diff options
author | Suren A. Chilingaryan <csa@suren.me> | 2019-10-11 06:25:21 +0200 |
---|---|---|
committer | Suren A. Chilingaryan <csa@suren.me> | 2019-10-11 06:25:21 +0200 |
commit | b23e9400c36acf9856606165489e8828c2cf8dd5 (patch) | |
tree | 581468996aa8202b9121c8031ee50bf60984a816 /roles/ands_kitauth/files/sssd | |
parent | b17d3d74eb5a9e7640d94f98f6b27ce4891b3c26 (diff) | |
download | itm-b23e9400c36acf9856606165489e8828c2cf8dd5.tar.gz itm-b23e9400c36acf9856606165489e8828c2cf8dd5.tar.bz2 itm-b23e9400c36acf9856606165489e8828c2cf8dd5.tar.xz itm-b23e9400c36acf9856606165489e8828c2cf8dd5.zip |
ipa-client and fine tunning
Diffstat (limited to 'roles/ands_kitauth/files/sssd')
-rw-r--r-- | roles/ands_kitauth/files/sssd/kit.conf | 17 | ||||
-rw-r--r-- | roles/ands_kitauth/files/sssd/sssd.conf | 15 |
2 files changed, 32 insertions, 0 deletions
diff --git a/roles/ands_kitauth/files/sssd/kit.conf b/roles/ands_kitauth/files/sssd/kit.conf new file mode 100644 index 0000000..f4aee29 --- /dev/null +++ b/roles/ands_kitauth/files/sssd/kit.conf @@ -0,0 +1,17 @@ +[domain/kit.edu] +ldap_tls_reqcert = allow +ldap_id_use_start_tls = true +cache_credentials = true +auth_provider = ldap +chpass_provider = ldap +id_provider = ldap +ldap_uri = ldap://bwidm.scc.kit.edu:389/ +ldap_search_base = ou=lsdf-dis,dc=bwlsdf,dc=de +ldap_default_bind_dn = uid=fileservice-read,ou=admin,ou=lsdf-dis,dc=bwlsdf,dc=de +ldap_default_authtok_type = password +ldap_default_authtok = H7fjmJhvr58hjbv411fmjuhb +ldap_tls_cacertdir = /etc/openldap/certs +#ldap_user_home_directory = homeDirectory +override_homedir = /home/%d/%u +debug_level = 10 +debug_timestamps = true diff --git a/roles/ands_kitauth/files/sssd/sssd.conf b/roles/ands_kitauth/files/sssd/sssd.conf new file mode 100644 index 0000000..af34dba --- /dev/null +++ b/roles/ands_kitauth/files/sssd/sssd.conf @@ -0,0 +1,15 @@ +[sssd] +config_file_version = 2 +services = nss, pam +domains = kit.edu + +[nss] +filter_groups = root +filter_users = root +entry_cache_timeout = 300 +entry_cache_nowait_percentage = 75 + +[pam] +offline_credentials_expiration = 2 +offline_failed_login_attempts = 3 +offline_failed_login_delay = 5 |