summaryrefslogtreecommitdiff
path: root/src/man
AgeCommit message (Collapse)AuthorFilesLines
2010-05-07Revert "Add dynamic DNS updates to FreeIPA"Stephen Gallagher1-28/+0
This reverts commit 973b7c27c0b294b8b2f120296f64c6a3a36e44b7. While this patch applied cleanly, it was uncompilable. Reverting until it can be properly merged.
2010-05-07Add dynamic DNS updates to FreeIPAStephen Gallagher1-0/+28
This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
2010-05-07Use service discovery in backendsJakub Hrozek4-3/+62
Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
2010-05-07Add retry option to pam_sssSumit Bose1-0/+17
2010-04-30Add dns_resolver_timeout optionStephen Gallagher1-0/+15
We had a hard-coded timeout of five seconds for DNS lookups in the async resolver. This patch adds an option 'dns_resolver_timeout' to specify this value (Default: 5)
2010-04-26Display a message if a password reset by root failsSumit Bose1-0/+22
2010-04-08SELinux login managementJakub Hrozek2-0/+23
Adds a new option -Z to sss_useradd and sss_usermod. This option allows user to specify the SELinux login context for the user. On deleting the user with sss_userdel, the login mapping is deleted, so subsequent adding of the same user would result in the default login context unless -Z is specified again. MLS security is not supported as of this patch.
2010-04-06Make sss_userdel check for logged in usersJakub Hrozek1-0/+11
sss_userdel now warns if the deleted user was logged in at the time of deletion. Also adds a new parameter --kick to userdel that kills all user processes before actually deleting ther user. Fixes: #229
2010-04-06Add userdel_cmd paramJakub Hrozek1-0/+14
Fixes: #231
2010-03-12Add krb5_kpasswd optionSumit Bose1-1/+22
2010-03-11Add expandable sequences to krb5_ccachedirSumit Bose1-1/+11
As with krb5_ccname_template sequences like %u can be used in the krb5_ccachedir parameter which are expanded at runtime. If the directory does not exist, it will be created. Depending on the used sequences it is created as a public or private directory.
2010-03-08Add simple access providerSumit Bose2-0/+131
2010-03-08Make filter_users and filter_groups also per-domainJakub Hrozek1-1/+3
Fixes: #290
2010-03-08groupshow: only show all parents in recursive modeJakub Hrozek1-0/+2
2010-02-25Fix check for values of expiration limitsJakub Hrozek1-2/+2
There were inconsistencies between what sssd.conf manpage said and what the code enforces.
2010-02-23Better cleanup task handlingJakub Hrozek1-0/+15
Implements a different mechanism for cleanup task. Instead of just deleting expired entries, this patch adds a new option account_cache_expiration for domains. If an entry is expired and the last login was more days in the past that account_cache_expiration, the entry is deleted. Groups are deleted if they are expired and and no user references them (no user has memberof: attribute pointing at that group). The parameter account_cache_expiration is not LDAP-specific, so that other future backends might use the same timeout setting. Fixes: #391
2010-02-23Revert "Change default for enumeration to TRUE"Stephen Gallagher1-1/+1
This reverts commit 75a9f18ad8ac6e885ac34cdeebc4d8f8734713f8.
2010-02-23Do not check entries during cleanup taskJakub Hrozek1-1/+1
Do not attempt to validate expired entries in cache, just delete them. Also increase the cache timeouts. Fixes: #331
2010-02-22Restrict family lookupsJakub Hrozek1-0/+28
Adds a new option that tells resolver which address family to prefer or use exclusively. Fixes: #404
2010-02-18Build all manpages from a single locationStephen Gallagher1-0/+97
2010-02-18Rename server/ directory to src/Stephen Gallagher16-0/+2965
Also update BUILD.txt