From dc71edea5cda411cdce039777a2ba3b00e19ca27 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 15 Oct 2009 12:03:31 +0200
Subject: more implicit provider target settings

If auth_provider or access_provider is ont set explicitly id_provider is
used if it can handle auth or access control requests respectively. If
not auth defaults to 'none' and the access_provider is set to 'permit'.

The option 'deny' is added for the access_provider to explicitly deny
access.
---
 server/man/sssd.conf.5.xml | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

(limited to 'server/man/sssd.conf.5.xml')

diff --git a/server/man/sssd.conf.5.xml b/server/man/sssd.conf.5.xml
index 7af22925..4b8a92f8 100644
--- a/server/man/sssd.conf.5.xml
+++ b/server/man/sssd.conf.5.xml
@@ -469,6 +469,33 @@
                         <para>
                             <quote>proxy</quote> for relaying authentication to some other PAM target.
                         </para>
+                        <para>
+                            <quote>none</quote> disables authentication explicitly.
+                        </para>
+                        <para>
+                            Default: <quote>id_provider</quote> is used if it
+                            is set and can handle authentication requests.
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>access_provider (string)</term>
+                    <listitem>
+                        <para>
+                            The access control provider used for the domain.
+                            Supported access providers are:
+                        </para>
+                        <para>
+                            <quote>permit</quote> always allow access.
+                        </para>
+                        <para>
+                            <quote>deny</quote> always deny access.
+                        </para>
+                        <para>
+                            Default: <quote>id_provider</quote> is used if it
+                            is set and can handle access control requests or
+                            <quote>permit</quote> otherwise.
+                        </para>
                     </listitem>
                 </varlistentry>
                 <varlistentry>
@@ -504,7 +531,7 @@
                         </para>
                         <para>
                             Default: <quote>auth_provider</quote> is used if it
-                            is set and can handle change password request.
+                            is set and can handle change password requests.
                         </para>
                     </listitem>
                 </varlistentry>
-- 
cgit