This file is indexed.

/usr/share/doc/realmd/html/realmd-conf.html is in realmd 0.16.2-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ANSI_X3.4-1968">
<title>realmd.conf</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
<link rel="home" href="index.html" title="realmd">
<link rel="up" href="realm-manual.html" title="Command manual pages">
<link rel="prev" href="realm.html" title="realm">
<link rel="next" href="guide-active-directory.html" title="Using with Active Directory">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
<td><a accesskey="p" href="realm.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
<td><a accesskey="u" href="realm-manual.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
<th width="100%" align="center">realmd</th>
<td><a accesskey="n" href="guide-active-directory.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
</tr></table>
<div class="refentry">
<a name="realmd-conf"></a><div class="titlepage"></div>
<div class="refnamediv"><table width="100%"><tr>
<td valign="top">
<h2><span class="refentrytitle">realmd.conf</span></h2>
<p>realmd.conf &#8212; Tweak behavior of realmd</p>
</td>
<td valign="top" align="right"></td>
</tr></table></div>
<div class="refsect1">
<a name="idp82549216"></a><h2>Configuration File</h2>
<p><span class="command"><strong>realmd</strong></span> can be tweaked by network administrators
	to act in specific ways. This is done by placing settings in a
	<code class="filename">/etc/realmd.conf</code>. This file does not exist by
	default. The syntax of this file is the same as an INI file or
	Desktop Entry file.</p>
<p>In general, settings in this file only apply at the point of
	joining a domain or realm. Once the realm has been setup the settings
	have no effect. You may choose to configure
	<a class="ulink" href="https://fedorahosted.org/sssd/" target="_top">SSSD</a> or
	<a class="ulink" href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html" target="_top">Winbind</a>
	directly.</p>
<p>Only specify the settings you wish to override in the
	<code class="filename">/etc/realmd.conf</code> file. Settings not specified will
	be loaded from their packaged defaults. Only override the settings
	below. You may find other settings if you look through the
	<span class="command"><strong>realmd</strong></span> source code. However these are not guaranteed
	to remain stable.</p>
<p>There are various sections in the config file. Some sections are
	global topic sections, and are listed below. Other sections are specific
	to a given realm. These realm specific sections should always contain
	the domain name in lower case as their section header.</p>
<p>Examples of each setting is found below, including the header
	of the section it should be placed in. However in the resulting file
	only include each section once, and combine the various section setting
	together as lines underneath the section. For example</p>
<div class="informalexample"><pre class="programlisting">
[users]
default-home = /home/%U
default-shell = /bin/bash
</pre></div>
</div>
<div class="refsect1">
<a name="realmd-conf-active-directory"></a><h2>active-directory</h2>
<p>These options should go in an <code class="option">[active-directory]</code>
	section of the <code class="filename">/etc/realmd.conf</code> file. Only
	specify the settings you wish to override.</p>
<div class="variablelist"><table border="0" class="variablelist">
<colgroup>
<col align="left" valign="top">
<col>
</colgroup>
<tbody>
<tr>
<td><p><span class="term"><code class="option">default-client</code></span></p></td>
<td>
<p>Specify the <code class="option">default-client</code> setting in
		order to control which client software is the preferred default
		for use with Active Directory.</p>
<div class="informalexample"><pre class="programlisting">
[active-directory]
default-client = sssd
# default-client = winbind

