Skip to content

Commit

Permalink
man: Add local_auth_policy table
Browse files Browse the repository at this point in the history
  • Loading branch information
justin-stephenson committed May 3, 2024
1 parent 23afc3b commit 261d75b
Showing 1 changed file with 33 additions and 1 deletion.
34 changes: 33 additions & 1 deletion src/man/sssd.conf.5.xml
Original file line number Diff line number Diff line change
Expand Up @@ -3991,7 +3991,9 @@ subdomain_inherit = ldap_purge_cache_timeout
two-factor authentication (IPA), or other methods
against a central instance. By default in such cases
authentication is only performed with the methods
supported by the backend.
supported by the backend. With this option additional
methods can be enabled which are evaluated and checked
locally.
</para>
<para>
There are three possible values for this option:
Expand All @@ -4005,6 +4007,36 @@ subdomain_inherit = ldap_purge_cache_timeout
should be comma-separated, such as
<quote>enable:passkey, enable:smartcard</quote>
</para>

<para>
The following table shows which authentication
methods, if configured properly, are currently enabled
or disabled for each backend, with the default
local_auth_policy: <quote>match</quote>
</para>
<informaltable frame='all'>
<tgroup cols='3'>
<colspec colname='c1' align='center'/>
<colspec colname='c2' align='center'/>
<colspec colname='c3' align='center'/>

<thead>
<row><entry namest='c1' nameend='c3' align='center'>
local_auth_policy = match (default)</entry></row>
<row><entry></entry><entry>Passkey</entry>
<entry>Smartcard</entry></row>
</thead>
<tbody>
<row><entry>IPA</entry><entry>enabled</entry>
<entry><para>enabled</para>
</entry></row>
<row><entry>AD</entry><entry>disabled</entry>
<entry><para>enabled</para></entry>
</row>
<row><entry>LDAP</entry><entry>disabled</entry>
<entry><para>disabled</para></entry>
</row>
</tbody></tgroup></informaltable>
<para>
Please note that if local Smartcard authentication
is enabled and a Smartcard is present, Smartcard
Expand Down

0 comments on commit 261d75b

Please sign in to comment.