On Fri, Jan 29, 2016 at 02:30:36PM +0100, Pavel Reichl wrote:
> Hello, please see trivial patch attached. Thanks.
> From 6d5f6b71c2d2f891470dc1c9f08ae67f5b6c02f5 Mon Sep 17 00:00:00 2001
> From: Pavel Reichl <preichl(a)redhat.com>
> Date: Fri, 29 Jan 2016 08:27:01 -0500
> Subject: [PATCH] PAM: Clarify man page for domains option
>
> Resolves:
>
https://fedorahosted.org/sssd/ticket/2946
> ---
> src/man/pam_sss.8.xml | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/src/man/pam_sss.8.xml b/src/man/pam_sss.8.xml
> index
7794d3acfdfdbde491a3e1ada44481b73588e41f..278126c14d0a574a1e120762af264ef653deb0b0 100644
> --- a/src/man/pam_sss.8.xml
> +++ b/src/man/pam_sss.8.xml
> @@ -145,9 +145,11 @@
> SSSD domain names, as specified in the sssd.conf file.
> </para>
> <para>
> - NOTE: Must be used in conjunction with the
> - <quote>pam_trusted_users</quote> and
> - <quote>pam_public_domains</quote> options.
> + NOTE: If PAM service is being run by untrusted user
> + (<quote>pam_trusted_users</quote> option)
> + then please make
> + sure that restricted domains are public
> + (<quote>pam_public_domains</quote> option).
> Please see the
> <citerefentry>
> <refentrytitle>sssd.conf</refentrytitle>
> --
> 2.4.3
>
I'm sorry, but this doesn't read any better to me. Especially I don't
understand "restricted domains are public", sounds like an oxymoron to
me.