From 5d14aabf1d1d96dd8f6ec594ee65863ddbfc087a Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 20 May 2024 17:22:35 +0200
Subject: Merging upstream version 2.9.5.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 src/man/sv/sssd.conf.5.xml | 57 ++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 52 insertions(+), 5 deletions(-)

(limited to 'src/man/sv/sssd.conf.5.xml')

diff --git a/src/man/sv/sssd.conf.5.xml b/src/man/sv/sssd.conf.5.xml
index b8aded6..b619f32 100644
--- a/src/man/sv/sssd.conf.5.xml
+++ b/src/man/sv/sssd.conf.5.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
-"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"
 [
 <!ENTITY sssd_user_name SYSTEM "sssd_user_name.include">
 ]>
@@ -1463,7 +1463,7 @@ pam_account_locked_message = Kontot är låst, kontakta kundtjänsten.
                             Enable passkey device based authentication.
                         </para>
                         <para>
-                            Standard: False
+                            Standard: True
                         </para>
                     </listitem>
                 </varlistentry>
@@ -1565,7 +1565,7 @@ pam_cert_verification = partial_chain
                     </listitem>
                 </varlistentry>
                 <varlistentry>
-                    <term>pam_p11_allowed_services (heltal)</term>
+                    <term>pam_p11_allowed_services (string)</term>
                     <listitem>
                         <para>
                             En kommaseparerad lista av PAM-tjänstenamn för vilka det kommer vara
@@ -3284,6 +3284,23 @@ DNS-fråga om tjänsteupptäckt.
                     </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                    <term>failover_primary_timeout (integer)</term>
+                    <listitem>
+                        <para>
+                            When no primary server is currently available, SSSD fail overs to a backup
+server. This option defines the amount of time (in seconds) to wait before
+SSSD tries to reconnect to a primary server again.
+                        </para>
+                        <para>
+                            Note: The minimum value is 31.
+                        </para>
+                        <para>
+                            Default: 31
+                        </para>
+                    </listitem>
+                </varlistentry>
+
                 <varlistentry>
                     <term>override_gid (heltal)</term>
                     <listitem>
@@ -3485,7 +3502,8 @@ provider) only support a password based authentication, while others can
 handle PKINIT based Smartcard authentication (AD, IPA), two-factor
 authentication (IPA), or other methods against a central instance. By
 default in such cases authentication is only performed with the methods
-supported by the backend.
+supported by the backend. With this option additional methods can be enabled
+which are evaluated and checked locally.
                         </para>
                         <para>
                             There are three possible values for this option: match, only,
@@ -3496,6 +3514,35 @@ local authentication. As an example, <quote>enable:passkey</quote>, only
 enables passkey for local authentication. Multiple enable values should be
 comma-separated, such as <quote>enable:passkey, enable:smartcard</quote>
                         </para>
+
+                        <para>
+                            The following table shows which authentication methods, if configured
+properly, are currently enabled or disabled for each backend, with the
+default local_auth_policy: <quote>match</quote>
+                        </para>
+                        <informaltable frame='all'>
+                        <tgroup cols='3'>
+                        <colspec colname='c1' align='center'/>
+                        <colspec colname='c2' align='center'/>
+                        <colspec colname='c3' align='center'/>
+
+                        <thead>
+                        <row><entry namest='c1' nameend='c3' align='center'>
+                            local_auth_policy = match (default)</entry></row>
+                        <row><entry></entry><entry>Passkey</entry>
+                            <entry>Smartcard</entry></row>
+                        </thead>
+                        <tbody>
+                        <row><entry>IPA</entry><entry>aktiverat</entry>
+                            <entry><para>aktiverat</para>
+                            </entry></row>
+                        <row><entry>AD</entry><entry>disabled</entry>
+                            <entry><para>aktiverat</para></entry>
+                            </row>
+                        <row><entry>LDAP</entry><entry>disabled</entry>
+                            <entry><para>disabled</para></entry>
+                            </row>
+                        </tbody></tgroup></informaltable>
                         <para>
                             Please note that if local Smartcard authentication is enabled and a
 Smartcard is present, Smartcard authentication will be preferred over the
-- 
cgit v1.2.3