Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
|
|
fix some trusted/trusting mixups, make documentation more precise
and man page more verbose.
|
|
Guenther
|
|
Fix bug #6717.
|
|
|
|
|
|
add interesting detail: lm passwords will be removed from databaѕe with
lanman auth = no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Karolin
|
|
This addresses bug #6661.
Karolin
|
|
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.
The alternative would have been something like a "krb5 conf include", but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.
Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
|
|
Igor Mammedov pointed out that reverse resolving an IP address to get
the hostname portion of a principal could open a possible attack
vector. If an attacker were to gain control of DNS, then he could
redirect the mount to a server of his choosing, and fix the reverse
resolution to point to a hostname of his choosing (one where he has
the key for the corresponding cifs/ or host/ principal).
That said, we often trust DNS for other reasons and it can be useful
to do so. Make the code that allows trusting DNS to be enabled by
adding --trust-dns to the cifs.upcall invocation.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
cifs.upcall takes a "-c" flag that tells the upcall to get a principal
in the form of "cifs/hostname.example.com@REALM" instead of
"host/hostname.example.com@REALM". This has turned out to be a source of
great confusion for users.
Instead of requiring this flag, have the upcall try to get a "cifs/"
principal first. If that fails, fall back to getting a "host/"
principal.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Jeremy.
|
|
Some recent versions of Inkscape (0.47 or around) have bug when export file name
is treated as relative against the directory of original .svg if it wasn't specified
as an absolute path. Fix it by always using absolute paths during conversion.
|
|
Thanks to OPC oota <t-oota@dh.jp.nec.com> for reporting!
Karolin
|
|
Noted by Oota Toshiya <t-oota@dh.jp.nec.com> .
Michael
|
|
|
|
|
|
|
|
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
|
|
For some users who are used to smbclient, it is not clear that
mount.cifs never uses smb.conf for configuring client specific
parameters. So, let's add this information to mount.cifs man page.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
|
|
|
|
This fixes bug #6519.
|
|
parameters
|
|
Before 3.3, an smbcontrol debug message sent to the target "smbd" would
actually be sent to all running processes including nmbd and winbindd.
This behavior was changed in 3.3 so that the "smbd" target would only
send a message to the process found in smbd.pid, while the "all" target
would send a message to all processes.
The ability to set the debug level of all processes within a single
daemon, without specifying each pid is quite useful. This was implemented
in winbindd in 065760ed. This patch does the same thing for smbd.
Upon receiving a MSG_DEBUG the parent smbd will rebroadcast it to all of
its children.
The printing process has been added to the list of smbd child processes,
and we now always track the number of smbd children regardless of the
"max smbd processes" setting.
|
|
This fixes bug #6412.
Thanks to Carsten Dumke <carsten [at] cdumke.de> for reporting!
Karolin
|
|
This is part of a fix for bug #6328.
Karolin
|
|
Guenther
|
|
Signed-off-by: Andreas Schneider <mail@cynapses.org>
|
|
Signed-off-by: Andreas Schneider <mail@cynapses.org>
|
|
Signed-off-by: Andreas Schneider <mail@cynapses.org>
|
|
Signed-off-by: Andreas Schneider <mail@cynapses.org>
|
|
Signed-off-by: Andreas Schneider <mail@cynapses.org>
|
|
users.
GUenther
|
|
Fix typos reported by OPC oota <t-oota [at] dh.jp.nec.com>.
Thanks!
Karolin
|
|
Add a new section entitled FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS
that attempts to cover information about this topic. Change the uid=
and gid= options to refer to that section. Add new varlistentries for
forceuid, forcegid and dynperm.
Also update the information about how the program behaves when installed
as a setuid binary.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
The 'ldap suffix' is not added automatically to the 'ldap admin dn'.
This fixes bug #5584.
Thanks to Stefan Bauer <stefan.bauer [at] plzk.de> for reporting!
Karolin
|
|
Karolin
|
|
Removed code and docs.
Jeremy.
|
|
This fixes bug #4341.
Thanks to Michael Cartmell <michael.cartmell [at] thomson.com> for reporting!
Karolin
|
|
Jeremy.
|
|
Karolin
|