summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2010-02-25Fix check for values of expiration limitsJakub Hrozek2-3/+3
There were inconsistencies between what sssd.conf manpage said and what the code enforces.
2010-02-25Remove a check that was left behindJakub Hrozek1-7/+1
When refactoring talloc_asprintf calls a check was left behind that cased the backend to go offline immediately.
2010-02-23Better cleanup task handlingJakub Hrozek11-39/+263
Implements a different mechanism for cleanup task. Instead of just deleting expired entries, this patch adds a new option account_cache_expiration for domains. If an entry is expired and the last login was more days in the past that account_cache_expiration, the entry is deleted. Groups are deleted if they are expired and and no user references them (no user has memberof: attribute pointing at that group). The parameter account_cache_expiration is not LDAP-specific, so that other future backends might use the same timeout setting. Fixes: #391
2010-02-23Store lastLogin attribute when authenticating onlineJakub Hrozek1-0/+5
2010-02-23Revert "Change default for enumeration to TRUE"Stephen Gallagher2-2/+2
This reverts commit 75a9f18ad8ac6e885ac34cdeebc4d8f8734713f8.
2010-02-23Do not check entries during cleanup taskJakub Hrozek3-82/+60
Do not attempt to validate expired entries in cache, just delete them. Also increase the cache timeouts. Fixes: #331
2010-02-23Do not schedule enumeration after a cleanupJakub Hrozek1-2/+2
2010-02-23Handle expired passwords like other PAM modulesSumit Bose4-21/+53
So far we handled expired password during authentication. Other PAM modules typically detect expired password during account management and return PAM_NEW_AUTHTOK_REQD if the password is expired and should be changed. The PAM library then calls the change password routines. To meet these standards pam_sss is change accordingly. As a result it is now possible to update an expired password via ssh if sssd is running with PasswordAuthentication=yes. One drawback due to limitations of PAM is that the user now has to type his current password again before setting a new one.
2010-02-23Fix file permissions of config.ldbSumit Bose1-0/+4
2010-02-23Check and set permissions on SBUS socketsSumit Bose7-25/+141
2010-02-22Restrict family lookupsJakub Hrozek12-34/+172
Adds a new option that tells resolver which address family to prefer or use exclusively. Fixes: #404
2010-02-22Remove Kerberos options from confdb.hJakub Hrozek1-8/+0
Kerberos-specific options are pulled using dp_get_opts() and defined in Kerberos subtree. There is no need to keep these in confdb.
2010-02-22Remove unnecessary domain parameter from PAM requestsStephen Gallagher2-28/+5
If we're sending a message to the backend, we already know which domain the request is targeting. Carrying this information is not useful and confuses the interface.
2010-02-22Remove unnecessary "domain" parameter from DP registrationStephen Gallagher6-10/+7
This was a holdover from when the DP and the providers were unique processes. The NSS and PAM registrations do not need to send the domain, as it is not ambiguous which one they are talking to.
2010-02-19Add documentation for PAM response messagesSumit Bose3-20/+272
2010-02-19Remove unneeded items from struct pam_dataSumit Bose8-89/+71
2010-02-19Update PL translationPiotr Drąg1-5/+5
2010-02-19Send Kerberos environment after password changeSumit Bose1-1/+1
2010-02-19Fix two typosSumit Bose1-2/+2
2010-02-19Updating ES translationDomingo Becker1-11/+12
2010-02-18Fix bad mergeStephen Gallagher3-0/+841
Merging ba8937d83675c7d69808d1d3df8f823afdc5ce2a left the COPYING and COPYING.LESSER files in the now-defunct sss_client directory. This patch moves them into the right location and fixes the spec file to look for them correctly.
2010-02-18Fix licensing issues for sss_clientStephen Gallagher5-30/+72
2010-02-18Fix licensing issues in SSSDStephen Gallagher3-0/+72
2010-02-18Build all manpages from a single locationStephen Gallagher2-1/+1
2010-02-18Rename server/ directory to src/Stephen Gallagher239-0/+91971
Also update BUILD.txt