summaryrefslogtreecommitdiff
path: root/src/providers/ldap/ldap_auth.c
AgeCommit message (Collapse)AuthorFilesLines
2010-12-06Add ldap_chpass_uri config optionSumit Bose1-5/+14
2010-12-06Make string_to_shadowpw_days() publicSumit Bose1-33/+0
2010-11-19Fix offline detection for LDAP auth/chpassSumit Bose1-5/+13
2010-10-04Return offline instead of errorStephen Gallagher1-1/+2
When the failover code returns that there are no available servers while we are marked offline, we were returning an error to the PAM authentication code. Instead, we should return success with a result value of SDAP_UNAVAIL so that the PAM responder will mark the domain offline and attempt offline authentication.
2010-08-24Treat a zero-length password as a failureStephen Gallagher1-0/+7
Some LDAP servers allow binding with blank passwords. We should not allow a blank password to authenticate the SSSD.
2010-08-04Fix chpass operations with LDAP providerStephen Gallagher1-0/+1
The initial verification of the old password was returning an error because we were not explicitly setting dp_err to DP_ERR_SUCCESS and it was initialized earlier in the function to DP_ERR_FATAL.
2010-05-07Add more warnings about nearly expired passwordsSumit Bose1-5/+66
For the shadow and mit_kerberos password policy warnings are sent to the client if the password is about to expire.
2010-05-07Use all available servers in LDAP providerJakub Hrozek1-6/+33
2010-04-26Display a message if a password reset by root failsSumit Bose1-0/+8
2010-04-12sysdb: convert sysdb_get_user_attrSimo Sorce1-134/+69
2010-04-12sysdb: convert sysdb_cache_passwordSimo Sorce1-32/+11
2010-03-25Fix warnings from -Wmissing-field-initializersSumit Bose1-1/+3
This patch removes some tab-indentations from pamsrv.c, too.
2010-03-22Improvements for LDAP Password Policy supportRalf Haferkamp1-2/+50
Display warnings about remaining grace logins and password expiration to the user, when LDAP Password Policies are used. Improved detection if LDAP Password policies are supported by LDAP Server.
2010-03-15Fixed authentication check for CHAUTHTOK_PRELIMRalf Haferkamp1-1/+1
When changing passwords, treat SDAP_AUTH_PW_EXPIRED as a successful authentication in SSS_PAM_CHAUTHTOK_PRELIM.
2010-02-23Handle expired passwords like other PAM modulesSumit Bose1-1/+1
So far we handled expired password during authentication. Other PAM modules typically detect expired password during account management and return PAM_NEW_AUTHTOK_REQD if the password is expired and should be changed. The PAM library then calls the change password routines. To meet these standards pam_sss is change accordingly. As a result it is now possible to update an expired password via ssh if sssd is running with PasswordAuthentication=yes. One drawback due to limitations of PAM is that the user now has to type his current password again before setting a new one.
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+1055
Also update BUILD.txt