sssd 2.6.1
Enumerations
SSS client commands

Enumerations

enum  sss_cli_command {
}
 The allowed commands an SSS client can send to the SSSD. More...
 

Detailed Description

Enumeration Type Documentation

◆ sss_cli_command

The allowed commands an SSS client can send to the SSSD.

Enumerator
SSS_PAM_AUTHENTICATE 

see pam_sm_authenticate(3) for details.

Additionally we allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during authentication if the authentication was successful but the authentication token is expired. To meet the standards of libpam we return PAM_SUCCESS for authentication and set a flag so that the account management module can return PAM_NEW_AUTHTOK_REQD if sssd return success for account management. We do this to reduce the communication with external servers, because there are cases, e.g. Kerberos authentication, where the information that the password is expired is already available during authentication.

SSS_PAM_SETCRED 

see pam_sm_setcred(3) for details

SSS_PAM_ACCT_MGMT 

see pam_sm_acct_mgmt(3) for details

SSS_PAM_OPEN_SESSION 

see pam_sm_open_session(3) for details

SSS_PAM_CLOSE_SESSION 

see pam_sm_close_session(3) for details

SSS_PAM_CHAUTHTOK 

second run of the password change operation where the PAM_UPDATE_AUTHTOK flag is set and the real change may happen, see pam_sm_chauthtok(3) for details

SSS_PAM_CHAUTHTOK_PRELIM 

first run of the password change operation where the PAM_PRELIM_CHECK flag is set, see pam_sm_chauthtok(3) for details

SSS_CMD_RENEW 

Renew a credential with a limited lifetime, e.g.

a Kerberos Ticket Granting Ticket (TGT)

SSS_PAM_PREAUTH 

Request which can be run before an authentication request to find out which authentication methods are available for the given user.

SSS_GSSAPI_INIT 

Initialize GSSAPI authentication.

SSS_GSSAPI_SEC_CTX 

Establish GSSAPI security ctx.

SSS_NSS_GETSIDBYNAME 

Takes a zero terminated fully qualified name and returns the zero terminated string representation of the SID of the object with the given name.

SSS_NSS_GETSIDBYID 

Takes an unsigned 32bit integer (POSIX ID) and returns the zero terminated string representation of the SID of the object with the given ID.

SSS_NSS_GETNAMEBYSID 

Takes the zero terminated string representation of a SID and returns the zero terminated fully qualified name of the related object.

SSS_NSS_GETIDBYSID 

Takes the zero terminated string representation of a SID and returns and returns the POSIX ID of the related object as unsigned 32bit integer value and another unsigned 32bit integer value indicating the type (unknown, user, group, both) of the object.

SSS_NSS_GETORIGBYNAME 

Takes a zero terminated fully qualified name and returns a list of zero terminated strings with key-value pairs where the first string is the key and second the value.

Hence the list should have an even number of strings, if not the whole list is invalid.

SSS_NSS_GETNAMEBYCERT 

Takes the zero terminated string of the base64 encoded DER representation of a X509 certificate and returns the zero terminated fully qualified name of the related object.

SSS_NSS_GETLISTBYCERT 

Takes the zero terminated string of the base64 encoded DER representation of a X509 certificate and returns a list of zero terminated fully qualified names of the related objects.

SSS_NSS_GETSIDBYUID 

Takes an unsigned 32bit integer (POSIX UID) and return the zero terminated string representation of the SID of the object with the given UID.

SSS_NSS_GETSIDBYGID 

Takes an unsigned 32bit integer (POSIX GID) and return the zero terminated string representation of the SID of the object with the given UID.

SSS_NSS_GET_SUBID_RANGES 

Requests both subuid and subgid ranges defined for a user.