[PATCH] Split the providers into separate subpackages
by Jakub Hrozek
Hi,
the attached patch splits the previously monolithic sssd package into
sssd-common that contains the deamon and the responders and per-provider
packages such as sssd-ldap or sssd-ipa.
This split would benefit two parties:
1) security auditors who are often trying to find the smallest package
set including dependencies needed for the package to function. They
would be able to i.e. install sssd-ldap and not bother about
sssd-ipa or sssd-ad pulling in more dependencies.
2) 3rd party programs such as realmd or authconfig that would only
be able to require or install on demand the needed packages.
The patch addresses https://fedorahosted.org/sssd/ticket/1510 and must b
applied on the two specfile patches I sent earlier (the thread subject
included libsss_sudo).
10 years, 9 months
[PATCH] A new option krb5_use_kdcinfo
by Jakub Hrozek
In order to test this patch, configure a domain that uses Kerberos (IPA
for example) and set krb5_use_kdcinfo=False. Without this option a
kdcinfo file (located in /var/lib/sss/pubconf) will be created at login
time at latest.
With the option set to False, the kdcinfo file will not get created and
also you would need to configure your realm in krb5.conf in order for
logins to work.
https://fedorahosted.org/sssd/ticket/1883
The patch introduces a new Kerberos provider option called
krb5_use_kdcinfo. The option is true by default in all providers. When
set to false, the SSSD will not create krb5 info files that the locator
plugin consumes and the user would have to set up the Kerberos options
manually in krb5.conf
10 years, 9 months
[PATCH] Adding script to create a SRPM
by Lukas Slebodnik
ehlo,
Recommended way to create SRPM is to run make (prerelease-)srpm.
But in previous case make file have to be generated, therefore
configure script should not fail. (all sssd required dependencies have to be
installed)
Script make_srpm.sh can be runned without running configure, script can be
runned only from git repository.
https://fedorahosted.org/sssd/ticket/1927
Patch is attached.
LS
10 years, 9 months
[PATCH] Don't test for NULL in nscd config check
by Ondrej Kos
Hi,
Attached patch fixes the following issue:
https://fedorahosted.org/sssd/ticket/1971
This is coverity bug, CIDs: 11851,11852,11853
I tested this with NSCD configuration file malformed in various ways.
The first thing is, NSCD won't even start, when nscd.conf doesn't meet
the specifications. This means that with malformed configuration it
can't even interfere with SSSD. On the other hand, the malformed
configuration might go through the check as OK (depending on selected
cachings), but since it won't run, it doesn't affect SSSD (and checking
for this in the SSSD would mean to adopt check from nscd sources to be
sure).
Ondra
--
Ondrej Kos
Associate Software Engineer
Identity Management - SSSD
Red Hat Czech
10 years, 9 months