diff options
Diffstat (limited to 'src/examples')
-rw-r--r-- | src/examples/logrotate | 13 | ||||
-rw-r--r-- | src/examples/rwtab.in | 1 | ||||
-rw-r--r-- | src/examples/sssd-example.conf | 54 | ||||
-rw-r--r-- | src/examples/sssd-shadowutils | 6 | ||||
-rw-r--r-- | src/examples/sssd.conf | 16 | ||||
-rw-r--r-- | src/examples/sssdproxytest | 5 | ||||
-rw-r--r-- | src/examples/sudo | 6 |
7 files changed, 101 insertions, 0 deletions
diff --git a/src/examples/logrotate b/src/examples/logrotate new file mode 100644 index 0000000..6e76945 --- /dev/null +++ b/src/examples/logrotate @@ -0,0 +1,13 @@ +/var/log/sssd/*.log { + weekly + missingok + notifempty + sharedscripts + rotate 2 + compress + delaycompress + postrotate + /bin/kill -HUP `cat /var/run/sssd.pid 2>/dev/null` 2> /dev/null || true + /bin/pkill -HUP sssd_kcm 2> /dev/null || true + endscript +} diff --git a/src/examples/rwtab.in b/src/examples/rwtab.in new file mode 100644 index 0000000..200bbb5 --- /dev/null +++ b/src/examples/rwtab.in @@ -0,0 +1 @@ +dirs @sharedstatedir@/sss diff --git a/src/examples/sssd-example.conf b/src/examples/sssd-example.conf new file mode 100644 index 0000000..34b2b22 --- /dev/null +++ b/src/examples/sssd-example.conf @@ -0,0 +1,54 @@ +[sssd] +config_file_version = 2 +services = nss, pam +# SSSD will not start if you do not configure any domains. +# Add new domain configurations as [domain/<NAME>] sections, and +# then add the list of domains (in the order you want them to be +# queried) to the "domains" attribute below and uncomment it. +; domains = LDAP + +[nss] + +[pam] + +# Example LDAP domain +; [domain/LDAP] +; id_provider = ldap +; auth_provider = ldap +# ldap_schema can be set to "rfc2307", which stores group member names in the +# "memberuid" attribute, or to "rfc2307bis", which stores group member DNs in +# the "member" attribute. If you do not know this value, ask your LDAP +# administrator. +; ldap_schema = rfc2307 +; ldap_uri = ldap://ldap.mydomain.org +; ldap_search_base = dc=mydomain,dc=org +# Note that enabling enumeration will have a moderate performance impact. +# Consequently, the default value for enumeration is FALSE. +# Refer to the sssd.conf man page for full details. +; enumerate = false +# Allow offline logins by locally storing password hashes (default: false). +; cache_credentials = true + +# An example Active Directory domain. Please note that this configuration +# works for AD 2003R2 and AD 2008, because they use pretty much RFC2307bis +# compliant attribute names. To support UNIX clients with AD 2003 or older, +# you must install Microsoft Services For UNIX and map LDAP attributes onto +# msSFU30* attribute names. +; [domain/AD] +; id_provider = ldap +; auth_provider = krb5 +; chpass_provider = krb5 +; +; ldap_uri = ldap://your.ad.example.com +; ldap_search_base = dc=example,dc=com +; ldap_schema = rfc2307bis +; ldap_sasl_mech = GSSAPI +; ldap_user_object_class = user +; ldap_group_object_class = group +; ldap_user_home_directory = unixHomeDirectory +; ldap_user_principal = userPrincipalName +; ldap_account_expire_policy = ad +; ldap_force_upper_case_realm = true +; +; krb5_server = your.ad.example.com +; krb5_realm = EXAMPLE.COM diff --git a/src/examples/sssd-shadowutils b/src/examples/sssd-shadowutils new file mode 100644 index 0000000..626c7d0 --- /dev/null +++ b/src/examples/sssd-shadowutils @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass +auth required pam_deny.so + +account required pam_unix.so +account required pam_permit.so diff --git a/src/examples/sssd.conf b/src/examples/sssd.conf new file mode 100644 index 0000000..2c9c6fc --- /dev/null +++ b/src/examples/sssd.conf @@ -0,0 +1,16 @@ +[sssd] +services = nss, pam +domains = shadowutils + +[nss] + +[pam] + +[domain/shadowutils] +id_provider = proxy +proxy_lib_name = files + +auth_provider = proxy +proxy_pam_target = sssd-shadowutils + +proxy_fast_alias = True diff --git a/src/examples/sssdproxytest b/src/examples/sssdproxytest new file mode 100644 index 0000000..1421796 --- /dev/null +++ b/src/examples/sssdproxytest @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth irequired pam_ldap.so + +account required pam_ldap.so + diff --git a/src/examples/sudo b/src/examples/sudo new file mode 100644 index 0000000..4af91ba --- /dev/null +++ b/src/examples/sudo @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_sss.so +account required pam_sss.so +password required pam_sss.so +session optional pam_keyinit.so revoke +session required pam_limits.so |