Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
SSSD-SIMPLE(5)		 File Formats and Conventions		SSSD-SIMPLE(5)

NAME
       sssd-simple - the configuration file for	SSSD's 'simple'	access-control
       provider

DESCRIPTION
       This manual page	describes the configuration of the simple
       access-control provider for sssd(8). For	a detailed syntax reference,
       refer to	the "FILE FORMAT" section of the sssd.conf(5) manual page.

       The simple access provider grants or denies access based	on an access
       or deny list of user or group names. The	following rules	apply:

       o   If all lists	are empty, access is granted

       o   If any list is provided, the	order of evaluation is allow,deny.
	   This	means that any matching	deny rule will supersede any matched
	   allow rule.

       o   If either or	both "allow" lists are provided, all users are denied
	   unless they appear in the list.

       o   If only "deny" lists	are provided, all users	are granted access
	   unless they appear in the list.

CONFIGURATION OPTIONS
       Refer to	the section "DOMAIN SECTIONS" of the sssd.conf(5) manual page
       for details on the configuration	of an SSSD domain.

       simple_allow_users (string)
	   Comma separated list	of users who are allowed to log	in.

       simple_deny_users (string)
	   Comma separated list	of users who are explicitly denied access.

       simple_allow_groups (string)
	   Comma separated list	of groups that are allowed to log in. This
	   applies only	to groups within this SSSD domain. Local groups	are
	   not evaluated.

       simple_deny_groups (string)
	   Comma separated list	of groups that are explicitly denied access.
	   This	applies	only to	groups within this SSSD	domain.	Local groups
	   are not evaluated.

       Specifying no values for	any of the lists is equivalent to skipping it
       entirely. Beware	of this	while generating parameters for	the simple
       provider	using automated	scripts.

       Please note that	it is an configuration error if	both,
       simple_allow_users and simple_deny_users, are defined.

EXAMPLE
       The following example assumes that SSSD is correctly configured and
       example.com is one of the domains in the	[sssd] section.	This examples
       shows only the simple access provider-specific options.

	       [domain/example.com]
	       access_provider = simple
	       simple_allow_users = user1, user2

SEE ALSO
       sssd(8),	sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5),
       sssd-ipa(5), sssd-ad(5),	sssd-sudo(5), sss_cache(8), sss_debuglevel(8),
       sss_groupadd(8),	sss_groupdel(8), sss_groupshow(8), sss_groupmod(8),
       sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8),
       sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8),
       sss_ssh_knownhostsproxy(8), sssd-ifp(5),	pam_sss(8).

AUTHORS
       The SSSD	upstream - http://fedorahosted.org/sssd

SSSD				  08/28/2020			SSSD-SIMPLE(5)

NAME | DESCRIPTION | CONFIGURATION OPTIONS | EXAMPLE | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=sssd-simple&sektion=5&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help