sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2010-03-18	Fix error message for ldap_start_tls	Stephen Gallagher	1	-1/+1

2010-03-15	Fixed authentication check for CHAUTHTOK_PRELIM	Ralf Haferkamp	1	-1/+1
	When changing passwords, treat SDAP_AUTH_PW_EXPIRED as a successful authentication in SSS_PAM_CHAUTHTOK_PRELIM.
2010-03-15	Fixed check for expired passwords	Ralf Haferkamp	1	-2/+4
	When the user's password is expired it might also be indicated by the bind operation returning "INVALID_CREDENTIALS" with the ppolicy control's errorcode set to "PP_passwordExpired".
2010-03-03	Improve safe alignment buffer handling macros	Simo Sorce	2	-18/+18
	Make the counter optional so that alignment safe macros can be used also where there is no counter to update. Change arguments names so that they are not deceiving (ptr normlly identify a pointer) Turn the memcpy substitute into an inline function so that passing a pointer to rp and checking for it doesn't make the compiler spit lots of warnings.
2010-02-25	Fix check for values of expiration limits	Jakub Hrozek	1	-1/+1
	There were inconsistencies between what sssd.conf manpage said and what the code enforces.
2010-02-25	Remove a check that was left behind	Jakub Hrozek	1	-7/+1
	When refactoring talloc_asprintf calls a check was left behind that cased the backend to go offline immediately.
2010-02-23	Better cleanup task handling	Jakub Hrozek	3	-37/+239
	Implements a different mechanism for cleanup task. Instead of just deleting expired entries, this patch adds a new option account_cache_expiration for domains. If an entry is expired and the last login was more days in the past that account_cache_expiration, the entry is deleted. Groups are deleted if they are expired and and no user references them (no user has memberof: attribute pointing at that group). The parameter account_cache_expiration is not LDAP-specific, so that other future backends might use the same timeout setting. Fixes: #391
2010-02-23	Do not check entries during cleanup task	Jakub Hrozek	2	-81/+59
	Do not attempt to validate expired entries in cache, just delete them. Also increase the cache timeouts. Fixes: #331
2010-02-23	Do not schedule enumeration after a cleanup	Jakub Hrozek	1	-2/+2

2010-02-23	Handle expired passwords like other PAM modules	Sumit Bose	1	-1/+1
	So far we handled expired password during authentication. Other PAM modules typically detect expired password during account management and return PAM_NEW_AUTHTOK_REQD if the password is expired and should be changed. The PAM library then calls the change password routines. To meet these standards pam_sss is change accordingly. As a result it is now possible to update an expired password via ssh if sssd is running with PasswordAuthentication=yes. One drawback due to limitations of PAM is that the user now has to type his current password again before setting a new one.
2010-02-18	Rename server/ directory to src/	Stephen Gallagher	16	-0/+9851
	Also update BUILD.txt