sssd-devel October 2009

sssd-devel@lists.fedorahosted.org

13 participants
102 discussions

Announcing the release of SSSD 0.7.0
by Stephen Gallagher 23 Oct '09

23 Oct '09

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The SSSD Development team is proud to announce the immediate maintenance release of SSSD 0.7.0. It can be found at https://fedorahosted.org/sssd/ == Highlights == * Removed the Data Provider process. All Data Provider backends will now speak directly to the responders. * Remove the !MagicPrivateGroups option. This will be an internal feature of backends that support it. * Add first steps towards a native FreeIPA data provider. * Support password changing in LDAP and Kerberos providers. * Added Python API for managing SSSD configuration. == Detailed changes since 0.6.0 == Dmitri Pal (10): * COLLECTION Adding item comparison and sorting * COLLECTION Realigning collection code * COLLECTION Making iterations pinnable * COLLECTION Enhancing hashing and iteration functions * ELAPI Event resolver * ELAPI Resolving message attribute * ELAPI Fixing warnings in the example * ELAPI Rename variables and functions not to use word template * ELAPI Fixed the host name resolution * ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): * Fix python sync operations and mem hierarchy * Fix error messages in tools * User home directories management Martin Nagy (7): * Use correct talloc context in sss_names_init() * Fix potential memory leaks in the data provider * Resolver: Use talloc_get_type() for type safety * Use talloc to copy data from c-ares * Add a new set of helpful common functions for tests * Various improvements to the resolv test suite * Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): * Update polish translation for 0.6.0 Ralf Haferkamp (2): * LDAP provider needs to link against krb libraries * SUSE specific init script Simo Sorce (21): * Tighten up permission. * Initial implementation of sasl bind support * Fix tools sync operations and mem hierarchy * Fix long timeout on ldap operation * Make dp requests more robust * Differentiate between search and network timeouts * Remove DP process * Start responders predictably after providers * Remove magicPrivateGroups option * Fix services startup when only LOCAL is configured * Make options parser available to all providers * Move ldap provider configuration into its own file * Fix offline authentication * Return the dp error from the providers * Move all ldap provider init functions * Move all krb5 provider init functions * Add first basic IPA provider * Always list inputs before outputs * Start implementing ipa specific options. * Better offline/enumeration behavior * Fix setting the schema in the ipa provider Stephen Gallagher (24): * Update version to 0.6.0 * Fix infinite loop with empty group enumeration * Updating release script to use the VERSION file * Change requirement on libldb to libldb >= 0.9.3 * INI Add config_from_fd() to ini_config * Remove unused btreemap code * Add new SSSDConfig python API * Add plugin configuration schema for proxy provider * Package SSSDConfig API * Clean up warnings in pysss.c * Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 * Remove two unused functions. * Fix segfault when using SSS tools with no local provider * Do not allow setting auth, access or chpass providers for LOCAL * Add krb5_common.h to the list of headers to 'make dist' * Use Python 3-compatible sitearch and sitelib * Better detect installed language files * Clean up rpmlint errors and warnings in sssd-client package * Set the Default-Stop LSB option for the SSSD sysv init script * Fix RPM builds on older versions of rpmbuild * Bring SSSDConfig API options up-to-date * Add pam_ctx (similar to nss_ctx) for storing global PAM config * Add support for offline auth cache timeout * Update version to 0.7.0 Sumit Bose (28): * update sysdb tests to new config file version * add utility call check_and_open_readonly * more documentation and test for sssd.conf * handle expired password during authentication * move password handling into subroutines * ask for new password if password is expired * remove redundant talloc_free * add description of chpass_provider option to sssd.conf man page * add support for server side LDAP password policies * add syslog message similar to pam_unix * use the correct kerberos context for each target * fix a wrong argument to unpack_buffer * add -Werror-implicit-function-declaration to default gcc flags * add a replacement if ldap_control_create is missing * use PYTHON_PREFIX to install SSSDConfig python API * add missing %defattr to the filelist of the client package * make sdap_id_connect_* independent of sdap_id_ctx * send a message if a backend target is not configured * use old password if available during password change * set chpass_provider implicit if not set explicit * more implicit provider target settings * enable debugging of krb5_child * Check for expired passwords in LDAP provider * added generic LDAP search sdap_get_generic_send/_recv * add store/search/delete interface for custom sysdb objects * update krb5 option handling to new option scheme * update ipa auth options to new option scheme * fix a compiler warning about redefinition of DEBUG - -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkrh/WEACgkQeiVVYja6o6MkbwCgkm6NkrCC/19atvHamxmeBgSH oxUAniy4dbE87lxS4VLv6JLcqMa8Snig =ynhy -----END PGP SIGNATURE-----

