Age | Commit message (Collapse) | Author | Files | Lines |
|
This is the second attempt to let the PAM client and the PAM responder
exchange their credentials, i.e. uid, gid and pid. Because this approach
does not require any message interchange between the client and the
server the protocol version number is not changed.
On the client side the connection is terminated it the responder is not
run by root. On the server side the effective uid and gid and the pid of
the client are available for future use.
The following additional changes are made by this patch:
- the checks of the ownership and the permissions on the PAM sockets are
enhanced
- internal error codes are introduced on the client side to generate
more specific log messages if an error occurs
|
|
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
|
|
Adds a new option -Z to sss_useradd and sss_usermod. This option allows
user to specify the SELinux login context for the user. On deleting the
user with sss_userdel, the login mapping is deleted, so subsequent
adding of the same user would result in the default login context unless
-Z is specified again.
MLS security is not supported as of this patch.
|
|
Fixes: #221
|
|
- check if the public socket belongs to root and has 0666 permissions
- use a SCM_CREDENTIALS message if available
|
|
Also update BUILD.txt
|