Hi SSSD experts
I have tried examining various documentation and man pages but I am unable to determine the answer. Specifically, for security reasons, we require user on our Linux servers to login via AD credentials only (unless they are a specific local user). In particular, if the provider is offline/not available (in this case an AD server/servers) then login should fail.
Sounds like `cache_credentials = false`? (see `man sssd.conf`)
I thought it would be possible by setting various "cache" parameters but the documentation suggests that zero (0) is not a useful value.
So, can this be done? And if so, how? And if I missed some simple thing in the documentation a reply pointing me to said documentation would be acceptable :-).
Thanks.
Phil
--
Phil J Fisher
UNIX Technology Consultant
DXC Technology Company -- This message is transmitted to you by or on behalf of DXC Technology Company or one of its affiliates. It is intended exclusively for the addressee. The substance of this message, along with any attachments, may contain proprietary, confidential or privileged information or information that is otherwise legally exempt from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate any part of this message. If you have received this message in error, please destroy and delete all copies and notify the sender by return e-mail. Regardless of content, this e-mail shall not operate to bind DXC Technology Company or any of its affiliates to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure