October 2009 - sssd-devel - Fedora Mailing-Lists

by Stephen Gallagher

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The SSSD Development team is proud to announce the immediate maintenance release of SSSD 0.7.0. It can be found at https://fedorahosted.org/sssd/ == Highlights == * Removed the Data Provider process. All Data Provider backends will now speak directly to the responders. * Remove the !MagicPrivateGroups option. This will be an internal feature of backends that support it. * Add first steps towards a native FreeIPA data provider. * Support password changing in LDAP and Kerberos providers. * Added Python API for managing SSSD configuration. == Detailed changes since 0.6.0 == Dmitri Pal (10): * COLLECTION Adding item comparison and sorting * COLLECTION Realigning collection code * COLLECTION Making iterations pinnable * COLLECTION Enhancing hashing and iteration functions * ELAPI Event resolver * ELAPI Resolving message attribute * ELAPI Fixing warnings in the example * ELAPI Rename variables and functions not to use word template * ELAPI Fixed the host name resolution * ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): * Fix python sync operations and mem hierarchy * Fix error messages in tools * User home directories management Martin Nagy (7): * Use correct talloc context in sss_names_init() * Fix potential memory leaks in the data provider * Resolver: Use talloc_get_type() for type safety * Use talloc to copy data from c-ares * Add a new set of helpful common functions for tests * Various improvements to the resolv test suite * Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): * Update polish translation for 0.6.0 Ralf Haferkamp (2): * LDAP provider needs to link against krb libraries * SUSE specific init script Simo Sorce (21): * Tighten up permission. * Initial implementation of sasl bind support * Fix tools sync operations and mem hierarchy * Fix long timeout on ldap operation * Make dp requests more robust * Differentiate between search and network timeouts * Remove DP process * Start responders predictably after providers * Remove magicPrivateGroups option * Fix services startup when only LOCAL is configured * Make options parser available to all providers * Move ldap provider configuration into its own file * Fix offline authentication * Return the dp error from the providers * Move all ldap provider init functions * Move all krb5 provider init functions * Add first basic IPA provider * Always list inputs before outputs * Start implementing ipa specific options. * Better offline/enumeration behavior * Fix setting the schema in the ipa provider Stephen Gallagher (24): * Update version to 0.6.0 * Fix infinite loop with empty group enumeration * Updating release script to use the VERSION file * Change requirement on libldb to libldb >= 0.9.3 * INI Add config_from_fd() to ini_config * Remove unused btreemap code * Add new SSSDConfig python API * Add plugin configuration schema for proxy provider * Package SSSDConfig API * Clean up warnings in pysss.c * Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 * Remove two unused functions. * Fix segfault when using SSS tools with no local provider * Do not allow setting auth, access or chpass providers for LOCAL * Add krb5_common.h to the list of headers to 'make dist' * Use Python 3-compatible sitearch and sitelib * Better detect installed language files * Clean up rpmlint errors and warnings in sssd-client package * Set the Default-Stop LSB option for the SSSD sysv init script * Fix RPM builds on older versions of rpmbuild * Bring SSSDConfig API options up-to-date * Add pam_ctx (similar to nss_ctx) for storing global PAM config * Add support for offline auth cache timeout * Update version to 0.7.0 Sumit Bose (28): * update sysdb tests to new config file version * add utility call check_and_open_readonly * more documentation and test for sssd.conf * handle expired password during authentication * move password handling into subroutines * ask for new password if password is expired * remove redundant talloc_free * add description of chpass_provider option to sssd.conf man page * add support for server side LDAP password policies * add syslog message similar to pam_unix * use the correct kerberos context for each target * fix a wrong argument to unpack_buffer * add -Werror-implicit-function-declaration to default gcc flags * add a replacement if ldap_control_create is missing * use PYTHON_PREFIX to install SSSDConfig python API * add missing %defattr to the filelist of the client package * make sdap_id_connect_* independent of sdap_id_ctx * send a message if a backend target is not configured * use old password if available during password change * set chpass_provider implicit if not set explicit * more implicit provider target settings * enable debugging of krb5_child * Check for expired passwords in LDAP provider * added generic LDAP search sdap_get_generic_send/_recv * add store/search/delete interface for custom sysdb objects * update krb5 option handling to new option scheme * update ipa auth options to new option scheme * fix a compiler warning about redefinition of DEBUG - -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkrh/WEACgkQeiVVYja6o6MkbwCgkm6NkrCC/19atvHamxmeBgSH oxUAniy4dbE87lxS4VLv6JLcqMa8Snig =ynhy -----END PGP SIGNATURE-----

