rpms/sssd
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3c27c875b7
sssd/0106-MAN-Document-that-the-secrets-provider-can-only-be-s.patch
Lukas Slebodnik 3c27c875b7 Fix few bugs/regressions 
Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access
                         on the sock_file system_bus_socket
Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
                         fails to download desktop profile data
Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after
                          applying ID Views for them in IPA server
Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping
                          is applied
(cherry picked from commit 8eda442b2e)
(cherry picked from commit e15fc49cbf)
(cherry picked from commit bbb90ca68c)
2017-09-12 09:30:07 +02:00

66 lines
3.1 KiB
Diff
Raw Blame History

From e8bad995fb1219df2a4fef8f55c80284c6ab36d3 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Thu, 1 Jun 2017 10:04:21 +0200
Subject: [PATCH 106/115] MAN: Document that the secrets provider can only be
specified in a per-client section
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Resolves:
https://pagure.io/SSSD/sssd/issue/3417
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
---
src/man/sssd-secrets.5.xml | 27 +++++++++++++++++++--------
1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/src/man/sssd-secrets.5.xml b/src/man/sssd-secrets.5.xml
index d43dcf21c6174f0e0780a76d831a1fd957358b51..08ab371c64eb49e4f153bb2183c07681b1050bb0 100644
--- a/src/man/sssd-secrets.5.xml
+++ b/src/man/sssd-secrets.5.xml
@@ -128,19 +128,30 @@ systemctl enable sssd-secrets.service
</citerefentry> manual page for a complete list. In addition,
there are some secrets-specific options as well.
</para>
+ <para>
+ The secrets responder is configured with a global
+ <quote>[secrets]</quote> section and an optional per-user
+ <quote>[secrets/users/$uid]</quote> section in
+ <filename>sssd.conf</filename>. Please note that some options,
+ notably as the provider type, can only be specified in the per-user
+ subsections.
+ </para>
<variablelist>
<varlistentry>
<term>provider (string)</term>
<listitem>
<para>
- This option specifies where should the secrets
- be stored. The secrets responder can configure a
- per-user subsections that define which provider store
- the secrets for this particular user. The per-user
- subsections should contain all options for that user's
- provider. If a per-user section does not exist, the
- global settings from the secret responder's section
- are used. The following providers are supported:
+ This option specifies where should the secrets be
+ stored. The secrets responder can configure a per-user
+ subsections (e.g. <quote>[secrets/users/123]</quote>
+ - see bottom of this manual page for a full example
+ using Custodia for a particular user) that define
+ which provider store the secrets for this particular
+ user. The per-user subsections should contain all
+ options for that user's provider. Please note that
+ currently the global provider is always local, the
+ proxy provider can only be specified in a per-user
+ section. The following providers are supported:
<variablelist>
<varlistentry>
<term>local</term>
--
2.14.1
Reference in New Issue View Git Blame Copy Permalink