Age | Commit message (Collapse) | Author | Files | Lines |
|
Previously, every DP client was allowed to set its own "retries"
option. This option was ambiguous, and useless. All DP clients
will now use a global option set in the services config called
"reconnection_retries"
|
|
Also remove the [services/infopipe] section, since we're not
shipping InfoPipe yet, and that would be confusing.
|
|
|
|
Implement credentials caching in pam responder.
Currently works only for the proxy backend.
Also cleanup pam responder code and mode common code in data provider.
(the data provider should never include responder private headers)
|
|
The SSSD now links with the ini_config and collection libraries
in the common directory.
The monitor will track changes to the /etc/sssd/sssd.conf file
using inotify on platforms that support it, or polled every 5
seconds on platforms that do not.
At startup or modification of the conf file, the monitor will
purge the existing confdb and reread it completely from the conf
file, to ensure that there are no lingering entries. It does this
in a transaction, so there should be no race condition with the
client services.
A new option has been added to the startup options for the SSSD.
It is now possible to specify an alternate config file with the
-c <file> at the command line.
|
|
To be able to correctly filter out duplicate names when multiple non-fully
qualified domains are in use we need to be able to specify the domains order.
This is now accomplished by the configuration paramets 'domains' in the
config/domains entry. 'domains' is a comma separated list of domain names.
This paramter allows also to have disbaled domains in the configuration without
requiring to completely delete them.
The domains list is now kept in a linked list of sss_domain_info objects.
The first domain is also the "default" domain.
|
|
The same module may implement both types, but initializatrion will be
nonetheless performed separately, once for the identity module and once for the
authenticator module.
Also change the proxy module to retireve the pam target name from the domain
configuration so that it is possibile to create per-domain pam stacks.
With this modification it is actually possibile to use normal nss and pam
modules to perform a successful authentication (tested only with sudo so far)
Update exmples.
|
|
set default value of enumerate in LOCAL domain to 1
added checks to talloc_asprintf return values
fixed InfoPipe defaults
|
|
Also updating the .gitignore file to not ignore config.ldif
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|
|
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|
|
|
|
throw away databases
Check version and init main db if empty
|
|
|
|
Enable memberof by default in the default db example
|
|
rename everything with the sysdb suffix.
|
|
It makes no sense to have internal attribute names user configurable,
remove that option and use macros internally.
Also now always pass the domain name to all nss_ldb_* calls.
|
|
libnss library through config directives on the domain object
|
|
It is a bit inconsistent with the existing EXAMPLE, will fix later
|
|
using the same binary to fork off all services.
|
|
|
|
|
|
Changed the "section" feature of confdb.c to use '/'
as a delimiter instead of '.', because this conflicted
with the ability to use dots in domain names.
|
|
|
|
Monitor each service and restart it conditionally if it fails.
These monitoring is extremely simple at this moment and just uses
waitpid() to check if the client is alive, there is no active
probing, that will require dbus.
Make nsssrv.c read the sss pipe config option for the config db.
|
|
|