Absence of 'mc' directory non-fatal
by Jan Engelhardt
Hi,
as part of my ongoing investigation on sssd-1.8.93's bugs, here is
another distilled item:
- when /var/lib/sss/db is missing, sssd does not start. That's ok,
though the syslog error message "Cannot load configuration database"
is *very* sparse. (It could, for example, say what file it failed to
open, and strerror(errno)).
- when /var/lib/sss/mc is missing, sssd does start, and emits a
warning message into sssd_nss.log, but only at debug_level=9.
This needs to be "louder". (Perhaps terminate sssd, like in the /db
case.)
- Can't sssd just create all the directories it needs in /var/lib/sss
by itself?
- if /var/lib/sss/mc is missing, the inability to read /mc/group
goes in silence. (Well, that's perhaps a "bug" of id(1)
and getent(1).) It requires that one checks the return code
and errno to see that getgrid returns EBADMSG.
11 years, 9 months
[PATCH] Cast uid_t to unsigned long long in DEBUG messages
by Jakub Hrozek
krb5_child was crashing on my 32bit system when debugging was enabled
(and to make it more interesting, only when compiled with -O2). We were
using %llu to print uid_t values, which didn't match with the real size
of uid_t on 32bit systems. This patch adds an explicit cast to unsigned
long long.
11 years, 9 months
[PATCH] pac responder: limit access by checking UIDs
by Sumit Bose
Hi,
this patch added the checks requested in ticket #1382 to the PAC
responder. The check itself can be found in the commom responder code.
It can be used by all responder, but currently only the PAC responder
uses it.
I took a quite strict default here, i.e. only root is allowed to access
the PAC responder by default. Is this too restrictive?
bye,
Sumit
11 years, 9 months