218 lines
6.6 KiB
Plaintext
218 lines
6.6 KiB
Plaintext
# Format:
|
|
# option = type, subtype, mandatory[, default]
|
|
|
|
[service]
|
|
# Options available to all services
|
|
timeout = int, None, false
|
|
debug = int, None, false
|
|
debug_level = int, None, false
|
|
debug_timestamps = bool, None, false
|
|
debug_microseconds = bool, None, false
|
|
debug_backtrace_enabled = bool, None, false
|
|
command = str, None, false
|
|
reconnection_retries = int, None, false
|
|
fd_limit = int, None, false
|
|
client_idle_timeout = int, None, false
|
|
responder_idle_timeout = int, None, false
|
|
cache_first = int, None, false
|
|
description = str, None, false
|
|
|
|
[sssd]
|
|
# Monitor service
|
|
config_file_version = int, None, false
|
|
services = list, str, true, nss, pam
|
|
domains = list, str, true
|
|
re_expression = str, None, false
|
|
full_name_format = str, None, false
|
|
krb5_rcache_dir = str, None, false
|
|
user = str, None, false
|
|
default_domain_suffix = str, None, false
|
|
certificate_verification = str, None, false
|
|
override_space = str, None, false
|
|
disable_netlink = bool, None, false
|
|
enable_files_domain = str, None, false
|
|
domain_resolution_order = list, str, false
|
|
try_inotify = bool, None, false
|
|
monitor_resolv_conf = bool, None, false
|
|
|
|
[nss]
|
|
# Name service
|
|
enum_cache_timeout = int, None, false
|
|
entry_cache_nowait_percentage = int, None, false
|
|
entry_negative_timeout = int, None, false
|
|
local_negative_timeout = int, None, false
|
|
filter_users = list, str, false
|
|
filter_groups = list, str, false
|
|
filter_users_in_groups = bool, None, false
|
|
pwfield = str, None, false
|
|
override_homedir = str, None, false
|
|
fallback_homedir = str, None, false
|
|
homedir_substring = str, None, false, /home
|
|
override_shell = str, None, false
|
|
allowed_shells = list, str, false
|
|
vetoed_shells = list, str, false
|
|
shell_fallback = str, None, false
|
|
default_shell = str, None, false
|
|
get_domains_timeout = int, None, false
|
|
memcache_timeout = int, None, false
|
|
user_attributes = str, None, false
|
|
|
|
[pam]
|
|
# Authentication service
|
|
offline_credentials_expiration = int, None, false
|
|
offline_failed_login_attempts = int, None, false
|
|
offline_failed_login_delay = int, None, false
|
|
pam_verbosity = int, None, false
|
|
pam_response_filter = str, None, false
|
|
pam_id_timeout = int, None, false
|
|
pam_pwd_expiration_warning = int, None, false
|
|
get_domains_timeout = int, None, false
|
|
pam_trusted_users = str, None, false
|
|
pam_public_domains = str, None, false
|
|
pam_account_expired_message = str, None, false
|
|
pam_account_locked_message = str, None, false
|
|
pam_cert_auth = bool, None, false
|
|
pam_cert_db_path = str, None, false
|
|
pam_cert_verification = str, None, false
|
|
p11_child_timeout = int, None, false
|
|
pam_app_services = str, None, false
|
|
pam_p11_allowed_services = str, None, false
|
|
p11_wait_for_card_timeout = int, None, false
|
|
p11_uri = str, None, false
|
|
pam_initgroups_scheme = str, None, false
|
|
pam_gssapi_services = str, None, false
|
|
pam_gssapi_check_upn = bool, None, false
|
|
pam_gssapi_indicators_map = str, None, false
|
|
|
|
[sudo]
|
|
# sudo service
|
|
sudo_timed = bool, None, false
|
|
sudo_inverse_order = bool, None, false
|
|
sudo_threshold = int, None, false
|
|
|
|
[autofs]
|
|
# autofs service
|
|
autofs_negative_timeout = int, None, false
|
|
|
|
[ssh]
|
|
# ssh service
|
|
ssh_hash_known_hosts = bool, None, false
|
|
ssh_known_hosts_timeout = int, None, false
|
|
ca_db = str, None, false
|
|
ssh_use_certificate_keys = bool, None, false
|
|
ssh_use_certificate_matching_rules = str, None, false
|
|
|
|
[pac]
|
|
# PAC responder
|
|
allowed_uids = str, None, false
|
|
