sssd-devel March 2021

sssd-devel@lists.fedorahosted.org

6 participants
48 discussions

[sssd PR#5450][opened] kcm: add support for kerberos tgt renewals
by justin-stephenson 10 May '21

10 May '21

URL: https://github.com/SSSD/sssd/pull/5450 Author: justin-stephenson Title: #5450: kcm: add support for kerberos tgt renewals Action: opened PR body: """ This allows configuration of KCM to attempt renewals for renew-applicable kerberos tickets stored in kcm, such as a TGT retrieved with `kinit` on the command-line. krb5* renewal and lifetime options are configurable in the [kcm] section, if they do not exist in the [kcm] section then we check and fallback to using the first `auth_provider=krb5` domain in sssd.conf. This support is only added to the secdb ccache backend. The overall high-level logic used here is similar to the existing pam_sss krb5 renewal code, adding necessary changes to unmarshal and retrieve ticket information from KCM secrets db. Renewal is only attempted after half of the tgt lifetime has been reached. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5450/head:pr5450 git checkout pr5450

5 93

[sssd PR#5481][opened] Tests: 'getent group ldapgroupname' doesn't show
by aborah-sudo 07 May '21

07 May '21

URL: https://github.com/SSSD/sssd/pull/5481 Author: aborah-sudo Title: #5481: Tests: 'getent group ldapgroupname' doesn't show Action: opened PR body: """ any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD Verifies: https://github.com/SSSD/sssd/issues/5311 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1817122 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5481/head:pr5481 git checkout pr5481

4 25

[sssd PR#5478][opened] Tests: alltests: fetch autofs maps after coming online
by shridhargadekar 26 Apr '21

26 Apr '21

URL: https://github.com/SSSD/sssd/pull/5478 Author: shridhargadekar Title: #5478: Tests: alltests: fetch autofs maps after coming online Action: opened PR body: """ SSSD should fetch autofs maps from server when coming online from offline state, without existing cache. SSSD is started in offline mode with no existing. cache. While coming online, SSSD should fetch autofs maps from server without restarting SSSSD service. #Verifies: Issues: https://github.com/SSSD/sssd/issues/3413 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1113639 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5478/head:pr5478 git checkout pr5478

2 21

[sssd PR#5544][opened] TEST: Modify subsystem to sst_idm_sssd
by sgoveas 26 Apr '21

26 Apr '21

URL: https://github.com/SSSD/sssd/pull/5544 Author: sgoveas Title: #5544: TEST: Modify subsystem to sst_idm_sssd Action: opened PR body: """ idm sst were sub divided in team specific sst and is now implemented in polarion """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5544/head:pr5544 git checkout pr5544

5 10

[sssd PR#5541][opened] nss client: make innetgr() thread safe
by sumit-bose 21 Apr '21

21 Apr '21

URL: https://github.com/SSSD/sssd/pull/5541 Author: sumit-bose Title: #5541: nss client: make innetgr() thread safe Action: opened PR body: """ The innetgr() call is expected to be thread safe but SSSD's the current implementation isn't. In glibc innetgr() is implementend by calling the setnetgrent(), getnetgrent(), endgrent() sequence with a private context (struct __netgrent) with provides a member where NSS modules can store data between the calls. With this patch setnetgrent() will read all required data from the NSS responder and store it in the data member of the __netgrent struct. Upcoming getnetgrent() calls will only operate on the stored data and not connect to the NSS responder anymore. endgrent() will free the data. Since the netgroup data is read in a single request to the NSS responder protected by a mutex and stored in private context of innetgr() this call is now thread-safe. Resolves: https://github.com/SSSD/sssd/issues/5540 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5541/head:pr5541 git checkout pr5541

3 21

[sssd PR#5435][opened] whitespace_test: fix exclusion of debian directory
by deastoe 21 Apr '21

21 Apr '21

URL: https://github.com/SSSD/sssd/pull/5435 Author: deastoe Title: #5435: whitespace_test: fix exclusion of debian directory Action: opened PR body: """ These tests are supposed to ignore trailing whitespace in files in the debian directory. However this is not the case with the current exclude pattern and usage of `git grep`. Use --full-name with `git grep` to ensure its output is always relative to the repository root, rather than the current directory. Additionally remove the leading slash from the exclude pattern as this will never match the output. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5435/head:pr5435 git checkout pr5435

3 12

[sssd PR#5542][opened] nss client: make innetgr() thread safe
by sumit-bose 21 Apr '21

21 Apr '21

URL: https://github.com/SSSD/sssd/pull/5542 Author: sumit-bose Title: #5542: nss client: make innetgr() thread safe Action: opened PR body: """ The innetgr() call is expected to be thread safe but SSSD's the current implementation isn't. In glibc innetgr() is implementend by calling the setnetgrent(), getnetgrent(), endgrent() sequence with a private context (struct __netgrent) with provides a member where NSS modules can store data between the calls. With this patch setnetgrent() will open a new connection to the NSS responder and stores the file descriptor in the data member of __netgrent struct so that the following getnetgrent() and endgrent() will use the same connection. Since the NSS responder stores the netgroup lookups related data in a per connection context and a new thread will open a new connection the implementation is thread safe. Resolves: https://github.com/SSSD/sssd/issues/5540 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5542/head:pr5542 git checkout pr5542

3 9

[sssd PR#5532][opened] Handle ldap_install_tls() configuration and retrial
by ikerexxe 20 Apr '21

20 Apr '21

URL: https://github.com/SSSD/sssd/pull/5532 Author: ikerexxe Title: #5532: Handle ldap_install_tls() configuration and retrial Action: opened PR body: """ Configure socket options when calling ldap_install_tls() to avoid hitting EINTR during connect. Set the communication to asynchronous. This configuration can't be applied for the connection part, which has to be always blocking. On top of that set the network timeout to ldap_opt_timeout option, to decrease the possibility of triggering a timeout error when polling. If the call to ldap_install_tls() fails with EINTR, retry it again. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5532/head:pr5532 git checkout pr5532

4 59

[sssd PR#5529][opened] AD: read trusted domains from local domain as well
by sumit-bose 16 Apr '21

16 Apr '21

URL: https://github.com/SSSD/sssd/pull/5529 Author: sumit-bose Title: #5529: AD: read trusted domains from local domain as well Action: opened PR body: """ Currently SSSD only uses information stored in a domain controller of the forest root domain to get the names of other trusted domains in the forest. Depending on how the forest was created the forest root might not have LDAP objects for all domains in the forest. It looks like a typical case are child domains of other domains in the forest. As a start SSSD can now include trusted domains stored in the LDAP tree of a local domain controller as well. In a long run it would make sense to allow SSSD to explicitly search for domain by looking up DNS entries and checking a potential domain controller with a CLDAP ping. Resolves: https://github.com/SSSD/sssd/issues/5528 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5529/head:pr5529 git checkout pr5529

3 32

[sssd PR#5549][opened] data_provider: Configure backend probing interval
by elkoniu 15 Apr '21

15 Apr '21

URL: https://github.com/SSSD/sssd/pull/5549 Author: elkoniu Title: #5549: data_provider: Configure backend probing interval Action: opened PR body: """ When be_ptask is created to monitor backend when SSSD is in offline mode checks are happening in specified intervals: delay = delay + (sss_rand() % task->random_offset); New configuration option is introduced in this commit: * refresh_max_random_offset Using this option allows end client to decide what should be the size of random offset when new interval for probing backend is calculated. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1925608 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5549/head:pr5549 git checkout pr5549

4 31

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel March 2021