Age | Commit message (Collapse) | Author | Files | Lines |
|
The config_file_version should never be changed by the API, so we
will hide the option inside the SSSDConfig API and remove it from
the schema.
Guarantee that the config file is of the correct version
|
|
Do not replicate every and each option we may want to set in ipa.
Just read out ldap and krb provider options (added reference in the manual too,
and removed mention of ipa specific timeout values, use ldap options for that)
Avoid calling auth module initialization twice, just pass the auth context to
the chpass module too.
Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be
used for both users and groups. the user and group search bases can still be set
separately if necessary but they are now optional and set to be identical to
SDAP_SEARCH_BASE if not explicitly specified in the configuration.
|
|
Changeset 3a21103f61bf9b60256cc2d0da54b757b634319f moved the wrong
option to the domain list, and also didn't update the unit tests.
|
|
The providers are now responsible for determining how long a cached
entry is considered valid. The default is the same as before (600s)
|
|
|
|
This adds a new option (offline_credentials_expiration) to the
[PAM] section of the sssd.conf
If the user does not perform an online authentication within the
timeout (in days), they will be denied auth once the timeout
passes.
|
|
|
|
|
|
|
|
Also adds unit tests for the SSSDConfig API
|