/usr/share/sssd/sssd.api.conf is in sssd-common 1.16.1-1ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 | # Format:
# option = type, subtype, mandatory[, default]
[service]
# Options available to all services
timeout = int, None, false
debug = int, None, false
debug_level = int, None, false
debug_timestamps = bool, None, false
debug_microseconds = bool, None, false
debug_to_files = bool, None, false
command = str, None, false
reconnection_retries = int, None, false
fd_limit = int, None, false
client_idle_timeout = int, None, false
responder_idle_timeout = int, None, false
cache_first = int, None, false
description = str, None, false
[sssd]
# Monitor service
config_file_version = int, None, false
services = list, str, true, nss, pam
domains = list, str, true
sbus_timeout = int, None, false
re_expression = str, None, false
full_name_format = str, None, false
krb5_rcache_dir = str, None, false
user = str, None, false
default_domain_suffix = str, None, false
certificate_verification = str, None, false
override_space = str, None, false
disable_netlink = bool, None, false
enable_files_domain = str, None, false
domain_resolution_order = list, str, false
try_inotify = bool, None, false
[nss]
# Name service
enum_cache_timeout = int, None, false
entry_cache_nowait_percentage = int, None, false
entry_negative_timeout = int, None, false
local_negative_timeout = int, None, false
filter_users = list, str, false
filter_groups = list, str, false
filter_users_in_groups = bool, None, false
pwfield = str, None, false
override_homedir = str, None, false
fallback_homedir = str, None, false
homedir_substring = str, None, false, /home
override_shell = str, None, false
allowed_shells = list, str, false
vetoed_shells = list, str, false
shell_fallback = str, None, false
default_shell = str, None, false
get_domains_timeout = int, None, false
memcache_timeout = int, None, false
user_attributes = str, None, false
[pam]
# Authentication service
offline_credentials_expiration = int, None, false
offline_failed_login_attempts = int, None, false
offline_failed_login_delay = int, None, false
pam_verbosity = int, None, false
pam_response_filter = str, None, false
pam_id_timeout = int, None, false
pam_pwd_expiration_warning = int, None, false
get_domains_timeout = int, None, false
pam_trusted_users = str, None, false
pam_public_domains = str, None, false
pam_account_expired_message = str, None, false
pam_account_locked_message = str, None, false
pam_cert_auth = bool, None, false
pam_cert_db_path = str, None, false
p11_child_timeout = int, None, false
pam_app_services = str, None, false
[sudo]
# sudo service
sudo_timed = bool, None, false
sudo_inverse_order = bool, None, false
sudo_threshold = int, None, false
[autofs]
# autofs service
autofs_negative_timeout = int, None, false
[ssh]
# ssh service
ssh_hash_known_hosts = bool, None, false
ssh_known_hosts_timeout = int, None, false
ca_db = str, None, false
[pac]
# PAC responder
allowed_uids = str, None, false
pac_lifetime = int, None, false
[ifp]
# InfoPipe responder
allowed_uids = str, None, false
user_attributes = str, None, false
[secrets]
# Secrets service
provider = str, None, false
containers_nest_level = int, None, false
max_secrets = int, None, false
max_uid_secrets = int, None, false
max_payload_size = int, None, false
# Secrets service - proxy
proxy_url = str, None, false
auth_type = str, None, false
auth_header_name = str, None, false
auth_header_value = str, None, false
forward_headers = list, None, false
username = str, None, false
password = str, None, false
verify_peer = bool, None, false
verify_host = bool, None, false
capath = str, None, false
cacert = str, None, false
cert = str, None, false
key = str, None, false
[session_recording]
# Session recording service
scope = str, None, false
users = list, str, false
groups = list, str, false
[provider]
#Available provider types
id_provider = str, None, true
auth_provider = str, None, false
access_provider = str, None, false
chpass_provider = str, None, false
sudo_provider = str, None, false
autofs_provider = str, None, false
hostid_provider = str, None, false
subdomains_provider = str, None, false
selinux_provider = str, None, false
session_provider = str, None, false
[domain]
# Options available to all domains
description = str, None, false
domain_type = str, None, false
debug = int, None, false
debug_level = int, None, false
debug_timestamps = bool, None, false
command = str, None, false
min_id = int, None, false
max_id = int, None, false
timeout = int, None, false
enumerate = bool, None, false
subdomain_enumerate = str, None, false
offline_timeout = int, None, false
cache_credentials = bool, None, false
cache_credentials_minimal_first_factor_length = int, None, false
store_legacy_passwords = bool, None, false
use_fully_qualified_names = bool, None, false
ignore_group_members = bool, None, false
entry_cache_timeout = int, None, false
lookup_family_order = str, None, false
account_cache_expiration = int, None, false
pwd_expiration_warning = int, None, false
filter_users = list, str, false
filter_groups = list, str, false
dns_resolver_timeout = int, None, false
dns_discovery_domain = str, None, false
override_gid = int, None, false
case_sensitive = str, None, false
override_homedir = str, None, false
fallback_homedir = str, None, false
homedir_substring = str, None, false
override_shell = str, None, false
default_shell = str, None, false
description = str, None, false
realmd_tags = str, None, false
subdomain_refresh_interval = int, None, false
subdomain_inherit = str, None, false
subdomain_homedir = str, None, false
cached_auth_timeout = int, None, false
full_name_format = str, None, false
re_expression = str, None, false
auto_private_groups = str, None, false
#Entry cache timeouts
entry_cache_user_timeout = int, None, false
entry_cache_group_timeout = int, None, false
entry_cache_netgroup_timeout = int, None, false
entry_cache_service_timeout = int, None, false
entry_cache_autofs_timeout = int, None, false
entry_cache_sudo_timeout = int, None, false
entry_cache_ssh_host_timeout = int, None, false
refresh_expired_interval = int, None, false
# Dynamic DNS updates
dyndns_update = bool, None, false
dyndns_ttl = int, None, false
dyndns_iface = str, None, false
dyndns_refresh_interval = int, None, false
dyndns_update_ptr = bool, None, false
dyndns_force_tcp = bool, None, false
dyndns_auth = str, None, false
dyndns_server = str, None, false
# Special providers
[provider/permit]
[provider/permit/access]
[provider/deny]
[provider/deny/access]
|