sssd-ifp.5.xml revision 770dc892f867639f36f84455d65be6287935a529
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
<reference>
<title>SSSD Manual pages</title>
<refentry>
<refmeta>
<refentrytitle>sssd-ifp</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>sssd-ifp</refname>
<refpurpose>SSSD InfoPipe responder</refpurpose>
</refnamediv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
This manual page describes the configuration of the InfoPipe responder
for
<citerefentry>
<refentrytitle>sssd</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>.
For a detailed syntax reference, refer to the <quote>FILE FORMAT</quote> section of the
<citerefentry>
<manvolnum>5</manvolnum>
</citerefentry> manual page.
</para>
<para>
The InfoPipe responder provides a public D-Bus interface
accessible over the system bus. The interface allows the user
to query information about remote users and groups over the
system bus.
</para>
</refsect1>
<refsect1 id='configuration-options'>
<title>CONFIGURATION OPTIONS</title>
<para>
These options can be used to configure the InfoPipe responder.
</para>
<variablelist>
<varlistentry>
<term>allowed_uids (string)</term>
<listitem>
<para>
Specifies the comma-separated list of UID values or
user names that are allowed to access the InfoPipe
responder. User names are resolved to UIDs at
startup.
</para>
<para>
Default: 0 (only the root user is allowed to access
the InfoPipe responder)
</para>
<para>
Please note that although the UID 0 is used as the
default it will be overwritten with this option. If
you still want to allow the root user to access the
InfoPipe responder, which would be the typical
case, you have to add 0 to the list of allowed UIDs
as well.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>user_attributes (string)</term>
<listitem>
<para>
Specifies the comma-separated list of white
or blacklisted attributes.
</para>
<para>
By default, the InfoPipe responder only
allows the default set of POSIX attributes to
be requested. This set is the same as returned by
<citerefentry>
<refentrytitle>getpwnam</refentrytitle>
<manvolnum>3</manvolnum>
</citerefentry>
and includes:
<variablelist>
<varlistentry>
<term>name</term>
<listitem><para>user's login name</para></listitem>
</varlistentry>
<varlistentry>
<term>uidNumber</term>
<listitem><para>user ID</para></listitem>
</varlistentry>
<varlistentry>
<term>gidNumber</term>
<listitem><para>primary group ID</para></listitem>
</varlistentry>
<varlistentry>
<term>gecos</term>
<listitem><para>user information, typically full name</para></listitem>
</varlistentry>
<varlistentry>
<term>homeDirectory</term>
<listitem><para>home directory</para></listitem>
</varlistentry>
<varlistentry>
<term>loginShell</term>
<listitem><para>user shell</para></listitem>
</varlistentry>
</variablelist>
</para>
<para>
It is possible to add another attribute to
this set by using <quote>+attr_name</quote>
or explicitly remove an attribute using
<quote>-attr_name</quote>. For example, to
allow <quote>telephoneNumber</quote> but deny
<quote>loginShell</quote>, you would use the
following configuration:
<programlisting>
user_attributes = +telephoneNumber, -loginShell
</programlisting>
</para>
<para>
Default: not set. Only the default set of
POSIX attributes is allowed.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
</refentry>
</reference>