pac_lifetime = int, None, false
|
|
|
|
[ifp]
|
|
# InfoPipe responder
|
|
allowed_uids = str, None, false
|
|
user_attributes = str, None, false
|
|
|
|
[session_recording]
|
|
# Session recording service
|
|
scope = str, None, false
|
|
users = list, str, false
|
|
groups = list, str, false
|
|
exclude_users = list, str, false
|
|
exclude_groups = list, str, false
|
|
|
|
[provider]
|
|
#Available provider types
|
|
id_provider = str, None, true
|
|
auth_provider = str, None, false
|
|
access_provider = str, None, false
|
|
chpass_provider = str, None, false
|
|
sudo_provider = str, None, false
|
|
autofs_provider = str, None, false
|
|
hostid_provider = str, None, false
|
|
subdomains_provider = str, None, false
|
|
selinux_provider = str, None, false
|
|
session_provider = str, None, false
|
|
resolver_provider = str, None, false
|
|
|
|
[domain]
|
|
# Options available to all domains
|
|
enabled = bool, None, false
|
|
description = str, None, false
|
|
domain_type = str, None, false
|
|
debug = int, None, false
|
|
debug_level = int, None, false
|
|
debug_timestamps = bool, None, false
|
|
command = str, None, false
|
|
min_id = int, None, false
|
|
max_id = int, None, false
|
|
timeout = int, None, false
|
|
enumerate = bool, None, false
|
|
subdomain_enumerate = str, None, false
|
|
offline_timeout = int, None, false
|
|
offline_timeout_max = int, None, false
|
|
offline_timeout_random_offset = int, None, false
|
|
cache_credentials = bool, None, false
|
|
cache_credentials_minimal_first_factor_length = int, None, false
|
|
use_fully_qualified_names = bool, None, false
|
|
ignore_group_members = bool, None, false
|
|
entry_cache_timeout = int, None, false
|
|
lookup_family_order = str, None, false
|
|
account_cache_expiration = int, None, false
|
|
pwd_expiration_warning = int, None, false
|
|
filter_users = list, str, false
|
|
filter_groups = list, str, false
|
|
dns_resolver_server_timeout = int, None, false
|
|
dns_resolver_op_timeout = int, None, false
|
|
dns_resolver_timeout = int, None, false
|
|
dns_discovery_domain = str, None, false
|
|
override_gid = int, None, false
|
|
case_sensitive = str, None, false
|
|
override_homedir = str, None, false
|
|
fallback_homedir = str, None, false
|
|
homedir_substring = str, None, false
|
|
override_shell = str, None, false
|
|
default_shell = str, None, false
|
|
description = str, None, false
|
|
realmd_tags = str, None, false
|
|
subdomain_refresh_interval = int, None, false
|
|
subdomain_inherit = str, None, false
|
|
subdomain_homedir = str, None, false
|
|
cached_auth_timeout = int, None, false
|
|
full_name_format = str, None, false
|
|
re_expression = str, None, false
|
|
auto_private_groups = str, None, false
|
|
pam_gssapi_services = str, None, false
|
|
pam_gssapi_check_upn = bool, None, false
|
|
pam_gssapi_indicators_map = str, None, false
|
|
|
|
#Entry cache timeouts
|
|
entry_cache_user_timeout = int, None, false
|
|
entry_cache_group_timeout = int, None, false
|
|
entry_cache_netgroup_timeout = int, None, false
|
|
entry_cache_service_timeout = int, None, false
|
|
entry_cache_autofs_timeout = int, None, false
|
|
entry_cache_sudo_timeout = int, None, false
|
|
entry_cache_ssh_host_timeout = int, None, false
|
|
entry_cache_resolver_timeout = int, None, false
|
|
refresh_expired_interval = int, None, false
|
|
|
|
# Dynamic DNS updates
|
|
dyndns_update = bool, None, false
|
|
dyndns_ttl = int, None, false
|
|
dyndns_iface = str, None, false
|
|
dyndns_refresh_interval = int, None, false
|
|
dyndns_update_ptr = bool, None, false
|
|
dyndns_force_tcp = bool, None, false
|
|
dyndns_auth = str, None, false
|
|
dyndns_server = str, None, false
|
|
|
|
# Special providers
|
|
[provider/permit]
|
|
|
|
[provider/permit/access]
|
|
|
|
[provider/deny]
|
|
|
|
[provider/deny/access]
|
|
|