Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2012-07-20 | NSS: Add override_shell option | Stephen Gallagher | 3 | -0/+5 | |
If override_shell is specified in the [nss] section, all users managed by SSSD will have their shell set to this value. If it is specified in the [domain/DOMAINNAME] section, it will apply to only that domain (and override the [nss] value, if any). https://fedorahosted.org/sssd/ticket/1087 | |||||
2012-07-10 | pac responder: limit access by checking UIDs | Sumit Bose | 3 | -2/+11 | |
A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382 | |||||
2012-07-06 | AD: Add manpages and SSSDConfig entries | Stephen Gallagher | 3 | -1/+128 | |
2012-07-06 | Fix SSSDConfigTest for separate build directories | Sumit Bose | 1 | -8/+9 | |
2012-06-29 | sudo: add host info options | Pavel Březina | 2 | -0/+10 | |
Adds some option that allows to manually configure a host filter. ldap_sudo_use_host_filter - if false, we will download all rules regardless their sudoHost attribute ldap_sudo_hostnames - list hostnames and/or fqdn that should be downloaded, separated with spaces ldap_sudo_ip - list of IPv4/6 address and/or network that should be downloaded, separated with spaces ldap_sudo_include_netgroups - include rules that contains netgroup in sudoHost ldap_sudo_include_regexp - include rules that contains regular expression in sudoHost | |||||
2012-06-29 | sudo: clean up | Pavel Březina | 2 | -2/+0 | |
2012-06-29 | sudo provider: add ldap_sudo_smart_refresh_interval | Pavel Březina | 2 | -0/+2 | |
2012-06-29 | sudo provider: remove old timer | Pavel Březina | 2 | -4/+0 | |
2012-06-29 | sudo provider: add ldap_sudo_full_refresh_interval | Pavel Březina | 2 | -0/+2 | |
2012-06-29 | confdb: add entry_cache_sudo_timeout option | Pavel Březina | 3 | -0/+4 | |
2012-06-21 | Add support for ID ranges | Sumit Bose | 2 | -0/+2 | |
2012-06-18 | Make the client idle timeout configurable | Stephen Gallagher | 3 | -1/+4 | |
2012-06-13 | LDAP: Add ldap_*_use_matching_rule_in_chain options | Stephen Gallagher | 3 | -0/+7 | |
2012-06-10 | Allow fast memcache timeout to be configurable | Jan Zeleny | 2 | -0/+2 | |
https://fedorahosted.org/sssd/ticket/1318 | |||||
2012-06-10 | IPA subdomains - ask for information about master domain | Jan Zeleny | 2 | -0/+2 | |
The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain. | |||||
2012-06-05 | Fix the default sssd.conf path | Jakub Hrozek | 1 | -1/+1 | |
2012-05-31 | SSSDConfig: Make default config and schema file locations configurable | Stephen Gallagher | 2 | -7/+7 | |
https://fedorahosted.org/sssd/ticket/1008 | |||||
2012-05-31 | SSSDConfig: Make SSSDConfig a package | Stephen Gallagher | 4 | -5/+1 | |
We were polluting the primary Python space with several dependencies. We will now install them their own directory/module. | |||||
2012-05-14 | Fix typos in message and man pages. | Yuri Chornoivan | 1 | -1/+1 | |
2012-05-09 | NSS: Add default_shell option | Stephen Gallagher | 2 | -0/+2 | |
This option will allow administrators to set a default shell to be used if a user does not have one set in the identity provider. https://fedorahosted.org/sssd/ticket/1289 | |||||
2012-05-09 | NSS: Add fallback_homedir option | Stephen Gallagher | 3 | -0/+5 | |
This option is similar to override_homedir, except that it will take effect only for users that do not have an explicit home directory specified in LDAP. https://fedorahosted.org/sssd/ticket/1250 | |||||
2012-05-04 | SSSDConfigAPI: Fix missing option in tests | Stephen Gallagher | 1 | -0/+2 | |
2012-05-04 | Modify behavior of pam_pwd_expiration_warning | Jan Zeleny | 1 | -0/+1 | |
New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider. | |||||
2012-05-03 | LDAP: Map the user's primaryGroupID | Stephen Gallagher | 3 | -0/+3 | |
2012-05-03 | LDAP: Allow setting a default domain for id-mapping slice 0 | Stephen Gallagher | 3 | -0/+6 | |
2012-05-03 | LDAP: Add autorid compatibility mode | Stephen Gallagher | 3 | -0/+3 | |
2012-05-03 | LDAP: Add ID mapping range settings | Stephen Gallagher | 3 | -0/+10 | |
2012-05-03 | LDAP: Add id-mapping option | Stephen Gallagher | 3 | -0/+3 | |
2012-05-03 | LDAP: Add objectSID config option | Stephen Gallagher | 3 | -0/+6 | |
2012-04-24 | SSH: Add support for hashed known_hosts | Jan Cholasta | 2 | -0/+4 | |
https://fedorahosted.org/sssd/ticket/1203 | |||||
2012-04-24 | IPA: Add get-domains target | Sumit Bose | 1 | -0/+1 | |
2012-04-24 | data provider: added subdomains | Sumit Bose | 2 | -2/+5 | |
2012-04-24 | Responder part of the subdomain retrieval work | Jan Zeleny | 1 | -0/+2 | |
2012-04-20 | Make the monitor SIGKILL time configurable | Jakub Hrozek | 3 | -0/+3 | |
https://fedorahosted.org/sssd/ticket/1119 | |||||
2012-04-20 | proxy: new option proxy_fast_alias | Jakub Hrozek | 2 | -0/+2 | |
2012-04-05 | Fix regression in SSSDConfig.py | Jakub Hrozek | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/1291 | |||||
2012-02-28 | Fix typo in autofs option description | Stephen Gallagher | 1 | -1/+1 | |
2012-02-24 | SELinux related attributes added to config API | Jan Zeleny | 2 | -1/+11 | |
2012-02-24 | IPA hosts refactoring | Jan Zeleny | 1 | -0/+20 | |
2012-02-17 | RESPONDERS: Make the fd_limit setting configurable | Stephen Gallagher | 3 | -1/+4 | |
This code will now attempt first to see if it has privilege to set the value as specified, and if not it will fall back to the previous behavior. So on systems with the CAP_SYS_RESOURCE capability granted to SSSD, it will be able to ignore the limits.conf hard limit. https://fedorahosted.org/sssd/ticket/1197 | |||||
2012-02-10 | Add ssh service to sssd.api.conf | Jan Cholasta | 2 | -2/+7 | |
2012-02-10 | Add methods for activating and deactivating services to SSSDConfig | Jan Cholasta | 3 | -0/+268 | |
2012-02-07 | AUTOFS: IPA provider | Jakub Hrozek | 4 | -2/+9 | |
2012-02-07 | IPA: Add host info handler | Jan Cholasta | 1 | -0/+1 | |
2012-02-07 | DP: Add host info handler | Jan Cholasta | 3 | -2/+6 | |
2012-02-07 | LDAP: Add support for SSH user public keys | Jan Cholasta | 3 | -0/+3 | |
2012-02-06 | Add session target in data provider | Jan Zeleny | 3 | -2/+6 | |
2012-02-05 | AUTOFS: LDAP provider | Jakub Hrozek | 1 | -0/+8 | |
2012-02-05 | AUTOFS: responder | Jakub Hrozek | 3 | -4/+20 | |
2012-02-05 | AUTOFS: Data Provider request | Jakub Hrozek | 1 | -0/+1 | |