summaryrefslogtreecommitdiff
path: root/src/man
AgeCommit message (Collapse)AuthorFilesLines
2013-05-03SUDO: IPA providerLukas Slebodnik1-27/+3
This patch added auto configuration SUDO with ipa provider and compat tree. https://fedorahosted.org/sssd/ticket/1733
2013-05-02DNS sites support - add AD SRV pluginPavel Březina1-0/+21
https://fedorahosted.org/sssd/ticket/1032
2013-04-29Add override_homedir.xml to po4a.cfgSumit Bose1-0/+1
Every man page source which should be translated must be listed in po4a.cfg. Please remember to add a line whenever a new man page or a new include file is created
2013-04-26Document that the AD provider is case-insensitiveJakub Hrozek1-0/+3
https://fedorahosted.org/sssd/ticket/1867
2013-04-26Document the naming convention for SSSD domainsJakub Hrozek1-0/+2
https://fedorahosted.org/sssd/ticket/1809
2013-04-23Add exit status section to sss_ssh_* man pagesJan Cholasta2-0/+16
2013-04-22Allow usage of enterprise principalsSumit Bose2-0/+34
Enterprise principals are currently most useful for the AD provider and hence enabled here by default while for the other Kerberos based authentication providers they are disabled by default. If additional UPN suffixes are configured for the AD domain the user principal stored in the AD LDAP server might not contain the real Kerberos realm of the AD domain but one of the additional suffixes which might be completely randomly chooses, e.g. are not related to any existing DNS domain. This make it hard for a client to figure out the right KDC to send requests to. To get around this enterprise principals (see http://tools.ietf.org/html/rfc6806 for details) were introduced. Basically a default realm is added to the principal so that the Kerberos client libraries at least know where to send the request to. It is not in the responsibility of the KDC to either handle the request itself, return a client referral if he thinks a different KDC can handle the request or return and error. This feature is also use to allow authentication in AD environments with cross forest trusts. Fixes https://fedorahosted.org/sssd/ticket/1842
2013-04-10DNS sites support - add IPA SRV pluginPavel Březina1-0/+26
https://fedorahosted.org/sssd/ticket/1032
2013-04-10Allow using flatname for subdomain home dir templateJakub Hrozek1-1/+9
https://fedorahosted.org/sssd/ticket/1609
2013-04-10Put the override_homedir into an included xml fileJakub Hrozek3-141/+56
The description was duplicated on two places, leading to errors where one was amended but the other was not.
2013-04-03Allow setting krb5_renew_interval with a delimiterAriel Barria1-2/+24
https://fedorahosted.org/sssd/ticket/902 changed the data type the krb5_renew_interval to string. function krb5_string_to_deltat is used to convert and allow delimiters
2013-04-03Fix typos in man pagesYuri Chornoivan2-2/+2
2013-04-02Updating the translations for the 1.10 alpha releaseJakub Hrozek16-8900/+31591
2013-03-21Document what does access_provider=ad doJakub Hrozek1-0/+14
https://fedorahosted.org/sssd/ticket/1841
2013-03-20ldap: Fallback option for rfc2307 schemaSimo Sorce1-0/+31
Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
2013-03-19Make the SELinux refresh time configurable.Michal Zidek1-0/+17
Option ipa_selinux_refresh is added to basic ipa options.
2013-03-18Decrease krb5_auth_timeout defaultOndrej Kos1-1/+1
https://fedorahosted.org/sssd/ticket/1738
2013-02-26Remove enumerate=true from man sssd-ldapJakub Hrozek1-1/+0
https://fedorahosted.org/sssd/ticket/1737
2013-02-10NSS: Add original homedir to home directory template optionsStephen Gallagher1-0/+7
https://fedorahosted.org/sssd/ticket/1805
2013-02-01Correct sss_ssh_knowhostsproxy typo in man pagesJohn Hodrien1-1/+1
2013-01-28MAN: Clarify that saving users after enumerating large domain might be CPU ↵Jakub Hrozek1-1/+9
intensive https://fedorahosted.org/sssd/ticket/1732
2012-12-18try primary server after retry_timeout + 1 seconds when switching to backupPavel Březina1-1/+1
https://fedorahosted.org/sssd/ticket/1679 The problem is when we are about to reset the server status, we don't get through the timeout (30 seconds) because the "switch to primary server" task is scheduled 30 seconds after fall back to a backup server. Thus the server status remains "not working" and is resetted after another 30 seconds. We need to make sure that the server status is tried after the timeout period. retry_timeout is currently hardcoded to 30, thus the change in man page.