14 years, 1 month

2
2
0 / 0

SSSD, chkconfig, and /etc/rc.d/init.d/

by David O'Brien

When you install sssd, you can start and stop it with the service command. It also appears in chkconfig --list so you can use that to configure it to start at boot time or not (default is not). It doesn't, however, appear in /etc/rc.d/init.d/ along with lots of other services. Should it? afaik (which on this topic is not a lot) the service command is limited to only a few systems (rhel/fedora and their offspring?) For other systems, you need to use the rc.d/init.d/ path to start and stop services. Maybe we need to add it manually? I'm on the verge of saying "Not RHEL or Fedora so I don't care", but I'm curious. thanks -- David O'Brien Red Hat Asia Pacific +61 7 3514 8189 http://freeipa.org/page/DocumentationPortal http://git.fedorahosted.org/git/ipadocs.git "The most valuable of all talents is that of never using two words when one will do." Thomas Jefferson

14 years, 1 month

1
1
0 / 0

[PATCH] Add support for offline auth cache timeout

by Stephen Gallagher

This patch addresses: https://fedorahosted.org/sssd/ticket/60 This adds a new option to the [PAM] section of the sssd.conf. It can be specified by seconds, minutes, hours or days and defines how long a user can perform offline authentications. If the user does not perform an online authentication within the timeout, they will be denied auth once the timeout passes. -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/

14 years, 1 month

4
9
0 / 0

[PATCH] User home directories management

by Jakub Hrozek

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Create and populate user directories on useradd, delete them on userdel Fixes: #212 This patch applies on top of the previous patch "[PATCH] Fix error messages in tools" Jakub -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkrVtZUACgkQHsardTLnvCUoTgCgpt0VYHOJ0CmVLf75VDLjiyki 8fsAoLnbriUQnJ6MhhxmjaoGGaNW+Pb7 =1XO5 -----END PGP SIGNATURE-----

14 years, 1 month

3
11
0 / 0

fix setting schema in ipa provider

by Simo Sorce

one liner -- Simo Sorce * Red Hat, Inc * New York

14 years, 1 month

3
2
0 / 0

[PATCH] Bring SSSDConfig API options up-to-date

by Stephen Gallagher

I discovered several incorrect entries in the sssd.api.conf (and plugins) as well as several missing ones (including some added recently). I updated the unit tests accordingly. -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/

14 years, 1 month

2
3
0 / 0

[PATCHES] Fix resolv bugs and improve test coverage

by Martin Nagy

Hi, the first patch breaks the test, the third one fixes them. The second one contains couple of functions that I found handy for test cases, I would like to use them in other tests as well sometime later. Look into the patch files for more detailed description. Martin

14 years, 1 month

3
3
0 / 0

[PATCH] New option code for krb5 and ipa auth

by Sumit Bose

Hi, this set of patches adds the new option handling to krb5 and ipa auth: 0001: new option handling for krb5 0002: new option handling for ipa auth 0003: fix a compiler warning that was introduced by extending krb5_common.h 0001 and 0002 depend on Simo's "Start implementing ipa specific options." patch. bye, Sumit

14 years, 1 month

3
9
0 / 0

[PATCH] fix offline detection/enumeration behavior in ldap_id

by Simo Sorce

I was seeing the ipa backend blocking on start trying to contact the KDC and when failing not going offline, causing some applications (su -) to take a looong time to complete as they make many nss calls, and where waiting the KDC timeout for each call. Simo.

14 years, 1 month

2
4
0 / 0

[PATCH] add store/search/delete interface for custom sysdb objects

by Sumit Bose

Hi, this patch adds a store/search/delete sysdb API for data not related to users of groups. The data is stored in cn=custom,cn=domain,cn=sysdb. The client must specify a subtree_name and an object_name to save the data in cn=object_name,cn=subtree_name,cn=custom,cn=domain,cn=sysdb. Please have a look at the sysdb_check_handle_* request, too. I think it makes the code more readable and helps to reduce code duplications. bye, Sumit

14 years, 1 month

3
6
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel October 2009