Hi,
this patch should fix ticket #604, but maybe we want to add some more levels to pam_verbosity and also handle other messages with this patch.
Currently I have two questions. First, is more granularity needed for pam_verbosity or is it enough to switch between only important and all messages? Second, if offline_credentials_expiration is set, the 'