English
Use the Certificate Revocation List (CRL) from the given file during the verification of the certificate. The CRL must be given in PEM format, see <citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</manvolnum> </citerefentry> for details.
soft_crl
disable_netlink (boolean)
enable_files_domain (boolean)
domain_resolution_order
Individual pieces of SSSD functionality are provided by special SSSD services that are started and stopped together with SSSD. The services are managed by a special service frequently called <quote>monitor</quote>. The <quote>[sssd]</quote> section is used to configure the monitor as well as some other important options like the identity domains. <placeholder type="variablelist" id="0"/>
Settings that can be used to configure different services are described in this section. They should reside in the [<replaceable>$NAME</replaceable>] section, for example, for NSS service, the section would be <quote>[nss]</quote>
fd_limit
This option specifies the maximum number of file descriptors that may be opened at one time by this SSSD process. On systems where SSSD is granted the CAP_SYS_RESOURCE capability, this will be an absolute setting. On systems without this capability, the resulting value will be the lower value of this or the limits.conf "hard" limit.
client_idle_timeout
new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0...offline_timeout_random_offset]
[0 - offline_timeout_random_offset]
responder_idle_timeout
cache_first
How many seconds should nss_sss cache enumerations (requests for info about all users)
Valid values for this option are 0-99 and represent a percentage of the entry_cache_timeout for each domain. For performance reasons, this percentage will never reduce the nowait timeout to less than 10 seconds. (0 disables this feature)
filter_users_in_groups (bool)
fallback_homedir = /home/%u
Default: <quote>*</quote>
Default: <quote>not set</quote> (remote domains), <quote>x</quote> (the files domain), <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils target)