|
|
333.
|
|
|
If a non-existing rule name is given all rules will be ignored and all available certificates will be used to derive ssh keys.
|
|
|
type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
sssd.conf.5.xml:1763
|
|
|
334.
|
|
|
Default: not set, all found rules are used
|
|
|
type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
sssd.conf.5.xml:1768
|
|
|
1315.
|
|
|
Some configuration options can be also set for a trusted domain. A trusted domain configuration can either be done using a subsection, for example: <placeholder type="programlisting" id="0"/>
|
|
|
type: Content of: <reference><refentry><refsect1><para>
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
sssd-ipa.5.xml:749
|
|
|
1316.
|
|
|
In addition, some options can be set in the parent domain and inherited by the trusted domain using the <quote>subdomain_inherit</quote> option. For more details, see the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page.
|
|
|
type: Content of: <reference><refentry><refsect1><para>
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
sssd-ipa.5.xml:758
|
|
|
1379.
|
|
|
Please note that current version of SSSD does not support Active Directory's built-in groups. Built-in groups (such as Administrators with SID S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See upstream issue tracker https://pagure.io/SSSD/sssd/issue/4099 .
|
|
|
type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
sssd-ad.5.xml:367
|
|
|
1384.
|
|
|
NOTE: The current version of SSSD does not support host (computer) entries in the GPO 'Security Filtering' list. Only user and group entries are supported. Host entries in the list have no effect.
|
|
|
type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
sssd-ad.5.xml:410
|
|
|
1396.
|
|
|
ad_gpo_cache_timeout (integer)
|
|
|
type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
sssd-ad.5.xml:589
|
|
|
1397.
|
|
|
The amount of time between lookups of GPO policy files against the AD server. This will reduce the latency and load on the AD server if there are many access-control requests made in a short period.
|
|
|
type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
sssd-ad.5.xml:592
|
|
|
1398.
|
|
|
ad_gpo_map_interactive (string)
|
|
|
type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
sssd-ad.5.xml:605
|
|
|
1399.
|
|
|
A comma-separated list of PAM service names for which GPO-based access control is evaluated based on the InteractiveLogonRight and DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated for which the user has Read and Apply Group Policy permission (see option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the deny interactive logon setting for the user or one of its groups, the user is denied local access. If none of the evaluated GPOs has an interactive logon right defined, the user is granted local access. If at least one evaluated GPO contains interactive logon right settings, the user is granted local access only, if it or at least one of its groups is part of the policy settings.
|
|
|
type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
sssd-ad.5.xml:608
|
