1SSSD-IFP(5)              File Formats and Conventions              SSSD-IFP(5)
2
3
4

NAME

6       sssd-ifp - SSSD InfoPipe responder
7

DESCRIPTION

9       This manual page describes the configuration of the InfoPipe responder
10       for sssd(8). For a detailed syntax reference, refer to the “FILE
11       FORMAT” section of the sssd.conf(5) manual page.
12
13       The InfoPipe responder provides a public D-Bus interface accessible
14       over the system bus. The interface allows the user to query information
15       about remote users and groups over the system bus.
16
17   FIND BY VALID CERTIFICATE
18       The following options can be used to control how the certificates are
19       validated when using the FindByValidCertificate() API:
20
21       •   ca_db
22
23       •   p11_child_timeout
24
25       •   certificate_verification
26
27       For more details about the options see sssd.conf(5).
28

CONFIGURATION OPTIONS

30       These options can be used to configure the InfoPipe responder.
31
32       allowed_uids (string)
33           Specifies the comma-separated list of UID values or user names that
34           are allowed to access the InfoPipe responder. User names are
35           resolved to UIDs at startup.
36
37           Default: 0 (only the root user is allowed to access the InfoPipe
38           responder)
39
40           Please note that although the UID 0 is used as the default it will
41           be overwritten with this option. If you still want to allow the
42           root user to access the InfoPipe responder, which would be the
43           typical case, you have to add 0 to the list of allowed UIDs as
44           well.
45
46       user_attributes (string)
47           Specifies the comma-separated list of white or blacklisted
48           attributes.
49
50           By default, the InfoPipe responder only allows the default set of
51           POSIX attributes to be requested. This set is the same as returned
52           by getpwnam(3) and includes:
53
54           name
55               user's login name
56
57           uidNumber
58               user ID
59
60           gidNumber
61               primary group ID
62
63           gecos
64               user information, typically full name
65
66           homeDirectory
67               home directory
68
69           loginShell
70               user shell
71
72           It is possible to add another attribute to this set by using
73           “+attr_name” or explicitly remove an attribute using “-attr_name”.
74           For example, to allow “telephoneNumber” but deny “loginShell”, you
75           would use the following configuration:
76
77               user_attributes = +telephoneNumber, -loginShell
78
79
80           Default: not set. Only the default set of POSIX attributes is
81           allowed.
82
83       wildcard_limit (integer)
84           Specifies an upper limit on the number of entries that are
85           downloaded during a wildcard lookup that overrides caller-supplied
86           limit.
87
88           Default: 0 (let the caller set an upper limit)
89

SEE ALSO

91       sssd(8), sssd.conf(5), sssd-ldap(5), sssd-ldap-attributes(5), sssd-
92       krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-
93       sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8),
94       sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8),
95       sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5),
96       pam_sss(8).  sss_rpcidmapd(5) sssd-systemtap(5)
97

AUTHORS

99       The SSSD upstream - https://github.com/SSSD/sssd/
100
101
102
103SSSD                              11/15/2023                       SSSD-IFP(5)
Impressum