2 2

SSSD, chkconfig, and /etc/rc.d/init.d/
by David O'Brien 23 Oct '09

23 Oct '09

When you install sssd, you can start and stop it with the service command. It also appears in chkconfig --list so you can use that to configure it to start at boot time or not (default is not). It doesn't, however, appear in /etc/rc.d/init.d/ along with lots of other services. Should it? afaik (which on this topic is not a lot) the service command is limited to only a few systems (rhel/fedora and their offspring?) For other systems, you need to use the rc.d/init.d/ path to start and stop services. Maybe we need to add it manually? I'm on the verge of saying "Not RHEL or Fedora so I don't care", but I'm curious. thanks -- David O'Brien Red Hat Asia Pacific +61 7 3514 8189 http://freeipa.org/page/DocumentationPortal http://git.fedorahosted.org/git/ipadocs.git "The most valuable of all talents is that of never using two words when one will do." Thomas Jefferson

1 1

[PATCH] Add support for offline auth cache timeout
by Stephen Gallagher 22 Oct '09

22 Oct '09

This patch addresses: https://fedorahosted.org/sssd/ticket/60 This adds a new option to the [PAM] section of the sssd.conf. It can be specified by seconds, minutes, hours or days and defines how long a user can perform offline authentications. If the user does not perform an online authentication within the timeout, they will be denied auth once the timeout passes. -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/

4 9

[PATCH] User home directories management
by Jakub Hrozek 22 Oct '09

22 Oct '09

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Create and populate user directories on useradd, delete them on userdel Fixes: #212 This patch applies on top of the previous patch "[PATCH] Fix error messages in tools" Jakub -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkrVtZUACgkQHsardTLnvCUoTgCgpt0VYHOJ0CmVLf75VDLjiyki 8fsAoLnbriUQnJ6MhhxmjaoGGaNW+Pb7 =1XO5 -----END PGP SIGNATURE-----

3 11

fix setting schema in ipa provider
by Simo Sorce 22 Oct '09

22 Oct '09

one liner -- Simo Sorce * Red Hat, Inc * New York

3 2

[PATCH] Bring SSSDConfig API options up-to-date
by Stephen Gallagher 22 Oct '09

22 Oct '09

I discovered several incorrect entries in the sssd.api.conf (and plugins) as well as several missing ones (including some added recently). I updated the unit tests accordingly. -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/

2 3

[PATCHES] Fix resolv bugs and improve test coverage
by Martin Nagy 22 Oct '09

22 Oct '09

Hi, the first patch breaks the test, the third one fixes them. The second one contains couple of functions that I found handy for test cases, I would like to use them in other tests as well sometime later. Look into the patch files for more detailed description. Martin

3 3

[PATCH] New option code for krb5 and ipa auth
by Sumit Bose 22 Oct '09

22 Oct '09

Hi, this set of patches adds the new option handling to krb5 and ipa auth: 0001: new option handling for krb5 0002: new option handling for ipa auth 0003: fix a compiler warning that was introduced by extending krb5_common.h 0001 and 0002 depend on Simo's "Start implementing ipa specific options." patch. bye, Sumit

3 9

[PATCH] fix offline detection/enumeration behavior in ldap_id
by Simo Sorce 22 Oct '09

22 Oct '09

I was seeing the ipa backend blocking on start trying to contact the KDC and when failing not going offline, causing some applications (su -) to take a looong time to complete as they make many nss calls, and where waiting the KDC timeout for each call. Simo.

2 4

[PATCH] add store/search/delete interface for custom sysdb objects
by Sumit Bose 22 Oct '09

22 Oct '09

Hi, this patch adds a store/search/delete sysdb API for data not related to users of groups. The data is stored in cn=custom,cn=domain,cn=sysdb. The client must specify a subtree_name and an object_name to save the data in cn=object_name,cn=subtree_name,cn=custom,cn=domain,cn=sysdb. Please have a look at the sysdb_check_handle_* request, too. I think it makes the code more readable and helps to reduce code duplications. bye, Sumit

3 6

← Newer
1
2
3
4
5
6
7
...
11
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel October 2009