Missing word? User Private Group and User Magic Group
by David O'Brien
The following is taken from "The LOCAL Provider" section on the
HOWTO_Configure page on the wiki:
"Using Magic Private groups bring the benefit of better Windows
Interoperability (in Windows, the ID and name spaces are unique) and
also avoids creating a group for every user, thus cluttering the group
space. Also, for NSS calls, every user is actually returned as user's
private group without having to explicitly create the group, thus having
the same effect as User Private Groups "
The 2nd sentence doesn't quite add up.
thanks
--
David O'Brien
Red Hat Asia Pacific
+61 7 3514 8189
http://freeipa.org/page/DocumentationPortal
http://git.fedorahosted.org/git/ipadocs.git
"The most valuable of all talents is that of never using two words when
one will do."
Thomas Jefferson
14 years, 6 months
[PATCH] Build files.c only for tools
by Stephen Gallagher
Addresses https://fedorahosted.org/sssd/ticket/257
On Ubuntu and other platforms that build with
LDFLAGS=-Wl,-Bsymbolic-files, we would fail to link the sssd binary
successfully, because files.o would have unresolved dependencies since
we don't link agsinst the SELinux library.
There were two options to fix this:
1) Link against -lselinux. I rejected this because the sssd monitor
binary does not in fact use any of the features of files.o at this time.
It didn't make sense to introduce an additional, unused library dependency.
2) Only link files.o (and SELinux) where needed. At this time, that
means only the command line tools. This is the approach I took.
If, in the future, we decide to add some of the files.c functionality to
other places in the SSSD, we can carry it in and link against SELinux at
that time.
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
14 years, 6 months
Properly wrap #include <krb5.h>
by Stephen Gallagher
Depending on the platform, krb5.h may be available as
#include <krb5.h>
or
#include <krb5/krb5.h>
We were properly testing for this in krb5_common.h, but not in
sdap_async.c
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
14 years, 6 months
Failure to set password for new user in LOCAL database
by David O'Brien
[root@alice ~]# sss_useradd newUser02
[root@alice ~]# getent passwd newUser02
newUser02:x:505:505:newUser02:/home/newUser02:/bin/bash
[root@alice ~]# passwd newUser02
Changing password for user newUser02.
passwd: Authentication token manipulation error
[root@alice ~]#
I've tried this with a couple of different users, using FQDN, etc., but
always get the same error.
[root@alice ~]# rpm -qi sssd
Name : sssd Relocations: (not relocatable)
Version : 0.8.0 Vendor: (none)
Release : 0.2009102711gitaa5a562.fc11 Build Date: Wed 28 Oct 2009
01:10:59 AM EST
I added the following to nsswitch.conf
passwd: files sss
shadow: files
group: files sss
sssd.conf is pretty basic.
Found this in sssd.log:
[sssd] [confdb_get_domain_internal] (0): Warning: enumeration parameter
in LOCAL still uses integers! Enumeration is now a boolean and takes
true/false values. Interpreting as true
(something that needs fixing, but at the same time not something that
would cause breakage, afaik)
I don't know where else to look :(
--
David O'Brien
Red Hat Asia Pacific
+61 7 3514 8189
http://freeipa.org/page/DocumentationPortal
http://git.fedorahosted.org/git/ipadocs.git
"The most valuable of all talents is that of never using two words when
one will do."
Thomas Jefferson
14 years, 6 months
Options for each SSSD Provider?
by David O'Brien
The doc skeleton contains the following headings for each of LOCAL,
LDAP, IPA, and KRB5 providers (4.3 just happens to be for the local SSSD
domain):
4.3.1. Identification Options
text
4.3.2. Authentication Options
text
4.3.3. Access Control Options
text
4.3.4. Password Changing Options
text
I can get a bit of an idea of what goes in here from the wiki and the
man page, but I'm not sure if that contains examples of all options, and
neither am I sure I'd get the examples in the right sections.
e.g., from the "DOMAIN SECTIONS" of the man page:
min_id & max_id I can guess are Identification Options
entry_cache_timeout --> Auth Option
etc.
timeout ?
I won't go through the whole list... should I just have a go and wait
for doc review time to shuffle any stuff-ups around?
--
David O'Brien
Red Hat Asia Pacific
+61 7 3514 8189
http://freeipa.org/page/DocumentationPortal
http://git.fedorahosted.org/git/ipadocs.git
"The most valuable of all talents is that of never using two words when
one will do."
Thomas Jefferson
14 years, 6 months