[deployment-guide/comm-rel: 37/74] more last minute changes from tech review

dsilas dsilas at fedoraproject.org
Tue Jul 6 21:12:22 UTC 2010 

commit 86dccffff97ca2620c4ccc1905a8ff88dc664df4
Author: David O'Brien <davido at redhat.com>
Date:   Fri Jun 25 14:10:22 2010 +1000

    more last minute changes from tech review

 en-US/SSSD.xml |   33 +++++++++++++++++++--------------
 1 files changed, 19 insertions(+), 14 deletions(-)
---
diff --git a/en-US/SSSD.xml b/en-US/SSSD.xml
index dc1099d..4b5ae34 100644
--- a/en-US/SSSD.xml
+++ b/en-US/SSSD.xml
@@ -6,16 +6,16 @@
   <title>The System Security Services Daemon (SSSD)</title>
 
   <para>
-    This chapter provides an introduction to the <firstterm>System Security Services Daemon (SSSD)</firstterm>, the main features that it provides, and discusses the requirements and any limitations of a typical SSSD deployment.
+    This section provides an introduction to the <firstterm>System Security Services Daemon (SSSD)</firstterm>, the main features that it provides, and discusses the requirements and any limitations of a typical SSSD deployment.
   </para>
   <para>
-    This chapter also describes how to install and configure SSSD, and how to use the features that it provides. It provides information on the types of services that it supports and how to configure them, and introduces and describes the most important configuration options. Sample configuration files are also provided to help you optimize your deployment.
+    This section also describes how to configure SSSD, and how to use the features that it provides. It provides information on the types of services that it supports and how to configure them, and introduces and describes the most important configuration options. Sample configuration files are also provided to help you optimize your deployment.
   </para>
 
   <section id="sect-SSSD_User_Guide-Introduction-What_is_SSSD">
     <title>What is SSSD?</title>
     <para>
-      The System Security Services Daemon (SSSD) is a service which provides access to different identity and authentication providers. You can configure SSSD to use a native LDAP domain (that is, an LDAP identity provider with LDAP authentication), or an LDAP identity provider with Kerberos authentication. It provides an NSS and PAM interface to the system, a pluggable back-end system to connect to multiple different account sources.
+      The System Security Services Daemon (SSSD) is a service which provides access to different identity and authentication providers. You can configure SSSD to use a native LDAP domain (that is, an LDAP identity provider with LDAP authentication), or an LDAP identity provider with Kerberos authentication. It provides an NSS and PAM interface to the system, and a pluggable back-end system to connect to multiple different account sources.
     </para>
     <para>
       SSSD is also extensible; you can configure it to use new identity sources and authentication mechanisms should they arise.
@@ -97,6 +97,9 @@
           class="domainname">ldap.myhome.com</systemitem> domain. You can use SSSD to make requests using fully-qualified usernames. If you request information for <systemitem
           class="username">kate</systemitem>, you will receive the information from whichever domain is listed first in the look-up order. If you request information for <systemitem
           class="username">kate at ldap.myhome.com</systemitem>, however, you will receive the correct user information.</para>
+      <para>
+        SSSD also provides a <option>filter_users</option> option, which you can use to exclude certain users from being fetched from the database. Refer to the <citetitle>sssd.conf(5)</citetitle> manual page for full details about this option.
+      </para>
     </section>
 <!--
     <section
@@ -329,7 +332,7 @@ simple_allow_users = user1, user2</screen>
           <secondary>in SSSD, rules</secondary>
         </indexterm>
 
-          <para>The Simple Access Provider adheres to three simple rules to determine which users should or should not be granted access, as follows:
+          <para>The Simple Access Provider adheres to the following three rules to determine which users should or should not be granted access:
           <itemizedlist>
             <listitem>
               <para>
@@ -382,7 +385,7 @@ simple_allow_users = user1, user2</screen>
 
           <para>The client then makes an SRV DNS query to retrieve a list of host names, their priorities, and weights. These queries are of the form _<replaceable>service</replaceable>._<replaceable>protocol</replaceable>._<replaceable>domain</replaceable>, for example, <literal>_ldap._tcp._redhat.com</literal>. The client then sorts this list according to the priorities and weights, and connects to the first server in this sorted list.</para>
 
-          <para>For more information on SRV records, refer to the <ulink url="http://tools.ietf.org/html/rfc2782">RFC</ulink>.</para>
+          <para>For more information on SRV records, refer to <ulink url="http://tools.ietf.org/html/rfc2782">RFC 2782</ulink>.</para>
         </section>
 
