1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
|
# Format:
# option = type, subtype, mandatory[, default]
[service]
# Options available to all services
timeout = int, None, false
debug = int, None, false
debug_level = int, None, false
debug_timestamps = bool, None, false
debug_microseconds = bool, None, false
debug_backtrace_enabled = bool, None, false
command = str, None, false
reconnection_retries = int, None, false
fd_limit = int, None, false
client_idle_timeout = int, None, false
responder_idle_timeout = int, None, false
cache_first = int, None, false
description = str, None, false
[sssd]
# Monitor service
config_file_version = int, None, false
services = list, str, true, nss, pam
domains = list, str, true
re_expression = str, None, false
full_name_format = str, None, false
krb5_rcache_dir = str, None, false
user = str, None, false
default_domain_suffix = str, None, false
certificate_verification = str, None, false
override_space = str, None, false
disable_netlink = bool, None, false
enable_files_domain = str, None, false
domain_resolution_order = list, str, false
try_inotify = bool, None, false
monitor_resolv_conf = bool, None, false
implicit_pac_responder = bool, None, false
core_dumpable = bool, None, false
passkey_verification = str, None, false
[nss]
# Name service
enum_cache_timeout = int, None, false
entry_cache_nowait_percentage = int, None, false
entry_negative_timeout = int, None, false
local_negative_timeout = int, None, false
filter_users = list, str, false
filter_groups = list, str, false
filter_users_in_groups = bool, None, false
pwfield = str, None, false
override_homedir = str, None, false
fallback_homedir = str, None, false
homedir_substring = str, None, false, /home
override_shell = str, None, false
allowed_shells = list, str, false
vetoed_shells = list, str, false
shell_fallback = str, None, false
default_shell = str, None, false
get_domains_timeout = int, None, false
memcache_timeout = int, None, false
user_attributes = str, None, false
[pam]
# Authentication service
offline_credentials_expiration = int, None, false
offline_failed_login_attempts = int, None, false
offline_failed_login_delay = int, None, false
pam_verbosity = int, None, false
pam_response_filter = str, None, false
pam_id_timeout = int, None, false
pam_pwd_expiration_warning = int, None, false
get_domains_timeout = int, None, false
pam_trusted_users = str, None, false
pam_public_domains = str, None, false
pam_account_expired_message = str, None, false
pam_account_locked_message = str, None, false
pam_cert_auth = bool, None, false
pam_cert_db_path = str, None, false
pam_cert_verification = str, None, false
p11_child_timeout = int, None, false
pam_app_services = str, None, false
pam_p11_allowed_services = str, None, false
p11_wait_for_card_timeout = int, None, false
p11_uri = str, None, false
pam_initgroups_scheme = str, None, false
pam_gssapi_services = str, None, false
pam_gssapi_check_upn = bool, None, false
pam_gssapi_indicators_map = str, None, false
pam_passkey_auth = bool, None, false
passkey_child_timeout = int, None, false
passkey_debug_libfido2 = bool, None, false
[sudo]
# sudo service
sudo_timed = bool, None, false
sudo_inverse_order = bool, None, false
sudo_threshold = int, None, false
[autofs]
# autofs service
autofs_negative_timeout = int, None, false
[ssh]
# ssh service
ssh_hash_known_hosts = bool, None, false
ssh_known_hosts_timeout = int, None, false
ca_db = str, None, false
ssh_use_certificate_keys = bool, None, false
ssh_use_certificate_matching_rules = str, None, false
[pac]
# PAC responder
allowed_uids = str, None, false
pac_lifetime = int, None, false
pac_check = str, None, false
[ifp]
# InfoPipe responder
allowed_uids = str, None, false
user_attributes = str, None, false
[session_recording]
# Session recording service
scope = str, None, false
users = list, str, false
groups = list, str, false
exclude_users = list, str, false
exclude_groups = list, str, false
[provider]
#Available provider types
id_provider = str, None, true
auth_provider = str, None, false
access_provider = str, None, false
chpass_provider = str, None, false
sudo_provider = str, None, false
autofs_provider = str, None, false
hostid_provider = str, None, false
subdomains_provider = str, None, false
selinux_provider = str, None, false
session_provider = str, None, false
resolver_provider = str, None, false
[domain]
# Options available to all domains
enabled = bool, None, false
description = str, None, false
domain_type = str, None, false
debug = int, None, false
debug_level = int, None, false
debug_timestamps = bool, None, false
command = str, None, false
min_id = int, None, false
max_id = int, None, false
timeout = int, None, false
enumerate = bool, None, false
subdomain_enumerate = str, None, false
offline_timeout = int, None, false
offline_timeout_max = int, None, false
offline_timeout_random_offset = int, None, false
cache_credentials = bool, None, false
cache_credentials_minimal_first_factor_length = int, None, false
use_fully_qualified_names = bool, None, false
ignore_group_members = bool, None, false
entry_cache_timeout = int, None, false
lookup_family_order = str, None, false
account_cache_expiration = int, None, false
pwd_expiration_warning = int, None, false
filter_users = list, str, false
filter_groups = list, str, false
dns_resolver_server_timeout = int, None, false
dns_resolver_op_timeout = int, None, false
dns_resolver_timeout = int, None, false
dns_discovery_domain = str, None, false
failover_primary_timeout = int, None, false
override_gid = int, None, false
case_sensitive = str, None, false
override_homedir = str, None, false
fallback_homedir = str, None, false
homedir_substring = str, None, false
override_shell = str, None, false
default_shell = str, None, false
description = str, None, false
realmd_tags = str, None, false
subdomain_refresh_interval = int, None, false
subdomain_refresh_interval_offset = int, None, false
subdomain_inherit = str, None, false
subdomain_homedir = str, None, false
cached_auth_timeout = int, None, false
full_name_format = str, None, false
re_expression = str, None, false
auto_private_groups = str, None, false
pam_gssapi_services = str, None, false
pam_gssapi_check_upn = bool, None, false
pam_gssapi_indicators_map = str, None, false
local_auth_policy = str, None, false
#Entry cache timeouts
entry_cache_user_timeout = int, None, false
entry_cache_group_timeout = int, None, false
entry_cache_netgroup_timeout = int, None, false
entry_cache_service_timeout = int, None, false
entry_cache_autofs_timeout = int, None, false
entry_cache_sudo_timeout = int, None, false
entry_cache_ssh_host_timeout = int, None, false
entry_cache_resolver_timeout = int, None, false
refresh_expired_interval = int, None, false
refresh_expired_interval_offset = int, None, false
# Dynamic DNS updates
dyndns_update = bool, None, false
dyndns_ttl = int, None, false
dyndns_iface = str, None, false
dyndns_refresh_interval = int, None, false
dyndns_refresh_interval_offset = int, None, false
dyndns_update_ptr = bool, None, false
dyndns_force_tcp = bool, None, false
dyndns_auth = str, None, false
dyndns_server = str, None, false
# Special providers
[provider/permit]
[provider/permit/access]
[provider/deny]
[provider/deny/access]
|