summaryrefslogtreecommitdiff
path: root/src/config/SSSDConfig.py
AgeCommit message (Collapse)AuthorFilesLines
2012-02-06Add session target in data providerJan Zeleny1-0/+1
2012-02-05AUTOFS: LDAP providerJakub Hrozek1-0/+8
2012-02-05AUTOFS: responderJakub Hrozek1-0/+4
2012-02-05AUTOFS: Data Provider requestJakub Hrozek1-0/+1
2012-02-04ConfigAPI: add sudo to known servicesJakub Hrozek1-0/+5
https://fedorahosted.org/sssd/ticket/1144 Squashed patch from Jan Zeleny: Add SUDO provider to the list of available providers in SSSDConfig.py
2012-02-04NSS: Add individual timeouts for entry typesStephen Gallagher1-0/+4
https://fedorahosted.org/sssd/ticket/1016
2012-01-31LDAP: Add new options for service mapsStephen Gallagher1-0/+7
Adds the new service map options to the SSSDConfig API and the manpages.
2012-01-30SSSDConfigAPI: Move sssd.api.* to /usr/share/sssdStephen Gallagher1-4/+4
https://fedorahosted.org/sssd/ticket/1158
2012-01-18LDAP: Add option to disable paging controlStephen Gallagher1-0/+2
Fixes https://fedorahosted.org/sssd/ticket/967
2012-01-17SUDO Integration - periodical update of rules in data providerPavel Březina1-0/+2
https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
2012-01-17SUDO Integration review issuesPavel Březina1-0/+14
2011-12-16Use the case sensitivity flag in respondersJakub Hrozek1-0/+1
2011-12-12Add sdap_connection_expire_timeout optionStephen Gallagher1-0/+2
https://fedorahosted.org/sssd/ticket/1036
2011-12-08Add ldap_sasl_minssf optionJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/1075
2011-11-29Add ipa_hbac_support_srchost option to IPA providerJan Zeleny1-0/+1
don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078
2011-11-10configAPI: Fix removing in old domain when saving a new domainJakub Hrozek1-2/+2
2011-11-02Add support to request canonicalization on krb AS requestsJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/957
2011-10-31Added krb5_fast_principal to SSSDConfig APIJan Zeleny1-0/+1
2011-10-25SSSDConfig: Handle integer parsing more lenientlyStephen Gallagher1-0/+3
Allow the base to be auto-detected rather than limited to base 10 Add hexadecimal integer test
2011-09-08DEBUG timestamps offer higher precision - SSSDConfig updatedPavel Březina1-0/+1
https://fedorahosted.org/sssd/ticket/956
2011-09-02Add option to specify the kerberos replay cache dirStephen Gallagher1-0/+1
Adds a configure option to set the distribution default as well as an sssd.conf option to override it. https://fedorahosted.org/sssd/ticket/980
2011-08-26Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/978
2011-07-29Add vetoed_shells optionJohn Hodrien1-0/+1
There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2011-07-08Add LDAP access control based on NDS attributesSumit Bose1-0/+3
2011-07-08Add ipa_hbac_treat_deny_as optionStephen Gallagher1-0/+1
By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
2011-07-08Add ipa_hbac_refresh optionStephen Gallagher1-0/+1
This option describes the time between refreshes of the HBAC rules on the IPA server.
2011-05-20Use dereference when processing RFC2307bis nested groupsJakub Hrozek1-0/+1
Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
2011-05-20Add new options to override shell valueJakub Hrozek1-0/+2
https://fedorahosted.org/sssd/ticket/742
2011-05-20Add a new option to override home directory valueJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/551
2011-05-20Add a new option to override primary GID numberJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/742
2011-04-27Add ldap_page_size configuration optionStephen Gallagher1-0/+1
2011-04-25Modify principal selection for keytab authenticationJan Zeleny1-0/+1
Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-25Configuration parsing updatesJan Zeleny1-14/+11
These changes are all related to following ticket: https://fedorahosted.org/sssd/ticket/763 Changes in SSSDConfig.py merge old and new domain record instead of just deleting the old and inserting the new one. The old approach let to loss of some information like comments and blank lines in the config file. Changes in API config were performed so our Python scripts (like sss_obfuscate) don't add extra config options to the config file.
2011-03-24Add host access control supportPierre Ossman1-0/+1
https://fedorahosted.org/sssd/ticket/746
2011-01-20Add ldap_tls_{cert,key,cipher_suite} config optionsTyson Whitehead1-0/+3
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2011-01-19Add pam_pwd_expiration_warning config optionSumit Bose1-0/+1
2011-01-19Add ipa_hbac_search_base config optionSumit Bose1-0/+1
2011-01-19Add LDAP expire policy base RHDS/IPA attributeSumit Bose1-0/+1
The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
2011-01-19Add LDAP expire policy based on AD attributesSumit Bose1-0/+2
The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
2011-01-17Add ldap_search_enumeration_timeout config optionSumit Bose1-0/+1
2010-12-22Update the ID cache for any PAM requestStephen Gallagher1-0/+1
Also adds an option to limit how often we check the ID provider, so that conversations with multiple PAM requests won't update the cache multiple times. https://fedorahosted.org/sssd/ticket/749
2010-12-21Add authorizedService supportStephen Gallagher1-0/+1
https://fedorahosted.org/sssd/ticket/670
2010-12-21Update config API filesSumit Bose1-5/+40
Over the time a couple of new config options didn't made it into the config API files. This patch updates the files and removes some duplications.
2010-12-07Add support for FAST in krb5 providerSumit Bose1-0/+1
2010-12-06Add ldap_chpass_uri config optionSumit Bose1-0/+4
2010-12-06Add new account expired rule to LDAP access providerSumit Bose1-0/+2
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
2010-12-03Add support for automatic Kerberos ticket renewalSumit Bose1-0/+1
2010-12-03Add krb5_lifetime optionSumit Bose1-0/+1
2010-12-03Add krb5_renewable_lifetime optionSumit Bose1-0/+1
2010-11-15Introduce pam_verbosity config optionSumit Bose1-0/+1
Currently we display all PAM messages generated by sssd to the user. But only some of them are important and others are just some useful information. This patch introduces a new option to the PAM responder which controls what kind of messages are displayed. As an example the 'Authenticated with cached credentials' message is used. This message is only displayed if pam_verbosity=1 or if there is an expire date.
generated by cgit (git 2.34.1) at 2024-11-18 10:19:05 +0000