June 2013 - sssd-devel - Fedora Mailing-Lists

[PATCH] sudo responder: use different callback for oob refresh

by Pavel Březina

https://fedorahosted.org/sssd/ticket/1693 The reason why sudo show different messages is that SSSD crashes (SIGABRT from talloc) when out of band refresh is finished. For some reason, Nikolai's test is much more likely to reveal this on rhel systems than on fedora, however the SSSD crashes on both systems. How to test it: 1. run Nikolai's test attached to bugzilla 2. attach gdb to sssd_sudo and hit continue 3. wait for it Without the patch, you will receive SIGABRT from talloc. With the patch, you'll get SIGTERM from the test. I'd like to get this to both 1.10 and 1.9.

10 years, 10 months

3
5
0 / 0

[PATCH] AD: kinit with the local DC even when talking to a GC

by Jakub Hrozek

The attached patch should fix trouble we had with SRV discovery and trusts. We tried to use the GC address even for kinit which gave us errors like: "Realm not local to KDC while getting initial credentials". This patch adds a new AD_GC service that is only used for ID lookups, any sort of Kerberos operations are done against the local servers.

10 years, 10 months

2
2
0 / 0

[PATCH] Use forest for GC SRV lookups

by Sumit Bose

Hi, in contrast to other services the global catalog must be looked up with the help of the forest name and not with a domain name, this patch takes care of it and fixes part of https://fedorahosted.org/sssd/ticket/1973. Currently any GC is taken and no one from the local domain is preferred. bye, Sumit

10 years, 10 months

2
3
0 / 0

[PATCH] Every time return directory for krb5 cache collection.

by Lukas Slebodnik

ehlo, Function krb5_cc_get_full_name is called only as a way to validate that, we have the right cache. Instead of returned name, location will be returned from function cc_dir_cache_for_princ. https://fedorahosted.org/sssd/ticket/1936 Patch is attached. LS

10 years, 10 months

5
23
0 / 0

[PATCH] Revert "Implicitly activate the PAC responder for AD provider"

by Sumit Bose

Hi, with this patch the PAC responder is not started automatically if the AD provider is configured, because there are configurations, e.g. ldap_id_mapping = False, which are not handled properly by the PAC responder. When this is fixed it might be enabled again. bye, Sumit

10 years, 10 months

3
4
0 / 0

[PATCH] fix dead code in fail_over_srv.c

by Pavel Březina

https://fedorahosted.org/sssd/ticket/1969

10 years, 10 months

3
2
0 / 0

[PATCHES] Fix krb5 ticket renewal

by Sumit Bose

Hi, David Woodhouse identified an issue with Kerberos ticket renewal. Attached two patches fix two issues related to the authtok refactoring which make renewal for me working again. bye, Sumit

10 years, 10 months

3
9
0 / 0

[PATCH] krb5: do not send pac for IPA users from the local domain

by Sumit Bose

Hi, thoses two patches restore the original behaviour that the PAC for IPA users is not send to the PAC responder during password authentication. Fixes https://fedorahosted.org/sssd/ticket/1995 bye, Sumit

10 years, 10 months

2
2
0 / 0

sysdb_delete_group - No such file or directory and other errors

by Steve Traylen

Hi sssd-1.9.2-82.7.el6_4 I've a few Error messages that I'd like to understand , if you have some comments that would be great. * sssd_CERN.log sssd[be[CERN]]] [sysdb_search_user_by_uid] (0x0400): No such entry sssd[be[CERN]]] [sysdb_delete_group] (0x0400): Error: 2 (No such file or directory) * sssd_nss.log (Mon Jun 24 06:40:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: FC3020 (Mon Jun 24 06:40:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Mon Jun 24 06:40:26 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0xc5eff0 (Mon Jun 24 06:40:26 2013) [sssd[nss]] [nss_cmd_getpwuid_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 5, (null) Will try to return what we have in cache (Mon Jun 24 06:40:26 2013) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x430590:1:-1@CERN] (Mon Jun 24 06:40:26 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0xd85a00][20] * sssd_nss.log (Mon Jun 24 09:52:18 2013) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Fast reply - offline (Mon Jun 24 09:52:18 2013) [sssd[nss]] [nss_cmd_getpwnam_dp_callback] (0x0040): Unable to get information from Data Provider Error: 1, 11, Fast reply - offline Will try to return what we have in cache * sssd_pam.log (Mon Jun 24 09:52:18 2013) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Offline (Mon Jun 24 09:52:18 2013) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider Error: 1, 11, Offline (Mon Jun 24 09:52:18 2013) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [XXXXXXX@CERN]

10 years, 10 months

2
5
0 / 0

[PATCHES] 1.5: Quit SSSD gracefully

by Ondrej Kos

Hi, Attached are 3 patches, backporting the capability of SSSD to exit gracefully when providers fail to start for SSSD 1.5 This addresses https://bugzilla.redhat.com/show_bug.cgi?id=974036 The above is not technically a bug - SSSD failed to start correctly with misconfigured provider, but in these cases it should also quit, which did not happen and the core process kept running. With the attached patches SSSD fails to start as expected. Ondra -- Ondrej Kos Associate Software Engineer Identity Management - SSSD Red Hat Czech

10 years, 10 months

4
5
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel June 2013