</pre></div>
<p>The default setting for this is
		<code class="option">sssd</code> which uses
		<a class="ulink" href="https://fedorahosted.org/sssd/" target="_top">SSSD</a> as
		the Active Directory client. You can also specify
		<code class="option">winbind</code> to use
		<a class="ulink" href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html" target="_top">Samba Winbind</a>.
		</p>
<p>Some callers of <span class="command"><strong>realmd</strong></span> such as the
		<a class="link" href="realm.html" title="realm"><span class="command"><strong>realm</strong></span></a>
		command line tool allow specifying which client software should
		be used. Others, such as GNOME Control Center, simplify choose
		the default.</p>
<p>You can verify the preferred default client softawre by
		running the following command. The realm with the preferred
		client software will be listed first.</p>
<div class="informalexample"><pre class="screen">
$ <span class="command"><strong>realm discover domain.example.com</strong></span>
domain.example.com
  configured: no
  server-software: active-directory
  client-software: sssd
  type: kerberos
  realm-name: AD.THEWALTER.LAN
  domain-name: ad.thewalter.lan
domain.example.com
  configured: no
  server-software: active-directory
  client-software: winbind
  type: kerberos
  realm-name: AD.THEWALTER.LAN
  domain-name: ad.thewalter.lan
</pre></div>
</td>
</tr>
<tr>
<td><p><span class="term"><code class="option">os-name</code></span></p></td>
<td><p>(see below)</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="option">os-version</code></span></p></td>
<td>
<p>Specify the <code class="option">os-name</code> and/or
		<code class="option">os-version</code> settings to control the values that
		are placed in the computer account <code class="option">operatingSystem</code> and
		<code class="option">operatingSystemVersion</code> attributes.</p>
<p>This is an Active Directory specific option.</p>
<div class="informalexample"><pre class="programlisting">
[active-directory]
os-name = Gentoo Linux
os-version = 9.9.9.9.9
</pre></div>
</td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect1">
<a name="realmd-conf-service"></a><h2>service</h2>
<p>These options should go in an <code class="option">[service]</code>
	section of the <code class="filename">/etc/realmd.conf</code> file. Only
	specify the settings you wish to override.</p>
<div class="variablelist"><table border="0" class="variablelist">
<colgroup>
<col align="left" valign="top">
<col>
</colgroup>
<tbody><tr>
<td><p><span class="term"><code class="option">automatic-install</code></span></p></td>
<td>
<p>Set this to <em class="parameter"><code>no</code></em> to disable automatic
		installation of packages via package-kit.</p>
<div class="informalexample"><pre class="programlisting">
[service]
automatic-install = no
# automatic-install = yes
</pre></div>
</td>
</tr></tbody>
</table></div>
</div>
<div class="refsect1">
<a name="realmd-conf-users"></a><h2>users</h2>
<p>These options should go in an <code class="option">[users]</code>
	section of the <code class="filename">/etc/realmd.conf</code> file. Only
	specify the settings you wish to override.</p>
<div class="variablelist"><table border="0" class="variablelist">
<colgroup>
<col align="left" valign="top">
<col>
</colgroup>
<tbody>
<tr>
<td><p><span class="term"><code class="option">default-home</code></span></p></td>
<td>
<p>Specify the <code class="option">default-home</code> setting in
		order to control how to set the home directory for accounts
		that have no home directory explicitly set.</p>
<div class="informalexample"><pre class="programlisting">
[users]
default-home = /home/%U@%D
# default-home = /nfs/home/%D-%U
# default-home = /home/%D/%U

</pre></div>
<p>The default setting for this is <code class="option">/home/%U@%D</code>. The
		<code class="option">%D</code> format is replaced by the domain name. The <code class="option">%U</code>
		format is replaced by the user name.</p>
<p>You can verify the home directory for a user by running the
		following command.</p>
<div class="informalexample"><pre class="screen">
$ <span class="command"><strong>getent passwd 'DOMAIN/User'</strong></span>
DOMAIN\user:*:13445:13446:Name:/home/DOMAIN/user:/bin/bash
</pre></div>
<p>Note that in the case of IPA domains, most users already have a
		home directory configured in the domain. Therefore this configuration
		setting may rarely show through.</p>
</td>
</tr>
<tr>
<td><p><span class="term"><code class="option">default-shell</code></span></p></td>
<td>
<p>Specify the <code class="option">default-shell</code> setting in
		order to control how to set the Unix shell for accounts that
		have no shell explicitly set.</p>
<div class="informalexample"><pre class="programlisting">
[users]
default-shell = /bin/bash
# default-shell = /bin/sh

