumerating large domain might be CPU ↵Jakub Hrozek1-1/+9
intensive https://fedorahosted.org/sssd/ticket/1732
2012-12-18try primary server after retry_timeout + 1 seconds when switching to backupPavel Březina1-1/+1
https://fedorahosted.org/sssd/ticket/1679 The problem is when we are about to reset the server status, we don't get through the timeout (30 seconds) because the "switch to primary server" task is scheduled 30 seconds after fall back to a backup server. Thus the server status remains "not working" and is resetted after another 30 seconds. We need to make sure that the server status is tried after the timeout period. retry_timeout is currently hardcoded to 30, thus the change in man page.
2012-12-13MAN: Fix the title of sssd-sudoJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/1710
2012-12-11sudo manpage: clarify that sudoHost may contain wildcards and not regular ↵Pavel Březina2-2/+2
expression https://fedorahosted.org/sssd/ticket/1690
2012-12-05MAN: Move ssh_known_hosts_timeout documentation to the correct sectionJan Cholasta1-12/+12
2012-11-19LDAP: Make it possible to use full principal in ldap_sasl_authid againJakub Hrozek1-0/+5
2012-11-19MAN: document the ldap_sasl_realm optionJakub Hrozek1-0/+13
The option was completely undocumented.
2012-11-16MAN: quotation fixOndrej Kos1-1/+1
I noticed that the proxy in auth_provider section of sssd.conf manpage isn't quoted when all others are.
2012-11-15Add ignore_group_members option.Paul B. Henson1-0/+17
https://fedorahosted.org/sssd/ticket/1376
2012-11-14Run IPA subdomain provider if IPA ID provider is configuredSumit Bose2-5/+32
To make configuration easier the IPA subdomain provider should be always loaded if the IPA ID provider is configured and the subdomain provider is not explicitly disabled. But to avoid the overhead of regular subdomain requests in setups where no subdomains are used the IPA subdomain provider should behave differently if configured explicit or implicit. If the IPA subdomain provider is configured explicitly, i.e. 'subdomains_provider = ipa' can be found in the domain section of sssd.conf subdomain request are always send to the server if needed. If it is configured implicitly and a request to the server fails with an indication that the server currently does not support subdomains at all, e.g. is not configured to handle trust relationships, a new request will be only send to the server after a long timeout or after a going-online event. To be able to make this distinction this patch save the configuration status to the subdomain context. Fixes https://fedorahosted.org/sssd/ticket/1613
2012-11-14Always start PAC responder if IPA ID provider is configuredSumit Bose1-0/+6
Since the PAC responder is used during the authentication of users from trusted realms it is started automatically if the IPA ID provider is configured for a domain to simplify the configuration. Fixes https://fedorahosted.org/sssd/ticket/1613
2012-11-08MAN: Fix validation error caused by bad 'ca' translationStephen Gallagher1-2/+2
2012-11-08MAN: sssd-simple - suggest awarness of empty rulesOndrej Kos1-0/+5
Admins should be aware of the behavior of simple access provider when empty lists are configured (may be result of scripted filing)
2012-11-08MAN: Specify the correct location for the force_timeout optionStephen Gallagher1-16/+32
2012-10-18Allow setting the default_shell option per-domain as wellJakub Hrozek2-2/+4
https://fedorahosted.org/sssd/ticket/1583
2012-10-16Make TTL configurable for dynamic dns updatesJames Hogarth1-0/+14
2012-10-12Updating the translations for the 1.9.2 releaseJakub Hrozek13-2026/+2893