From c2eccab2c12b58a74cdc6fd10efe775dbcd8c1e1 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 18 Mar 2016 16:24:18 +0100 Subject: [PATCH 1/3] p11: add missing man page entry and config API The pam_cert_auth and pam_cert_db_path option where missing in the config API and had no man page entries. --- src/config/SSSDConfig/__init__.py.in | 2 ++ src/config/etc/sssd.api.conf | 2 ++ src/man/sssd.conf.5.xml | 12 ++++++++++++ 3 files changed, 16 insertions(+) diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 1a0893cbc180394d994b9d97fc0fa863da656549..e7bf43dfd309ec6e2e47e70cb353c27435dcacfb 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -92,6 +92,8 @@ option_strings = { 'pam_public_domains' : _('List of domains accessible even for untrusted users.'), 'pam_account_expired_message' : _('Message printed when user account is expired.'), 'pam_account_locked_message' : _('Message printed when user account is locked.'), + 'pam_cert_auth' : _('Allow certificate based/Smartcard authentication.'), + 'pam_cert_db_path' : _('Path to certificate databse with PKCS#11 modules.'), 'p11_child_timeout' : _('How many seconds will pam_sss wait for p11_child to finish'), # [sudo] diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index a15f2bd05c3046f8d76b13b3d8f28f9001d8fded..a0a82543f2c91b95eb00149e413043f0e6f6f4ea 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -62,6 +62,8 @@ pam_trusted_users = str, None, false pam_public_domains = str, None, false pam_account_expired_message = str, None, false pam_account_locked_message = str, None, false +pam_cert_auth = bool, None, false +pam_cert_db_path = str, None, false p11_child_timeout = int, None, false [sudo] diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 09db9cd32673c911991b335e986692e3d8d856d0..9ae6908d1212ca132ed98cd30cdfeaef7c69b8c9 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -1027,6 +1027,18 @@ pam_account_locked_message = Account locked, please contact help desk. + pam_cert_db_path (string) + + + The path to the certificate database which contain + the PKCS#11 modules to access the Smartcard. + + + Default: /etc/pki/nssdb (NSS version) + + + + p11_child_timeout (integer) -- 2.1.0