To list all available commands run <command>sssctl</command> without any parameters. To print help for selected command run <command>sssctl COMMAND --help</command>.
try_inotify (boolean)
unlike the kernel keyring-based cache, which is shared between all containers, the KCM server is a separate process whose entry point is a UNIX socket
use_fully_qualified_names (bool)
user_attributes = +telephoneNumber, -loginShell
Use the Certificate Revocation List (CRL) from the given file during the verification of the certificate. The CRL must be given in PEM format, see <citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</manvolnum> </citerefentry> for details.
Valid values for this option are 0-99 and represent a percentage of the entry_cache_timeout for each domain. For performance reasons, this percentage will never reduce the nowait timeout to less than 10 seconds. (0 disables this feature)
When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema attribute mapping (nisMap, nisObject, ...) is used, because these attributes are included in the default Active Directory schema.
When using KEYRING types, the only supported mechanism is <quote>KEYRING:persistent:%U</quote>, which uses the Linux kernel keyring to store credentials on a per-UID basis. This is also the recommended choice, as it is the most secure and predictable method.
where original_name is original name of the user whose attributes should be overridden. The rest of fields correspond to new values. You can omit a value simply by leaving corresponding field empty.
Whether or not to hash host names and addresses in the managed known_hosts file.
With this parameter the PAM certificate verification can be tuned with a comma separated list of options that override the <quote>certificate_verification</quote> value in <quote>[sssd]</quote> section. Supported options are the same of <quote>certificate_verification</quote>.
World Authority