realmd | ||||
---|---|---|---|---|
Top | Description | Properties |
Deconfigure (IN a{sv} options);ChangeLoginPolicy (IN s login_policy, IN as permitted_add, IN as permitted_remove, IN a{sv} options);
Name readable sConfigured readable sSupportedInterfaces readable asDetails readable a(ss)RequiredPackages readable asLoginFormats readable asLoginPolicy readable sPermittedLogins readable asPermittedGroups readable as
Represents one realm.
Contains generic information about a realm, and useful properties for introspecting what kind of realm this is and how to work with the realm.
Use
Realms will always implement additional interfaces, such as
Different realms support various ways to configure them on the
system. Use the
To configure a realm, look in the
To deconfigure a realm from the current system, you can use the
#
The various properties are guaranteed to have been updated before the operation methods return, if they change state.
Deconfigure (IN a{sv} options);
deconfigure this realm
Deconfigure this realm from the local machine with standard default behavior.
The behavior of this method depends on the which configuration
interface is present in the
Various configuration interfaces may support more specific ways
to deconfigure a realm in a specific way, such as the
#
options
can contain, but is not limited to, the following values:
operation
: a string
identifier chosen by the client, which can then later be
passed to
This method requires authorization for the PolicyKit action
called org.freedesktop.realmd.deconfigure-realm
.
In addition to common DBus error results, this method may return:
org.freedesktop.realmd.Error.Failed
:
may be returned if the deconfigure failed for a generic reason.
org.freedesktop.realmd.Error.Cancelled
:
returned if the operation was cancelled.
org.freedesktop.realmd.Error.NotAuthorized
:
returned if the calling client is not permitted to deconfigure a
realm.
org.freedesktop.realmd.Error.NotConfigured
:
returned if this realm is not configured on the machine.
org.freedesktop.realmd.Error.Busy
:
returned if the service is currently performing another operation like
join or leave.
|
ChangeLoginPolicy (IN s login_policy, IN as permitted_add, IN as permitted_remove, IN a{sv} options);
Change the login policy and/or permitted logins for this realm.
Not all realms support all the various login policies. An
error will be returned if the new login policy is not supported.
You may specify an empty string for the login_policy
argument
which will cause no change in the policy itself. If the policy
is changed, it will be reflected in the
The permitted_add
and permitted_remove
arguments represent
lists of login names that should be added and removed from
the
options
can contain, but is not limited to, the following values:
operation
: a string
identifier chosen by the client, which can then later be
passed to
groups
: boolean which if
set to TRUE
means that the names in
permitted_add
and permitted_remove
are group names instead
of login names.
This method requires authorization for the PolicyKit action
called org.freedesktop.realmd.login-policy
.
In addition to common DBus error results, this method may return:
org.freedesktop.realmd.Error.Failed
:
may be returned if the policy change failed for a generic reason.
org.freedesktop.realmd.Error.Cancelled
:
returned if the operation was cancelled.
org.freedesktop.realmd.Error.NotAuthorized
:
returned if the calling client is not permitted to change login policy
operation.
org.freedesktop.realmd.Error.NotConfigured
:
returned if the realm is not configured.
org.freedesktop.realmd.Error.Busy
:
returned if the service is currently performing another operation like
join or leave.
|
the new login policy, or an empty string |
|
a list of logins to permit |
|
a list of logins to not permit |
|
options for this operation |
Name readable s
the realm name
This is the name of the realm, appropriate for display to end users where necessary.
Configured readable s
whether this domain is configured and how
If this property is an empty string, then the realm is not
configured. Otherwise the realm is configured, and contains
a string which is the interface that represents how it was
configured, for example
SupportedInterfaces readable as
Additional supported interfaces of this realm. This includes
interfaces that contain more information about the realm,
such as
Details readable a(ss)
informational details about the realm
Informational details about the realm. The following values should be present:
server-software
:
identifier of the software running on the server (e.g.
active-directory
).
client-software
:
identifier of the software running on the client (e.g.
sssd
).
RequiredPackages readable as
prerequisite software
Software packages that are required in order for a join to
succeed. These are either simple strings like sssd
,
or strings with an operator and version number like
sssd >= 1.9.0
These values are specific to the packaging system that is being run.
LoginFormats readable as
supported formats for login names
Supported formats for login to this realm. This is only
relevant once the realm has been enrolled. The formats
will contain a
in the string, which
indicate where the user name should be placed. The formats
may contain a U
in the string which
indicate where a domain name should be placed.
D
The first format in the list is the preferred format for login names.
LoginPolicy readable s
the policy for logins using this realm
The policy for logging into this computer using this realm.
The policy can be changed using the
#
The following policies are predefined. Not all providers support all these policies and there may be provider specific policies or multiple policies represented in the string:
allow-any-login
: allow
login by any authenticated user present in this
realm.
allow-realm-logins
: allow
logins according to the realm or domain policy for logins
on this machine. This usually defaults to allowing any realm
user to log in.
allow-permitted-logins
:
only allow the logins permitted in the
deny-any-login
:
don't allow any logins via authenticated users of this
realm.
PermittedLogins readable as
the permitted login names
The list of permitted authenticated users allowed to login
into this computer. This is only relevant if the
allow-permitted-logins
string.