Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
This adds only the basic outline of the PAC responder, it won't support
any operations, it will just start and initialize itself.
|
|
* These are common lines of debug output when starting
up sssd
https://bugzilla.redhat.com/show_bug.cgi?id=811113
|
|
|
|
* Allows different user/domain qualified names for different
domains. For example Domain\User or user@domain.
* The global re_expression and full_name_format options remain
as defaults for the domains.
* Subdomains get the re_expression and full_name_format of
their parent domain.
https://bugzilla.redhat.com/show_bug.cgi?id=811663
|
|
https://fedorahosted.org/sssd/ticket/1318
|
|
documentation-access_provider
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
This option will allow administrators to set a default shell to be
used if a user does not have one set in the identity provider.
https://fedorahosted.org/sssd/ticket/1289
|
|
This option is similar to override_homedir, except that it will
take effect only for users that do not have an explicit home
directory specified in LDAP.
https://fedorahosted.org/sssd/ticket/1250
|
|
New option pwd_expiration_warning is introduced which can be set per
domain and can override the value specified by the original
pam_pwd_expiration_warning.
If the value of expiration warning is set to zero, the filter isn't
apllied at all - if backend server returns the warning, it will be
automatically displayed.
Default value for Kerberos: 7 days
Default value for LDAP: don't apply the filter
Technical note: default value when creating the domain is -1. This is
important so we can distinguish between "no value set" and 0. Without
this possibility it would be impossible to set different values for LDAP
and Kerberos provider.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1203
|
|
subdomain_homedir - if set, it contains default value, can be overriden
in further processing
|
|
|
|
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1119
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1116
|
|
New sudo responder option: cache_timeout
https://fedorahosted.org/sssd/ticket/1111
|
|
https://fedorahosted.org/sssd/ticket/1016
|
|
https://fedorahosted.org/sssd/ticket/976
|
|
https://fedorahosted.org/sssd/ticket/1104
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/956
Added: --debug-microseconds=0/1
Added: debug_microseconds to sssd.conf
|
|
Adds a configure option to set the distribution default as well as
an sssd.conf option to override it.
https://fedorahosted.org/sssd/ticket/980
|
|
There may be users in LDAP that have a valid but unwelcome shell
set in their account. This adds a blacklist of shells that should
always be replaced by the fallback_shell.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
https://fedorahosted.org/sssd/ticket/742
|
|
https://fedorahosted.org/sssd/ticket/551
|
|
https://fedorahosted.org/sssd/ticket/742
|
|
|
|
Also adds an option to limit how often we check the ID provider,
so that conversations with multiple PAM requests won't update the
cache multiple times.
https://fedorahosted.org/sssd/ticket/749
|
|
|
|
Currently we display all PAM messages generated by sssd to the user. But
only some of them are important and others are just some useful
information.
This patch introduces a new option to the PAM responder which controls
what kind of messages are displayed. As an example the 'Authenticated
with cached credentials' message is used. This message is only displayed
if pam_verbosity=1 or if there is an expire date.
|
|
This is useful so that the NSS responder can identify an domain's
entry timeout for expiring the memory cache for a lookup such as
with netgroups.
|
|
When we changed the default min_id to be 1, we forgot about the local
domain. It makes sense to keep the minimum id larger there.
|