</pre></div>
<p>The default setting for this is <code class="option">/bin/bash</code> shell. The
		shell should be a valid shell if you expect the domain users be able to log
		in. For example it should exist in the <code class="filename">/etc/shells</code> file.</p>
<p>You can verify the shell for a user by running the
		following command.</p>
<div class="informalexample"><pre class="screen">
$ <span class="command"><strong>getent passwd 'DOMAIN/User'</strong></span>
DOMAIN\user:*:13445:13446:Name:/home/DOMAIN/user:/bin/bash
</pre></div>
<p>Note that in the case of IPA domains, most users already have a
		shell configured in the domain. Therefore this configuration setting
		may rarely show through.</p>
</td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect1">
<a name="idp80145008"></a><h2>Realm specific settings</h2>
<p>These options should go in an section with the same name
	as the realm in the <code class="filename">/etc/realmd.conf</code> file.
	For example for the <code class="option">domain.example.com</code> domain
	the section would be called <code class="option">[domain.example.com]</code>.
	To figure out the canonical name for a realm use the
	<span class="command"><strong>realm</strong></span> command:</p>
<div class="informalexample"><pre class="screen">
$ <span class="command"><strong>realm discover --name DOMAIN.example.com</strong></span>
domain.example.com
...
</pre></div>
<p>Only specify the settings you wish to override.</p>
<div class="variablelist"><table border="0" class="variablelist">
<colgroup>
<col align="left" valign="top">
<col>
</colgroup>
<tbody>
<tr>
<td><p><span class="term"><code class="option">computer-ou</code></span></p></td>
<td>
<p>Specify this option to create directory computer accounts
		in a location other than the default. This currently only works
		with Active Directory domains.</p>
<div class="informalexample"><pre class="programlisting">
[domain.example.com]
computer-ou = OU=Linux Computers,DC=domain,DC=example,DC=com
# computer-ou = OU=Linux Computers,

</pre></div>
<p>Specify the OU as an LDAP DN. It can be relative to the
		Root DSE, or a complete LDAP DN. Obviously the OU must exist
		in the directory.</p>
<p>It is also possible to use the <code class="option">--computer-ou</code>
		argument of the <span class="command"><strong>realm</strong></span> command to
		create a computer account at a specific OU.</p>
</td>
</tr>
<tr>
<td><p><span class="term"><code class="option">user-prinicpal</code></span></p></td>
<td>
<p>Set the <code class="option">user-prinicpal</code> to <code class="code">yes</code>
		to create <code class="option">userPrincipalName</code> attributes for the
		computer account in the realm, in the form
		<code class="code">host/computer@REALM</code></p>
<div class="informalexample"><pre class="programlisting">
[domain.example.com]
user-principal = yes
</pre></div>
</td>
</tr>
<tr>
<td><p><span class="term"><code class="option">automatic-join</code></span></p></td>
<td>
<p>This option only applies to Active Directory realms. This option
		is off by default. In Active Directory domains, a computer account can
		be preset with a known computer account password. This can be used for
		automatic joins without authentication.</p>
<p>When automatic joins are used there is no mutual authentication
		between the machine and the domain during the join process.</p>
<div class="informalexample"><pre class="programlisting">
[domain.example.com]
automatic-join = yes
</pre></div>
</td>
</tr>
<tr>
<td><p><span class="term"><code class="option">automatic-id-mapping</code></span></p></td>
<td>
<p>This option is on by default for Active Directory realms.
		Turn it off to use UID and GID information stored in the
		directory (as-per RFC2307) rather than automatically generating
		UID and GID numbers.</p>
<p>This option only makes sense for Active Directory
		realms.</p>
<div class="informalexample"><pre class="programlisting">
[domain.example.com]
automatic-id-mapping = no
# automatic-id-mapping = yes
</pre></div>
</td>
</tr>
<tr>
<td><p><span class="term"><code class="option">manage-system</code></span></p></td>
<td>
<p>This option is on by default. Normally joining a realm
		affects many aspects of the configuration and management of the
		system. Turning this off limits the interaction with the realm
		or domain to authentication and identity.</p>
<div class="informalexample"><pre class="programlisting">
[domain.example.com]
manage-system = no
# manage-system = yes

</pre></div>
<p>When this option is turned on <span class="command"><strong>realmd</strong></span>
		defaults to using domain policy to control who can log into
		this machine. Further adjustments to login policy can be made
		with the <span class="command"><strong>realm permit</strong></span> command.</p>
</td>
</tr>
<tr>
<td><p><span class="term"><code class="option">fully-qualified-names</code></span></p></td>
<td>
<p>This option is on by default. If turned off then realm
		user and group names are not qualified their name. This may
		cause them to conflict with local user and group names.</p>
<div class="informalexample"><pre class="programlisting">
[domain.example.com]
fully-qualified-names = no
# fully-qualified-names = yes
</pre></div>
</td>
</tr>
</tbody>
</table></div>
</div>
</div>
<div class="footer">
<hr>
          Generated by GTK-Doc
        </div>
</body>
</html>