sssd-ifp (5) - Linux Man Pages
sssd-ifp: SSSD InfoPipe responder
sssd-ifp - SSSD InfoPipe responder
These options can be used to configure the InfoPipe responder.
Specifies the comma-separated list of UID values or user names that are allowed to access the InfoPipe responder. User names are resolved to UIDs at startup.
Default: 0 (only the root user is allowed to access the InfoPipe responder)
Please note that although the UID 0 is used as the default it will be overwritten with this option. If you still want to allow the root user to access the InfoPipe responder, which would be the typical case, you have to add 0 to the list of allowed UIDs as well.
Specifies the comma-separated list of white or blacklisted attributes.
By default, the InfoPipe responder only allows the default set of POSIX attributes to be requested. This set is the same as returned by getpwnam(3) and includes:
- user's login name
- user ID
- primary group ID
- user information, typically full name
- home directory
- user shell
It is possible to add another attribute to this set by using "+attr_name" or explicitly remove an attribute using "-attr_name". For example, to allow "telephoneNumber" but deny "loginShell", you would use the following configuration:
user_attributes = +telephoneNumber, -loginShell
Default: not set. Only the default set of POSIX attributes is allowed.
Specifies an upper limit on the number of entries that are downloaded during a wildcard lookup that overrides caller-supplied limit.
Default: 0 (let the caller set an upper limit)
The SSSD upstream - http://fedorahosted.org/sssd
sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sss_cache(8), sss_debuglevel(8), sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8),sssd-ifp(5),pam_sss(8). sss_rpcidmapd(5)