/usr/share/sssd/sssd.api.conf is in sssd-common 1.13.4-1ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 | # Format:
# option = type, subtype, mandatory[, default]
[service]
# Options available to all services
debug_level = int, None, false
debug_timestamps = bool, None, false
debug_microseconds = bool, None, false
debug_to_files = bool, None, false
command = str, None, false
reconnection_retries = int, None, false
fd_limit = int, None, false
client_idle_timeout = int, None, false
force_timeout = int, None, false
description = str, None, false
[sssd]
# Monitor service
services = list, str, true, nss, pam
domains = list, str, true
timeout = int, None, false
sbus_timeout = int, None, false
re_expression = str, None, false
full_name_format = str, None, false
krb5_rcache_dir = str, None, false
user = str, None, false
default_domain_suffix = str, None, false
certificate_verification = str, None, false
[nss]
# Name service
enum_cache_timeout = int, None, false
entry_cache_nowait_percentage = int, None, false
entry_negative_timeout = int, None, false
filter_users = list, str, false
filter_groups = list, str, false
filter_users_in_groups = bool, None, false
pwfield = str, None, false
override_homedir = str, None, false
fallback_homedir = str, None, false
homedir_substring = str, None, false, /home
override_shell = str, None, false
allowed_shells = list, str, false
vetoed_shells = list, str, false
shell_fallback = str, None, false
default_shell = str, None, false
get_domains_timeout = int, None, false
memcache_timeout = int, None, false
override_space = str, None, false
[pam]
# Authentication service
offline_credentials_expiration = int, None, false
offline_failed_login_attempts = int, None, false
offline_failed_login_delay = int, None, false
pam_verbosity = int, None, false
pam_id_timeout = int, None, false
pam_pwd_expiration_warning = int, None, false
get_domains_timeout = int, None, false
pam_trusted_users = str, None, false
pam_public_domains = str, None, false
pam_account_expired_message = str, None, false
pam_account_locked_message = str, None, false
p11_child_timeout = int, None, false
[sudo]
# sudo service
sudo_timed = bool, None, false
sudo_inverse_order = bool, None, false
[autofs]
# autofs service
autofs_negative_timeout = int, None, false
[ssh]
# ssh service
ssh_hash_known_hosts = bool, None, false
ssh_known_hosts_timeout = int, None, false
ca_db = str, None, false
[pac]
# PAC responder
allowed_uids = str, None, false
user_attributes = str, None, false
[ifp]
# InfoPipe responder
allowed_uids = str, None, false
user_attributes = str, None, false
[provider]
#Available provider types
id_provider = str, None, true
auth_provider = str, None, false
access_provider = str, None, false
chpass_provider = str, None, false
sudo_provider = str, None, false
autofs_provider = str, None, false
session_provider = str, None, false
hostid_provider = str, None, false
subdomains_provider = str, None, false
[domain]
# Options available to all domains
description = str, None, false
debug_level = int, None, false
debug_timestamps = bool, None, false
command = str, None, false
min_id = int, None, false
max_id = int, None, false
timeout = int, None, false
try_inotify = bool, None, false
enumerate = bool, None, false
subdomain_enumerate = str, None, false
force_timeout = int, None, false
offline_timeout = int, None, false
cache_credentials = bool, None, false
cache_credentials_minimal_first_factor_length = int, None, false
store_legacy_passwords = bool, None, false
use_fully_qualified_names = bool, None, false
ignore_group_members = bool, None, false
entry_cache_timeout = int, None, false
lookup_family_order = str, None, false
account_cache_expiration = int, None, false
pwd_expiration_warning = int, None, false
filter_users = list, str, false
filter_groups = list, str, false
dns_resolver_timeout = int, None, false
dns_discovery_domain = str, None, false
override_gid = int, None, false
case_sensitive = str, None, false
override_homedir = str, None, false
fallback_homedir = str, None, false
homedir_substring = str, None, false
override_shell = str, None, false
default_shell = str, None, false
description = str, None, false
realmd_tags = str, None, false
subdomain_refresh_interval = int, None, false
subdomain_inherit = str, None, false
cached_auth_timeout = int, None, false
#Entry cache timeouts
entry_cache_user_timeout = int, None, false
entry_cache_group_timeout = int, None, false
entry_cache_netgroup_timeout = int, None, false
entry_cache_service_timeout = int, None, false
entry_cache_autofs_timeout = int, None, false
entry_cache_sudo_timeout = int, None, false
entry_cache_ssh_host_timeout = int, None, false
refresh_expired_interval = int, None, false
# Dynamic DNS updates
dyndns_update = bool, None, false
dyndns_ttl = int, None, false
dyndns_iface = str, None, false
dyndns_refresh_interval = int, None, false
dyndns_update_ptr = bool, None, false
dyndns_force_tcp = bool, None, false
dyndns_auth = str, None, false
dyndns_server = str, None, false
# Special providers
[provider/permit]
[provider/permit/access]
[provider/deny]
[provider/deny/access]
|