This file is indexed.

/usr/share/sssd/sssd.api.conf is in sssd-common 1.16.1-1ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
# Format:
# option = type, subtype, mandatory[, default]

[service]
# Options available to all services
timeout = int, None, false
debug = int, None, false
debug_level = int, None, false
debug_timestamps = bool, None, false
debug_microseconds = bool, None, false
debug_to_files = bool, None, false
command = str, None, false
reconnection_retries = int, None, false
fd_limit = int, None, false
client_idle_timeout = int, None, false
responder_idle_timeout = int, None, false
cache_first = int, None, false
description = str, None, false

[sssd]
# Monitor service
config_file_version = int, None, false
services = list, str, true, nss, pam
domains = list, str, true
sbus_timeout = int, None, false
re_expression = str, None, false
full_name_format = str, None, false
krb5_rcache_dir = str, None, false
user = str, None, false
default_domain_suffix = str, None, false
certificate_verification = str, None, false
override_space = str, None, false
disable_netlink = bool, None, false
enable_files_domain = str, None, false
domain_resolution_order = list, str, false
try_inotify = bool, None, false

[nss]
# Name service
enum_cache_timeout = int, None, false
entry_cache_nowait_percentage = int, None, false
entry_negative_timeout = int, None, false
local_negative_timeout = int, None, false
filter_users = list, str, false
filter_groups = list, str, false
filter_users_in_groups = bool, None, false
pwfield = str, None, false
override_homedir = str, None, false
fallback_homedir = str, None, false
homedir_substring = str, None, false, /home
override_shell = str, None, false
allowed_shells = list, str, false
vetoed_shells = list, str, false
shell_fallback = str, None, false
default_shell = str, None, false
get_domains_timeout = int, None, false
memcache_timeout = int, None, false
user_attributes = str, None, false

[pam]
# Authentication service
offline_credentials_expiration = int, None, false
offline_failed_login_attempts = int, None, false
offline_failed_login_delay = int, None, false
pam_verbosity = int, None, false
pam_response_filter = str, None, false
pam_id_timeout = int, None, false
pam_pwd_expiration_warning = int, None, false
get_domains_timeout = int, None, false
pam_trusted_users = str, None, false
pam_public_domains = str, None, false
pam_account_expired_message = str, None, false
pam_account_locked_message = str, None, false
pam_cert_auth = bool, None, false
pam_cert_db_path = str, None, false
p11_child_timeout = int, None, false
pam_app_services = str, None, false

[sudo]
# sudo service
sudo_timed = bool, None, false
sudo_inverse_order = bool, None, false
sudo_threshold = int, None, false

[autofs]
# autofs service
autofs_negative_timeout = int, None, false

[ssh]
# ssh service
ssh_hash_known_hosts = bool, None, false
ssh_known_hosts_timeout = int, None, false
ca_db = str, None, false

[pac]
# PAC responder
allowed_uids = str, None, false
pac_lifetime = int, None, false

[ifp]
# InfoPipe responder
allowed_uids = str, None, false
user_attributes = str, None, false

[secrets]
# Secrets service
provider = str, None, false
containers_nest_level = int, None, false
max_secrets = int, None, false
max_uid_secrets = int, None, false
max_payload_size = int, None, false
# Secrets service - proxy
proxy_url = str, None, false
auth_type = str, None, false
auth_header_name = str, None, false
auth_header_value = str, None, false
forward_headers = list, None, false
username = str, None, false
password = str, None, false
verify_peer = bool, None, false
verify_host = bool, None, false
capath = str, None, false
cacert = str, None, false
cert = str, None, false
key = str, None, false

[session_recording]
# Session recording service
scope = str, None, false
users = list, str, false
groups = list, str, false

[provider]
#Available provider types
id_provider = str, None, true
auth_provider = str, None, false
access_provider = str, None, false
chpass_provider = str, None, false
sudo_provider = str, None, false
autofs_provider = str, None, false
hostid_provider = str, None, false
subdomains_provider = str, None, false
selinux_provider = str, None, false
session_provider = str, None, false

[domain]
# Options available to all domains
description = str, None, false
domain_type = str, None, false
debug = int, None, false
debug_level = int, None, false
debug_timestamps = bool, None, false
command = str, None, false
min_id = int, None, false
max_id = int, None, false
timeout = int, None, false
enumerate = bool, None, false
subdomain_enumerate = str, None, false
offline_timeout = int, None, false
cache_credentials = bool, None, false
cache_credentials_minimal_first_factor_length = int, None, false
store_legacy_passwords = bool, None, false
use_fully_qualified_names = bool, None, false
ignore_group_members = bool, None, false
entry_cache_timeout = int, None, false
lookup_family_order = str, None, false
account_cache_expiration = int, None, false
pwd_expiration_warning = int, None, false
filter_users = list, str, false
filter_groups = list, str, false
dns_resolver_timeout = int, None, false
dns_discovery_domain = str, None, false
override_gid = int, None, false
case_sensitive = str, None, false
override_homedir = str, None, false
fallback_homedir = str, None, false
homedir_substring = str, None, false
override_shell = str, None, false
default_shell = str, None, false
description = str, None, false
realmd_tags = str, None, false
subdomain_refresh_interval = int, None, false
subdomain_inherit = str, None, false
subdomain_homedir = str, None, false
cached_auth_timeout = int, None, false
full_name_format = str, None, false
re_expression = str, None, false
auto_private_groups = str, None, false

#Entry cache timeouts
entry_cache_user_timeout = int, None, false
entry_cache_group_timeout = int, None, false
entry_cache_netgroup_timeout = int, None, false
entry_cache_service_timeout = int, None, false
entry_cache_autofs_timeout = int, None, false
entry_cache_sudo_timeout = int, None, false
entry_cache_ssh_host_timeout = int, None, false
refresh_expired_interval = int, None, false

# Dynamic DNS updates
dyndns_update = bool, None, false
dyndns_ttl = int, None, false
dyndns_iface = str, None, false
dyndns_refresh_interval = int, None, false
dyndns_update_ptr = bool, None, false
dyndns_force_tcp = bool, None, false
dyndns_auth = str, None, false
dyndns_server = str, None, false

# Special providers
[provider/permit]

[provider/permit/access]

[provider/deny]

[provider/deny/access]