[sssd PR#175][opened] Add module for starting services
by lslebodn
URL: https://github.com/SSSD/sssd/pull/175
Author: lslebodn
Title: #175: Add module for starting services
Action: opened
PR body:
"""
This is a WIP version of reducing code duplication in our cwrap integration tests.
I am still not sure whether we should also reuse function `create_sssd_fixture`.
And if yes; then probably in different nodule then `services`
And comments are welcome.
BTW I wrote patches few weeks ago; therefore new tests are not converted.
I am just sending patches to get some feedback.
Site effect of this patches is that tests are cca 20% faster (IIRC)
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/175/head:pr175
git checkout pr175
1 year, 10 months
[sssd PR#616][opened] become_user: add supplementary groups so ad provider can access keytab
by asheplyakov
URL: https://github.com/SSSD/sssd/pull/616
Author: asheplyakov
Title: #616: become_user: add supplementary groups so ad provider can access keytab
Action: opened
PR body:
"""
For security reasons one might want to run providers as a non-privileged
user (say, _sssd). However some providers (in particular ad) might need
an access to restricted (non world-readable) files (for instance,
/etc/krb5.keytab). One of the possible ways to solve the problem is to
- add a special group (for instance, _keytab)
- set the owner:group of the file in question to root:_keytab
- set the permissions of the file in question to 640
- make the _sssd user a member of the _keytab group
For this to work become_user should assign supplementary groups, which
is what this patch does.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/616/head:pr616
git checkout pr616
2 years, 7 months
[sssd PR#5251][opened] [wip] subdomains: allow to inherit case_sensitive=Preserving
by pbrezina
URL: https://github.com/SSSD/sssd/pull/5251
Author: pbrezina
Title: #5251: [wip] subdomains: allow to inherit case_sensitive=Preserving
Action: opened
PR body:
"""
The first patch is just man page update to reflect current state.
I think it makes sense to be able to show subdomain names in
their original casing. Patches 2-3 make it work for AD provider.
Patch 4 makes it work for IPA provider. There is apparantely a bug
in winbind, but there is no link the any bugzilla so I do not know
if it was already fixed. The commit is four years old. This patch
requires case_sensitive=Preserving to be set also on the server,
otherwise it does not work. It can be enabled without the server setting
but we need to make nss_cmd_getpwnam_ex (and other _ex commands) to
always return case preserving name. So before I continue the work
I'd like to ask @sumit-bose if we can do it like this.
Resolves:
https://github.com/SSSD/sssd/issues/5250
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5251/head:pr5251
git checkout pr5251
2 years, 8 months
[sssd PR#5257][opened] git-template: add tags to help with release notes automation
by pbrezina
URL: https://github.com/SSSD/sssd/pull/5257
Author: pbrezina
Title: #5257: git-template: add tags to help with release notes automation
Action: opened
PR body:
"""
This commits add information on several tags that should be used
so we are able to generate release notes on each new release
automatically. This will make release notes more thorough and it
will also simplify the process a lot since it take lots of time
to do it manually.
Why I chose `:tag:` format>
1. Using @ notation creates user references in github so I wanted
to use something different.
2. Using a plain text like (Resolves) leads people to create their
own variations (Fixes, Resolves XYZ, ...) which adds additional
burden to maintainers. Using this format makes it less error
prone and easier to parse.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5257/head:pr5257
git checkout pr5257
2 years, 11 months
[sssd PR#5252][opened] Add offline_timeout_max option to control offline interval backoff
by deastoe
URL: https://github.com/SSSD/sssd/pull/5252
Author: deastoe
Title: #5252: Add offline_timeout_max option to control offline interval backoff
Action: opened
PR body:
"""
The offline_timeout period determines the minimum time between
attempts of a data provider to go back online, if it is offline due
to eg. unreachable servers. Each time this check fails there is a
backoff factor applied meaning there can be up to 60 minutes between
these attempts.
Here we introduce the offline_timeout_max option which allows the
the maximum period between attempts to be defined in the configuration,
instead of the default 60 minutes; therefore providing more
flexibility.
Setting offline_timeout_max to 0 disables the backoff functionality.
Additionally fix two issues observed in be_ptask scheduling:
- Backoff is not applied on the first re-schedule operation
- The maximum backoff value (previously hardcoded) might not be reached.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5252/head:pr5252
git checkout pr5252
3 years
[sssd PR#269][opened] Add support for ActiveDirectory's logonHours restrictions
by NWilson
URL: https://github.com/SSSD/sssd/pull/269
Author: NWilson
Title: #269: Add support for ActiveDirectory's logonHours restrictions
Action: opened
PR body:
"""
This is a straightforward patch for denying access to a user when the user is not permitted to access their account due to logonHours restrictions.
This matches the default behaviour for domain-joined Windows machines. When outside the logonHours, all types of authentication are denied (password/Kerberos/certificate) - so it is appropriate to put this check inside the PAM "account" rules.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/269/head:pr269
git checkout pr269
3 years