August 2018 - sssd-devel - Fedora Mailing-Lists

[sssd PR#630][-Changes requested] KCM/SECRETS: Use a library to access the secrets storage instead of the secrets responder, deprecate secrets responder

by jhrozek

URL: https://github.com/SSSD/sssd/pull/630 Title: #630: KCM/SECRETS: Use a library to access the secrets storage instead of the secrets responder, deprecate secrets responder Label: -Changes requested

5 years, 8 months

1
0
0 / 0

[sssd PR#630][comment] KCM/SECRETS: Use a library to access the secrets storage instead of the secrets responder, deprecate secrets responder

by jhrozek

URL: https://github.com/SSSD/sssd/pull/630 Title: #630: KCM/SECRETS: Use a library to access the secrets storage instead of the secrets responder, deprecate secrets responder jhrozek commented: """ Thank you for the review, I hope all comments were addressed (modulo those where I asked what would you prefer to have done). """ See the full comment at https://github.com/SSSD/sssd/pull/630#issuecomment-412021137

5 years, 8 months

1
0
0 / 0

[sssd PR#630][+Changes requested] KCM/SECRETS: Use a library to access the secrets storage instead of the secrets responder, deprecate secrets responder

by fidencio

URL: https://github.com/SSSD/sssd/pull/630 Title: #630: KCM/SECRETS: Use a library to access the secrets storage instead of the secrets responder, deprecate secrets responder Label: +Changes requested

5 years, 8 months

1
0
0 / 0

[sssd PR#614][opened] nss_protocol_fill_initgr: skip incomplete groups instead of bailing out

by asheplyakov

URL: https://github.com/SSSD/sssd/pull/614 Author: asheplyakov Title: #614: nss_protocol_fill_initgr: skip incomplete groups instead of bailing out Action: opened PR body: """ Suppose the user U is a member of (AD) groups D1\A, D1\B, D2\X, and no domain controllers in the domain D2 can be reached at the moment (and there are no cached info). As of now initgroups won't assign any groups at all. To improve the behavior skip the incomplete groups so initgroup assigns at least some groups (D1\A, D1\B in the above example). """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/614/head:pr614 git checkout pr614

5 years, 8 months

4
20
0 / 0

[sssd PR#626][opened] SELINUX: Also call is_selinux_enabled as a check for selinux child

by jhrozek

URL: https://github.com/SSSD/sssd/pull/626 Author: jhrozek Title: #626: SELINUX: Also call is_selinux_enabled as a check for selinux child Action: opened PR body: """ Resolves: https://pagure.io/SSSD/sssd/issue/3796 The SSSD selinux management routines were only checking if SELinux is managed on the system. If it is managed, the code tries to proceed and set the login context, otherwise an error is returned which SSSD handles gracefully. But this is not enough, in some cases SELinux might be disabled, but managed and in these cases SSSD was returning strange errors, which might have prevented login with selinux provider in effect. We got this hint form the RH SELinux maintainer: """ libsemanage is for managing SELinux infrastructure. generally if there's /etc/selinux/config where libsemanage can read SELINUXTYPE and SELinux module store - /etc/selinux/<SELINUXTYPE>/active (or /var/lib/selinux/<SELINUXTYPE>/active) - is available, libsemanage can manage it even when SELinux is disabled. I'm not sure if selinux_child doesn any is_selinux_enabled() checks but it could help to avoid such situations. "" """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/626/head:pr626 git checkout pr626

5 years, 8 months

2
6
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel August 2018