summaryrefslogtreecommitdiffstats
path: root/src/examples
diff options
context:
space:
mode:
Diffstat (limited to 'src/examples')
-rw-r--r--src/examples/logrotate13
-rw-r--r--src/examples/rwtab.in1
-rw-r--r--src/examples/sssd-example.conf54
-rw-r--r--src/examples/sssd-shadowutils6
-rw-r--r--src/examples/sssd.conf16
-rw-r--r--src/examples/sssdproxytest5
-rw-r--r--src/examples/sudo6
7 files changed, 101 insertions, 0 deletions
diff --git a/src/examples/logrotate b/src/examples/logrotate
new file mode 100644
index 0000000..6e76945
--- /dev/null
+++ b/src/examples/logrotate
@@ -0,0 +1,13 @@
+/var/log/sssd/*.log {
+ weekly
+ missingok
+ notifempty
+ sharedscripts
+ rotate 2
+ compress
+ delaycompress
+ postrotate
+ /bin/kill -HUP `cat /var/run/sssd.pid 2>/dev/null` 2> /dev/null || true
+ /bin/pkill -HUP sssd_kcm 2> /dev/null || true
+ endscript
+}
diff --git a/src/examples/rwtab.in b/src/examples/rwtab.in
new file mode 100644
index 0000000..200bbb5
--- /dev/null
+++ b/src/examples/rwtab.in
@@ -0,0 +1 @@
+dirs @sharedstatedir@/sss
diff --git a/src/examples/sssd-example.conf b/src/examples/sssd-example.conf
new file mode 100644
index 0000000..34b2b22
--- /dev/null
+++ b/src/examples/sssd-example.conf
@@ -0,0 +1,54 @@
+[sssd]
+config_file_version = 2
+services = nss, pam
+# SSSD will not start if you do not configure any domains.
+# Add new domain configurations as [domain/<NAME>] sections, and
+# then add the list of domains (in the order you want them to be
+# queried) to the "domains" attribute below and uncomment it.
+; domains = LDAP
+
+[nss]
+
+[pam]
+
+# Example LDAP domain
+; [domain/LDAP]
+; id_provider = ldap
+; auth_provider = ldap
+# ldap_schema can be set to "rfc2307", which stores group member names in the
+# "memberuid" attribute, or to "rfc2307bis", which stores group member DNs in
+# the "member" attribute. If you do not know this value, ask your LDAP
+# administrator.
+; ldap_schema = rfc2307
+; ldap_uri = ldap://ldap.mydomain.org
+; ldap_search_base = dc=mydomain,dc=org
+# Note that enabling enumeration will have a moderate performance impact.
+# Consequently, the default value for enumeration is FALSE.
+# Refer to the sssd.conf man page for full details.
+; enumerate = false
+# Allow offline logins by locally storing password hashes (default: false).
+; cache_credentials = true
+
+# An example Active Directory domain. Please note that this configuration
+# works for AD 2003R2 and AD 2008, because they use pretty much RFC2307bis
+# compliant attribute names. To support UNIX clients with AD 2003 or older,
+# you must install Microsoft Services For UNIX and map LDAP attributes onto
+# msSFU30* attribute names.
+; [domain/AD]
+; id_provider = ldap
+; auth_provider = krb5
+; chpass_provider = krb5
+;
+; ldap_uri = ldap://your.ad.example.com
+; ldap_search_base = dc=example,dc=com
+; ldap_schema = rfc2307bis
+; ldap_sasl_mech = GSSAPI
+; ldap_user_object_class = user
+; ldap_group_object_class = group
+; ldap_user_home_directory = unixHomeDirectory
+; ldap_user_principal = userPrincipalName
+; ldap_account_expire_policy = ad
+; ldap_force_upper_case_realm = true
+;
+; krb5_server = your.ad.example.com
+; krb5_realm = EXAMPLE.COM
diff --git a/src/examples/sssd-shadowutils b/src/examples/sssd-shadowutils
new file mode 100644
index 0000000..626c7d0
--- /dev/null
+++ b/src/examples/sssd-shadowutils
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
+auth required pam_deny.so
+
+account required pam_unix.so
+account required pam_permit.so
diff --git a/src/examples/sssd.conf b/src/examples/sssd.conf
new file mode 100644
index 0000000..2c9c6fc
--- /dev/null
+++ b/src/examples/sssd.conf
@@ -0,0 +1,16 @@
+[sssd]
+services = nss, pam
+domains = shadowutils
+
+[nss]
+
+[pam]
+
+[domain/shadowutils]
+id_provider = proxy
+proxy_lib_name = files
+
+auth_provider = proxy
+proxy_pam_target = sssd-shadowutils
+
+proxy_fast_alias = True
diff --git a/src/examples/sssdproxytest b/src/examples/sssdproxytest
new file mode 100644
index 0000000..1421796
--- /dev/null
+++ b/src/examples/sssdproxytest
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth irequired pam_ldap.so
+
+account required pam_ldap.so
+
diff --git a/src/examples/sudo b/src/examples/sudo
new file mode 100644
index 0000000..4af91ba
--- /dev/null
+++ b/src/examples/sudo
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_sss.so
+account required pam_sss.so
+password required pam_sss.so
+session optional pam_keyinit.so revoke
+session required pam_limits.so