diff options
Diffstat (limited to '')
-rw-r--r-- | src/man/sssd.conf.5.xml | 61 |
1 files changed, 56 insertions, 5 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index e7a8cbd..fbb82e3 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" -"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" +<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ <!ENTITY sssd_user_name SYSTEM "sssd_user_name.include"> ]> @@ -1684,7 +1684,7 @@ pam_account_locked_message = Account locked, please contact help desk. Enable passkey device based authentication. </para> <para> - Default: False + Default: True </para> </listitem> </varlistentry> @@ -1793,7 +1793,7 @@ pam_cert_verification = partial_chain </listitem> </varlistentry> <varlistentry> - <term>pam_p11_allowed_services (integer)</term> + <term>pam_p11_allowed_services (string)</term> <listitem> <para> A comma-separated list of PAM service names for @@ -3774,6 +3774,25 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit </varlistentry> <varlistentry> + <term>failover_primary_timeout (integer)</term> + <listitem> + <para> + When no primary server is currently available, + SSSD fail overs to a backup server. This option + defines the amount of time (in seconds) to + wait before SSSD tries to reconnect to a primary + server again. + </para> + <para> + Note: The minimum value is 31. + </para> + <para> + Default: 31 + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>override_gid (integer)</term> <listitem> <para> @@ -3996,7 +4015,9 @@ subdomain_inherit = ldap_purge_cache_timeout two-factor authentication (IPA), or other methods against a central instance. By default in such cases authentication is only performed with the methods - supported by the backend. + supported by the backend. With this option additional + methods can be enabled which are evaluated and checked + locally. </para> <para> There are three possible values for this option: @@ -4010,6 +4031,36 @@ subdomain_inherit = ldap_purge_cache_timeout should be comma-separated, such as <quote>enable:passkey, enable:smartcard</quote> </para> + + <para> + The following table shows which authentication + methods, if configured properly, are currently enabled + or disabled for each backend, with the default + local_auth_policy: <quote>match</quote> + </para> + <informaltable frame='all'> + <tgroup cols='3'> + <colspec colname='c1' align='center'/> + <colspec colname='c2' align='center'/> + <colspec colname='c3' align='center'/> + + <thead> + <row><entry namest='c1' nameend='c3' align='center'> + local_auth_policy = match (default)</entry></row> + <row><entry></entry><entry>Passkey</entry> + <entry>Smartcard</entry></row> + </thead> + <tbody> + <row><entry>IPA</entry><entry>enabled</entry> + <entry><para>enabled</para> + </entry></row> + <row><entry>AD</entry><entry>disabled</entry> + <entry><para>enabled</para></entry> + </row> + <row><entry>LDAP</entry><entry>disabled</entry> + <entry><para>disabled</para></entry> + </row> + </tbody></tgroup></informaltable> <para> Please note that if local Smartcard authentication is enabled and a Smartcard is present, Smartcard |