1SSSD-SESSION-RECOR(5)    File Formats and Conventions    SSSD-SESSION-RECOR(5)
2
3
4

NAME

6       sssd-session-recording - Configuring session recording with SSSD
7

DESCRIPTION

9       This manual page describes how to configure sssd(8) to work with tlog-
10       rec-session(8), a part of tlog package, to implement user session
11       recording on text terminals. For a detailed configuration syntax
12       reference, refer to the “FILE FORMAT” section of the sssd.conf(5)
13       manual page.
14
15       SSSD can be set up to enable recording of everything specific users see
16       or type during their sessions on text terminals. E.g. when users log in
17       on the console, or via SSH. SSSD itself doesn't record anything, but
18       makes sure tlog-rec-session is started upon user login, so it can
19       record according to its configuration.
20
21       For users with session recording enabled, SSSD replaces the user shell
22       with tlog-rec-session in NSS responses, and adds a variable specifying
23       the original shell to the user environment, upon PAM session setup.
24       This way tlog-rec-session can be started in place of the user shell,
25       and know which actual shell to start, once it set up the recording.
26

CONFIGURATION OPTIONS

28       These options can be used to configure the session recording.
29
30       scope (string)
31           One of the following strings specifying the scope of session
32           recording:
33
34           "none"
35               No users are recorded.
36
37           "some"
38               Users/groups specified by users and groups options are
39               recorded.
40
41           "all"
42               All users are recorded.
43
44           Default: "none"
45
46       users (string)
47           A comma-separated list of users which should have session recording
48           enabled. Matches user names as returned by NSS. I.e. after the
49           possible space replacement, case changes, etc.
50
51           Default: Empty. Matches no users.
52
53       groups (string)
54           A comma-separated list of groups, members of which should have
55           session recording enabled. Matches group names as returned by NSS.
56           I.e. after the possible space replacement, case changes, etc.
57
58           NOTE: using this option (having it set to anything) has a
59           considerable performance cost, because each uncached request for a
60           user requires retrieving and matching the groups the user is member
61           of.
62
63           Default: Empty. Matches no groups.
64
65       exclude_users (string)
66           A comma-separated list of users to be excluded from recording, only
67           applicable with 'scope=all'.
68
69           Default: Empty. No users excluded.
70
71       exclude_groups (string)
72           A comma-separated list of groups, members of which should be
73           excluded from recording. Only applicable with 'scope=all'.
74
75           NOTE: using this option (having it set to anything) has a
76           considerable performance cost, because each uncached request for a
77           user requires retrieving and matching the groups the user is member
78           of.
79
80           Default: Empty. No groups excluded.
81

EXAMPLE

83       The following snippet of sssd.conf enables session recording for users
84       "contractor1" and "contractor2", and group "students".
85
86           [session_recording]
87           scope = some
88           users = contractor1, contractor2
89           groups = students
90
91

SEE ALSO

93       sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5),
94       sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-
95       recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8),
96       sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8),
97       sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8).  sss_rpcidmapd(5)
98       sssd-systemtap(5)
99

AUTHORS

101       The SSSD upstream - https://github.com/SSSD/sssd/
102
103
104
105SSSD                              07/04/2022             SSSD-SESSION-RECOR(5)
Impressum