| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Then name or IP adress of the KDC is written into the pubconf directory
into a file named kdcinfo.REALM. The locator plugin will then read this
file and pass the data to the kerberos libraries.
|
|
- save current ccache file to sysdb
- use the saved ccache file if the user has running processes
- create an empty ccache if offline
- return enviroment variables if offline
|
|
|
|
Currently the Kerberos child handler evaluates the siginfo_t structure
to wait for a specific child. This scheme is prone to error, especially
when there are more than one child process active, and can produce
missleading debug message. This patch simplifies the scheme as it waits
for any child.
|
|
When possible using a macro that correctly deals with tstate
|
|
|
|
Put all init functions in their own file so that the other files can be
reused in other providers w/o having them in the way.
|
|
|
|
|
|
- when the kerberos provider was used as a chpass_provider but
not as auth_provider the backend died
|
|
|
|
|
|
This converts a great many configuration options to the new
standard format.
|
|
- make the build of the locator plugin optional
- added a man page for the locator plugin
- use krb5.h if krb5/krb5.h cannot be found
- added alternatives for missing functions
- set -DDBUS_API_SUBJECT_TO_CHANGE if libdbus version
is lesser than 1.0.0
|
|
This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d.
Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made
use of the SYSLOG_ERROR() macro, so those portions of that code
also needed to be reverted.
|
|
This is just a band-aid until ELAPI is fully functional and ready to
use.
|
|
|
|
The configuration options krb5ccache_dir and krb5ccname_template
are added to the Kerberos provider to create the user's credential
caches the same way as pam_krb5 does. Due to the design of the sssd
and the supported ccache types of MIT Kerberos only files are
allowed.
|
|
Add helpers functions to query/set the offline status per backend.
Now all providers share the same offline status.
|
|
|
|
|
|
Currently the kerberos locator plugin needs these two variables to
be set to find a KDC which is configured in sssd but not in
/etc/krb5.conf.
|
|
- making the realm part upper case is now optional and done in the
LDAP backend
- using a username@realm UPN is now optional
|
|
If a user principle name (upn) can be found in sysdb the krb5
backend will use this otherwise is build as username@realm. It is
checked that the realm is upper case only.
|
|
Previously, we had hardcoded the paths for the NSS, PAM and
private PAM sockets to /var/lib/sss/pipes. With this patch, we
will specify the sockets with --with-pipe-path.
|
|
|
|
|
|
|
|
|
|
|
