Age | Commit message (Collapse) | Author | Files | Lines |
|
If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.
|
|
This adds two new options:
ipa_dyndns_update: Boolean value to select whether this client
should automatically update its IP address in FreeIPA DNS.
ipa_dyndns_iface: Choose an interface manually to use for
updating dynamic DNS. Default is to use the interface associated
with the LDAP connection to FreeIPA.
This patch supports A and AAAA records. It relies on the presence
of the nsupdate tool from the bind-utils package to perform the
actual update step. The location of this utility is set at build
time, but its availability is determined at runtime (so clients
that do not require dynamic update capability do not need to meet
this dependency).
|
|
This reverts commit 973b7c27c0b294b8b2f120296f64c6a3a36e44b7.
While this patch applied cleanly, it was uncompilable. Reverting
until it can be properly merged.
|
|
This adds two new options:
ipa_dyndns_update: Boolean value to select whether this client
should automatically update its IP address in FreeIPA DNS.
ipa_dyndns_iface: Choose an interface manually to use for
updating dynamic DNS. Default is to use the interface associated
with the LDAP connection to FreeIPA.
This patch supports A and AAAA records. It relies on the presence
of the nsupdate tool from the bind-utils package to perform the
actual update step. The location of this utility is set at build
time, but its availability is determined at runtime (so clients
that do not require dynamic update capability do not need to meet
this dependency).
|
|
Due to the way RPM processes the %configure macro, these variables
were not actually being passed down to recursive configure
invocations. In other words, they were useless.
Futhermore, in more recent Fedora versions (13+), some of the
dependencies have moved from -lnss to -lnspr4. As a result, it is
safer to rely on the complete output of 'pkg-config nss --libs'
instead of restricting to -lnss. The downside to this is that it
may result in linking unnecessarily against other NSS components
such as libsmime3 and libplc4 (among others). However, since these
are already dependencies of libnss itself, there should be no risk
of them being unavailable on the platform when installed.
|
|
|
|
Package refarray documentation by default
|
|
Adds a new option -Z to sss_useradd and sss_usermod. This option allows
user to specify the SELinux login context for the user. On deleting the
user with sss_userdel, the login mapping is deleted, so subsequent
adding of the same user would result in the default login context unless
-Z is specified again.
MLS security is not supported as of this patch.
|
|
Packages /etc/rwtab.d/sssd file that allows SSSD to run on a read-only
root filesystem.
Fixes: #428
|
|
|
|
|
|
Since we don't keep the changelog up to date, it makes more sense
to simply truncate it to always report that it is an automated
build.
|
|
This patch brings our spec file into compliance with Fedora python
requirements.
See http://fedoraproject.org/wiki/Packaging/Python#Macros for more
details
|
|
|
|
This is needed to create the collection documentation
|
|
|
|
|
|
|
|
The Fedora Package Guidelines forbid the use of rpaths
|
|
Merging ba8937d83675c7d69808d1d3df8f823afdc5ce2a left the COPYING
and COPYING.LESSER files in the now-defunct sss_client directory.
This patch moves them into the right location and fixes the spec
file to look for them correctly.
|
|
|
|
Also update BUILD.txt
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Right now, the pkg-config checks for the system version of
libdhash are forcibly disabled, requiring the SSSD to build it
from its own tree. In the future, when we split the libraries off
from the SSSD, it will be easy to switch this check to the
external library.
|
|
This patch adds a utility called sss_groupshow that allows user to
print properties of a group in the local domain.
Fixes: #306
|
|
|
|
We were actually listing files that are on the system, not those that we
created in the $RPM_BUILD_ROOT. Also, by doing an echo with the regular
expression, we put more than one file on one line. Rpmbuild doesn't like
that and will not generate the rpms.
|
|
|
|
|
|
|
|
Then name or IP adress of the KDC is written into the pubconf directory
into a file named kdcinfo.REALM. The locator plugin will then read this
file and pass the data to the kerberos libraries.
|
|
|
|
|
|
This is needed by LDAP GSSAPI binds.
|
|
Older versions of rpmbuild do not accept multiple '-f' options
being specified, so we'll add the krb5_locator_plugin.so to the
sss_daemon.lang filelist instead of putting it in its own file.
|
|
First step generate ldap options from ipa options.
Add sssd-ipa man page too.
|
|
- Run ldconfig in sssd-client post and postun
- Version libnss_sss.so as libnss_sss.so.2 (to set the correct
SONAME)
|
|
|
|
|
|
|
|
|
|
|
|
SSSD may contain passwords and other sensitive data, make sure we always keep its
permission tight. Also make /etc/sssd permission very strict, just in case,
admins may inadvertently copy an sssd.conf file without checking it's
permissions.
|