/etc/shishi/shisa.conf is in shishi-common 1.0.2-5.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 | # shisa.conf --- Database configuration file for Shishi. -*- sh -*-
# Copyright 2002-2013 Simon Josefsson
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved.
#
# If the first non white space character of a line is a '#', the line
# is ignored. Empty lines are also ignored.
#
# See the manual for a complete list of options.
# db [OPTIONS] <TYPE> [LOCATION] [PARAMETERS ...]
# Specify the data sources for Shisa data. Multiple entries, even of
# the same data source type, are allowed. The data sources are
# accessed in the same sequence as they are defined here. If an entry
# is found in one data source, it will be used for the operations,
# without searching the remaining data sources. Valid OPTIONS
# include:
# --read-only No data is written to this data source.
# --ignore-errors Ignore failures in this backend.
# The default (when the configuration file is empty) uses one "file"
# data source (see below), but for a larger installation you may want
# to combine several data sources. Here is an example.
# db --read-only file /var/local/master
# db --ignore-errors ldap kdc.example.org ca=/etc/shisa/kdc-ca.pem
# db --read-only file /var/cache/ldap-copy
# This demonstrate how you can store critical principals on local disk
# (the first entry, /var/local/master) that will always be found
# without looking in the LDAP directory. The critical principals
# could be, e.g., krbtgt/EXAMPLE.ORG. The second entry denote a LDAP
# server that could hold user principals. As you can see, Shisa will
# not let the caller know about errors with the LDAP source (they will
# be logged, however). Instead, if for instance the LDAP server has
# crashed, Shisa would continue and read from the /var/cache/ldap-copy
# file source. That file source may have been set up to contain a
# copy of the data in the LDAP server, perhaps made on an hourly
# basis, so that your server will be able to serve recent data even in
# case of a crash. Any updates or passwords change requests will
# however not be possible while the LDAP server is inaccessible, to
# reduce the problem of synchronizing data back into the LDAP server
# once it is online again.
# Currently only the "file" data source is supported, and denote a
# data source that use the standard file system for storage.
#
# Valid syntaxes for the "file" database:
# db file FILENAME
#
# Examples:
# db file /var/shishi
# db file /usr/share/shishi read-only
#
# If nothing is specified, the default will be:
# db file /usr/local/var/shishi/shisa.db
|