         <section>
@@ -648,7 +651,7 @@ ipauser01:x:937315651:937315651:ipauser01:/home/ipauser01:/bin/sh
 ipauser01:x:937315651:937315651:ipauser01:/home/ipauser01:/bin/sh
 </screen>
             <note>
-              <para>With <parameter>use_fully_qualified_names</parameter> set to <literal>FALSE</literal>, you can continue to use the fully-qualified name in your requests, but only the simplified version is displayed in the output.</para>
+              <para>If <parameter>use_fully_qualified_names</parameter> is set to <literal>FALSE</literal>, you can continue to use the fully-qualified name in your requests, but only the simplified version is displayed in the output.</para>
               <para>SSSD can only parse <systemitem class="domainname">name at domain</systemitem>, not <systemitem
                   class="domainname">name at realm</systemitem>. You can, however, use the same name for both your domain and your realm.</para>
             </note>
@@ -658,7 +661,11 @@ ipauser01:x:937315651:937315651:ipauser01:/home/ipauser01:/bin/sh
               <option>auth_provider <type>(string)</type>
               </option>
             </para>
-            <para>The authentication provider used for the domain. Currently supported authentication providers are:
+            <para>
+              The authentication provider used for the domain. The default value for this option is the value of <option>id_provider</option> if it is set and can handle authentication requests.
+            </para>
+            <para>
+              Currently supported authentication providers are:
             <itemizedlist>
                 <listitem>
                     <para>ldap &mdash; for native LDAP authentication. Refer to the sssd-ldap(5) manual page for more information on configuring LDAP.</para>
@@ -675,9 +682,6 @@ ipauser01:x:937315651:937315651:ipauser01:/home/ipauser01:/bin/sh
             </para>
           </listitem>
         </itemizedlist>
-        <para>
-          The default value for <option>auth_provider</option> is the value of <option>id_provider</option> if it is set and can handle authentication requests.
-        </para>
       </section>
 
       <section
@@ -895,7 +899,7 @@ ldap_group_gid_number = msSFU30GidNumber</screen>
       </indexterm>
 
       <para>
-        SSSD currently only supports LDAP and Kerberos as authentication providers. If you prefer to use SSSD (for example, to take advantage of its caching functionality), but SSSD does not support your authentication method natively, you can set up a proxy authentication provider. This could be the case if you use fingerprint scanners or smart cards as part of your authentication process.
+        SSSD currently only supports LDAP and Kerberos as authentication providers. If you prefer to use SSSD (for example, to take advantage of its caching functionality), but SSSD does not support your authentication method, you can set up a proxy authentication provider. This could be the case if you use fingerprint scanners or smart cards as part of your authentication process.
       </para>
       <itemizedlist>
         <listitem>
@@ -967,6 +971,7 @@ krb5_auth_timeout = 15
     <para>This example describes the minimum options that must be configured when using Kerberos authentication. Refer to the <citetitle>sssd-krb5(5)</citetitle> manual page for a full description of all the options that apply to configuring Kerberos authentication.</para>
   </section>
 
+  <!--
   <section id="sect-SSSD_User_Guide-Configuring_Domains-Setting_up_SASL_GSSAPI_Authentication">
     <title>Setting up SASL/GSSAPI Authentication</title>
     <indexterm>
@@ -975,7 +980,7 @@ krb5_auth_timeout = 15
     </indexterm>
     <para>dummy text</para>
     <remark>https://bugzilla.redhat.com/show_bug.cgi?id=601870</remark>
-  </section>
+  </section>-->
 
     <!--<section
       id="chap-SSSD_User_Guide-Using_the_SSSD_Management_Tools">
@@ -1110,7 +1115,7 @@ GroupE:*:518:UserE
         <formalpara
           id="form-SSSD_User_Guide-Using_SSSD_Log_Files-Producing_More_Verbose_Log_Files">
           <title>Producing More Verbose Log Files</title>
-          <para>If you are unable to identify and resolve any problems with SSSD after inspection of the default log files, you can configure SSSD to produce more verbose files. You can set the <option>debug_level</option> option in the <filename>/etc/sssd/sssd.conf</filename> for the domain that is causing concern, and then restart SSSD. Refer to the <citetitle>sssd.conf(5)</citetitle> manual page for more information on how to set the <option>debug_level</option> for a specfic domain.</para>
+          <para>If you are unable to identify and resolve any problems with SSSD after inspection of the default log files, you can configure SSSD to produce more verbose files. You can set the <option>debug_level</option> option in the <filename>/etc/sssd/sssd.conf</filename> for the domain that is causing concern, and then restart SSSD. Refer to the <citetitle>sssd.conf(5)</citetitle> manual page for more information on how to set the <option>debug_level</option> for a specific domain.</para>
         </formalpara>
         <para>All log files include timestamps on debug messages by default. This can make it easier to understand any errors that may occur, why they occurred, and how to address them. If necessary, you can disable these timestamps by setting the appropriate parameter to <literal>FALSE</literal> in the <filename>/etc/sssd/sssd.conf</filename> file:</para>
 
@@ -1251,7 +1256,7 @@ passwd: all authentication tokens updated successfully.
         <section
           id="sect-SSSD_User_Guide-Additional_Resources-Manual_Pages">
           <title>Manual Pages</title>
-          <para>SSSD ships with a number of manual pages, all of which provide additional information about specfic aspects of SSSD, such as configuration files, commands, and available options. SSSD currently provides the following manual pages:</para>
+          <para>SSSD ships with a number of manual pages, all of which provide additional information about specific aspects of SSSD, such as configuration files, commands, and available options. SSSD currently provides the following manual pages:</para>
           <itemizedlist>
             <listitem>
               <para>

More information about the docs-commits mailing list