"Fossies" - the Fresh Open Source Software Archive

Member "sssd-2.2.2/src/man/sv/include/ad_modified_defaults.xml" (12 Sep 2019, 3208 Bytes) of package /linux/misc/sssd-2.2.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) XML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "ad_modified_defaults.xml": 2.0.0_vs_2.1.0.

    1 <refsect1 id='modified-default-options'>
    2     <title>MODIFIED DEFAULT OPTIONS</title>
    3     <para>
    4         Certain option defaults do not match their respective backend provider
    5 defaults, these option names and AD provider-specific defaults are listed
    6 below:
    7     </para>
    8     <refsect2 id='krb5_modifications'>
    9         <title>KRB5 Provider</title>
   10         <itemizedlist>
   11             <listitem>
   12                 <para>
   13                     krb5_validate = true
   14                 </para>
   15             </listitem>
   16             <listitem>
   17                 <para>
   18                     krb5_use_enterprise_principal = true
   19                 </para>
   20             </listitem>
   21         </itemizedlist>
   22     </refsect2>
   23     <refsect2 id='ldap_modifications'>
   24         <title>LDAP Provider</title>
   25         <itemizedlist>
   26             <listitem>
   27                 <para>
   28                     ldap_schema = ad
   29                 </para>
   30             </listitem>
   31             <listitem>
   32                 <para>
   33                     ldap_force_upper_case_realm = true
   34                 </para>
   35             </listitem>
   36             <listitem>
   37                 <para>
   38                     ldap_id_mapping = true
   39                 </para>
   40             </listitem>
   41             <listitem>
   42                 <para>
   43                     ldap_sasl_mech = gssapi
   44                 </para>
   45             </listitem>
   46             <listitem>
   47                 <para>
   48                     ldap_referrals = false
   49                 </para>
   50             </listitem>
   51             <listitem>
   52                 <para>
   53                     ldap_account_expire_policy = ad
   54                 </para>
   55             </listitem>
   56             <listitem>
   57                 <para>
   58                     ldap_use_tokengroups = true
   59                 </para>
   60             </listitem>
   61             <listitem>
   62                 <para>
   63                     ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)
   64                 </para>
   65                 <para>
   66                     The AD provider looks for a different principal than the LDAP provider by
   67 default, because in an Active Directory environment the principals are
   68 divided into two groups - User Principals and Service Principals. Only User
   69 Principal can be used to obtain a TGT and by default, computer object's
   70 principal is constructed from its sAMAccountName and the AD realm. The
   71 well-known host/hostname@REALM principal is a Service Principal and thus
   72 cannot be used to get a TGT with.
   73                 </para>
   74             </listitem>
   75         </itemizedlist>
   76     </refsect2>
   77     <refsect2 id='nss_modifications'>
   78         <title>NSS configuration</title>
   79         <itemizedlist>
   80             <listitem>
   81                 <para>
   82                     fallback_homedir = /home/%d/%u
   83                 </para>
   84                 <para>
   85                     The AD provider automatically sets "fallback_homedir = /home/%d/%u" to
   86 provide personal home directories for users without the homeDirectory
   87 attribute. If your AD Domain is properly populated with Posix attributes,
   88 and you want to avoid this fallback behavior, you can explicitly set
   89 "fallback_homedir = %o".
   90                 </para>
   91             </listitem>
   92         </itemizedlist>
   93     </refsect2>
   94 </refsect1>