|
|
71e593 |
From 42b92ad5b26ebbc7c387aa7111f70c74b63cd84f Mon Sep 17 00:00:00 2001
|
|
|
71e593 |
From: Tomas Halman <thalman@redhat.com>
|
|
|
71e593 |
Date: Mon, 1 Oct 2018 13:45:52 +0200
|
|
|
71e593 |
Subject: [PATCH 48/57] doc: Add nsswitch.conf note to manpage
|
|
|
71e593 |
|
|
|
71e593 |
We want to add note about nsswitch.conf configuration
|
|
|
71e593 |
into sssd-files manpage.
|
|
|
71e593 |
|
|
|
71e593 |
Resolves:
|
|
|
71e593 |
https://pagure.io/SSSD/sssd/issue/3750
|
|
|
71e593 |
|
|
|
71e593 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
71e593 |
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
|
|
|
71e593 |
(cherry picked from commit 0be037bbedd0aed6a7eccead6aabe0d07258242a)
|
|
|
71e593 |
---
|
|
|
71e593 |
src/man/sssd-files.5.xml | 34 +++++++++++++++++++++++++++++++++-
|
|
|
71e593 |
1 file changed, 33 insertions(+), 1 deletion(-)
|
|
|
71e593 |
|
|
|
71e593 |
diff --git a/src/man/sssd-files.5.xml b/src/man/sssd-files.5.xml
|
|
|
71e593 |
index 59e1b652328b6548386d9e15938db38197ad2a92..067e21949ffe10d783cc305c57c0ae57c906f899 100644
|
|
|
71e593 |
--- a/src/man/sssd-files.5.xml
|
|
|
71e593 |
+++ b/src/man/sssd-files.5.xml
|
|
|
71e593 |
@@ -51,6 +51,27 @@
|
|
|
71e593 |
<manvolnum>5</manvolnum>
|
|
|
71e593 |
</citerefentry>.
|
|
|
71e593 |
</para>
|
|
|
71e593 |
+ <para>
|
|
|
71e593 |
+ Another reason is to provide efficient caching of local users and groups.
|
|
|
71e593 |
+ </para>
|
|
|
71e593 |
+ <para>
|
|
|
71e593 |
+ Please note that some distributions enable the files domain automatically,
|
|
|
71e593 |
+ prepending the domain before any explicitly configured domains.
|
|
|
71e593 |
+ See enable_files_domain in
|
|
|
71e593 |
+ <citerefentry>
|
|
|
71e593 |
+ <refentrytitle>sssd.conf</refentrytitle>
|
|
|
71e593 |
+ <manvolnum>5</manvolnum>
|
|
|
71e593 |
+ </citerefentry>.
|
|
|
71e593 |
+ </para>
|
|
|
71e593 |
+ <para>
|
|
|
71e593 |
+ SSSD never handles resolution of user/group "root". Also resolution of
|
|
|
71e593 |
+ UID/GID 0 is not handled by SSSD. Such requests are passed to next
|
|
|
71e593 |
+ NSS module (usually files).
|
|
|
71e593 |
+ </para>
|
|
|
71e593 |
+ <para>
|
|
|
71e593 |
+ When SSSD is not running or responding, nss_sss returns the UNAVAIL code
|
|
|
71e593 |
+ which causes the request to be passed to the next module.
|
|
|
71e593 |
+ </para>
|
|
|
71e593 |
</refsect1>
|
|
|
71e593 |
|
|
|
71e593 |
<refsect1 id='configuration-options'>
|
|
|
71e593 |
@@ -110,11 +131,22 @@
|
|
|
71e593 |
<programlisting>
|
|
|
71e593 |
[domain/files]
|
|
|
71e593 |
id_provider = files
|
|
|
71e593 |
+</programlisting>
|
|
|
71e593 |
+ </para>
|
|
|
71e593 |
+ <para>
|
|
|
71e593 |
+ To leverage caching of local users and groups by SSSD
|
|
|
71e593 |
+ nss_sss module must be listed before nss_files module
|
|
|
71e593 |
+ in /etc/nsswitch.conf.
|
|
|
71e593 |
+ </para>
|
|
|
71e593 |
+ <para>
|
|
|
71e593 |
+<programlisting>
|
|
|
71e593 |
+passwd: sss files
|
|
|
71e593 |
+group: sss files
|
|
|
71e593 |
</programlisting>
|
|
|
71e593 |
</para>
|
|
|
71e593 |
</refsect1>
|
|
|
71e593 |
|
|
|
71e593 |
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/seealso.xml" />
|
|
|
71e593 |
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/seealso.xml" />
|
|
|
71e593 |
|
|
|
71e593 |
</refentry>
|
|
|
71e593 |
</reference>
|
|
|
71e593 |
--
|
|
|
71e593 |
2.14.4
|
|
|
71e593 |
|