Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Also adds an option to limit how often we check the ID provider,
so that conversations with multiple PAM requests won't update the
cache multiple times.
https://fedorahosted.org/sssd/ticket/749
|
|
Previously, this was initialized to zero, so the first domain in
the list wouldn't be checked for ID updates in
pam_check_user_search. This initializes the first domain to check
the provider.
|
|
Translated a couple of strings from manpages into Czech. Makes the
manpage translation patch testable.
|
|
Utilizes PO4A to extract translatable strings from Docbook XML sources
and allows translators to submit ordinary .PO files. PO4A then generates
translated Docbook documents that can be used to generate translated end
user documentation.
https://fedorahosted.org/sssd/ticket/297
|
|
https://fedorahosted.org/sssd/ticket/670
|
|
Previously we were only passing the username.
|
|
https://fedorahosted.org/sssd/ticket/745
|
|
|
|
|
|
Over the time a couple of new config options didn't made it into the
config API files. This patch updates the files and removes some
duplications.
|
|
|
|
- do not recreate the ccache file when renewing the TGT
- use user principal name as hash key instead of ccfile name
- let krb5_child return Kerberos error codes
|
|
|
|
Currently in a domain where LDAP was used for id and auth the LDAP UIR
was added multiple times to the failover code which may cause unwanted
delays.
|
|
Includes a unit test
|
|
Previously, we would wait for ten seconds before starting an
enumeration. However, this meant that on the first startup (before
we had run our first enumeration) there was a ten-second window
where clients would immediately get back a response with no
entries instead of blocking until the enumeration completed.
With this patch, SSSD will now run an enumeration immediately upon
startup. Further startups will retain the ten-second delay so as
not to slow down system bootups.
https://fedorahosted.org/sssd/ticket/616
|
|
https://fedorahosted.org/sssd/ticket/735
|
|
Also fixes the same problem with set_close_on_exec
https://fedorahosted.org/sssd/ticket/713
|
|
|
|
https://fedorahosted.org/sssd/ticket/714
|
|
https://fedorahosted.org/sssd/ticket/725
|
|
https://fedorahosted.org/sssd/ticket/718
|
|
https://fedorahosted.org/sssd/ticket/711
|
|
|
|
https://fedorahosted.org/sssd/ticket/730
|
|
|
|
https://fedorahosted.org/sssd/ticket/733
|
|
https://fedorahosted.org/sssd/ticket/723
|
|
https://fedorahosted.org/sssd/ticket/731
|
|
https://fedorahosted.org/sssd/ticket/732
|
|
https://fedorahosted.org/sssd/ticket/723
|
|
https://fedorahosted.org/sssd/ticket/715
|
|
https://fedorahosted.org/sssd/ticket/728
|
|
https://fedorahosted.org/sssd/ticket/726
|
|
https://fedorahosted.org/sssd/ticket/722
|
|
https://fedorahosted.org/sssd/ticket/721
|
|
https://fedorahosted.org/sssd/ticket/717
|
|
https://fedorahosted.org/sssd/ticket/716
|
|
https://fedorahosted.org/sssd/ticket/712
|
|
https://fedorahosted.org/sssd/ticket/712
|
|
https://fedorahosted.org/sssd/ticket/724
|
|
https://fedorahosted.org/sssd/ticket/720
|
|
https://fedorahosted.org/sssd/ticket/719
|
|
We were unscheduling the timeout handler after the first lookup
(A or AAAA) returned, but not rescheduling it if we went on to
check the secondary record type. This resulted in the resolver
never returning a result for the secondary lookup, which can mean
that logins/screen unlocks after VPN drop or suspend/resume might
never complete.
Fixes https://fedorahosted.org/sssd/ticket/729
|
|
options.tries specifies the number of retries. Setting this to
zero means to try exactly once. Previously we were always trying
twice (internally). We want to simply honor the SSSD configuration
and fail over to the next server (or go offline) after one try.
|
|
This patch adds simple_allow_groups and simple_deny_groups options
to the simple access provider. It makes it possible to grant or
deny access based on a user's group memberships within the domain.
This patch makes one minor change to previous functionality: now
all deny rules will supersede allow rules. Previously, if both
simple_allow_users and simple_deny_users were set with the same
value, the allow would win.
https://fedorahosted.org/sssd/ticket/440
|
|
|
|
It was decided that IPA HBAC will move to a different format to specify
time ranges in access control rules. The evaluation based on the old
format is not needed anymore.
|
|
It is planned to release IPA 2.0 without time range specifications in
the access control rules. To avoid confusion the evaluation is removed
from sssd, too.
|