1SSSD-IFP(5) File Formats and Conventions SSSD-IFP(5)
2
3
4
6 sssd-ifp - SSSD InfoPipe responder
7
9 This manual page describes the configuration of the InfoPipe responder
10 for sssd(8). For a detailed syntax reference, refer to the “FILE
11 FORMAT” section of the sssd.conf(5) manual page.
12
13 The InfoPipe responder provides a public D-Bus interface accessible
14 over the system bus. The interface allows the user to query information
15 about remote users and groups over the system bus.
16
17 FIND BY VALID CERTIFICATE
18 The following options can be used to control how the certificates are
19 validated when using the FindByValidCertificate() API:
20
21 • ca_db
22
23 • p11_child_timeout
24
25 • certificate_verification
26
27 For more details about the options see sssd.conf(5).
28
30 These options can be used to configure the InfoPipe responder.
31
32 allowed_uids (string)
33 Specifies the comma-separated list of UID values or user names that
34 are allowed to access the InfoPipe responder. User names are
35 resolved to UIDs at startup.
36
37 Default: 0 (only the root user is allowed to access the InfoPipe
38 responder)
39
40 Please note that although the UID 0 is used as the default it will
41 be overwritten with this option. If you still want to allow the
42 root user to access the InfoPipe responder, which would be the
43 typical case, you have to add 0 to the list of allowed UIDs as
44 well.
45
46 user_attributes (string)
47 Specifies the comma-separated list of white or blacklisted
48 attributes.
49
50 By default, the InfoPipe responder only allows the default set of
51 POSIX attributes to be requested. This set is the same as returned
52 by getpwnam(3) and includes:
53
54 name
55 user's login name
56
57 uidNumber
58 user ID
59
60 gidNumber
61 primary group ID
62
63 gecos
64 user information, typically full name
65
66 homeDirectory
67 home directory
68
69 loginShell
70 user shell
71
72 It is possible to add another attribute to this set by using
73 “+attr_name” or explicitly remove an attribute using “-attr_name”.
74 For example, to allow “telephoneNumber” but deny “loginShell”, you
75 would use the following configuration:
76
77 user_attributes = +telephoneNumber, -loginShell
78
79
80 Default: not set. Only the default set of POSIX attributes is
81 allowed.
82
83 wildcard_limit (integer)
84 Specifies an upper limit on the number of entries that are
85 downloaded during a wildcard lookup that overrides caller-supplied
86 limit.
87
88 Default: 0 (let the caller set an upper limit)
89
91 sssd(8), sssd.conf(5), sssd-ldap(5), sssd-ldap-attributes(5), sssd-
92 krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-
93 sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8),
94 sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8),
95 sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5),
96 pam_sss(8). sss_rpcidmapd(5) sssd-systemtap(5)
97
99 The SSSD upstream - https://github.com/SSSD/sssd/
100
101
102
103SSSD 11/15/2023 SSSD-IFP(5)