2012-12-13MAN: Fix the title of sssd-sudoJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/1710
2012-12-11sudo manpage: clarify that sudoHost may contain wildcards and not regular ↵Pavel Březina2-2/+2
expression https://fedorahosted.org/sssd/ticket/1690
2012-12-05MAN: Move ssh_known_hosts_timeout documentation to the correct sectionJan Cholasta1-12/+12
2012-11-19LDAP: Make it possible to use full principal in ldap_sasl_authid againJakub Hrozek1-0/+5
2012-11-19MAN: document the ldap_sasl_realm optionJakub Hrozek1-0/+13
The option was completely undocumented.
2012-11-16MAN: quotation fixOndrej Kos1-1/+1
I noticed that the proxy in auth_provider section of sssd.conf manpage isn't quoted when all others are.
2012-11-15Add ignore_group_members option.Paul B. Henson1-0/+17
https://fedorahosted.org/sssd/ticket/1376
2012-11-14Run IPA subdomain provider if IPA ID provider is configuredSumit Bose2-5/+32
To make configuration easier the IPA subdomain provider should be always loaded if the IPA ID provider is configured and the subdomain provider is not explicitly disabled. But to avoid the overhead of regular subdomain requests in setups where no subdomains are used the IPA subdomain provider should behave differently if configured explicit or implicit. If the IPA subdomain provider is configured explicitly, i.e. 'subdomains_provider = ipa' can be found in the domain section of sssd.conf subdomain request are always send to the server if needed. If it is configured implicitly and a request to the server fails with an indication that the server currently does not support subdomains at all, e.g. is not configured to handle trust relationships, a new request will be only send to the server after a long timeout or after a going-online event. To be able to make this distinction this patch save the configuration status to the subdomain context. Fixes https://fedorahosted.org/sssd/ticket/1613
2012-11-14Always start PAC responder if IPA ID provider is configuredSumit Bose1-0/+6
Since the PAC responder is used during the authentication of users from trusted realms it is started automatically if the IPA ID provider is configured for a domain to simplify the configuration. Fixes https://fedorahosted.org/sssd/ticket/1613
2012-11-08MAN: Fix validation error caused by bad 'ca' translationStephen Gallagher1-2/+2
2012-11-08MAN: sssd-simple - suggest awarness of empty rulesOndrej Kos1-0/+5
Admins should be aware of the behavior of simple access provider when empty lists are configured (may be result of scripted filing)
2012-11-08MAN: Specify the correct location for the force_timeout optionStephen Gallagher1-16/+32
2012-10-18Allow setting the default_shell option per-domain as wellJakub Hrozek2-2/+4
https://fedorahosted.org/sssd/ticket/1583
2012-10-16Make TTL configurable for dynamic dns updatesJames Hogarth1-0/+14
2012-10-12Updating the translations for the 1.9.2 releaseJakub Hrozek13-2026/+2893
2012-10-12MAN: improve wording of default_domain parameterJakub Hrozek1-5/+5
2012-10-11Fix language errors in the sssd-krb5.conf man pageE Deon Lackey1-70/+71
2012-10-10Add more info about ticket validationOndrej Kos1-1/+7
https://fedorahosted.org/sssd/ticket/1499 Adds log message about not finding appropriate entry in keytab and using the last keytab entry when validation is enabled. Adds more information about validation into manpage.
2012-10-09Fix typosYuri Chornoivan1-1/+1
2012-10-05Updating the translations for 1.9.1 releaseJakub Hrozek13-10238/+12658
2012-10-05man: Note that automounter must be restarted to re-read the master mapJakub Hrozek5-0/+10
https://fedorahosted.org/sssd/ticket/1563
2012-10-05manpage: ldap_access_filter is not always mandatoryPavel Březina1-5/+7
https://fedorahosted.org/sssd/ticket/1540
2012-10-05SSH: Expire hosts in known_hostsJan Cholasta1-0/+12
2012-10-04Fix default upper limit of slicesOndrej Kos1-1/+1
https://fedorahosted.org/sssd/ticket/1537 changes upper limit of slices to 2000200000 in providers code and manpage.
2012-10-03Note that Range Retrieval is not supported when filter is used in the search ↵Jakub Hrozek2-2/+14
base. https://fedorahosted.org/sssd/ticket/1471
2012-10-03sss_seed: Passwords longer then PASS_MAX not allowed.Michal Zidek1-0/+12
sss_seed fails if password file specified with -p or --password-file option contains password longer than PASS_MAX. Man pages inform about PASS_MAX limitation.
2012-10-02Include param_help_py.xml in the list of po4a sourcesJakub Hrozek1-0/+1
2012-10-02Flip the default value of ldap_initgroups_use_matching_rule_in_chainJakub Hrozek1-2/+2
https://fedorahosted.org/sssd/ticket/1535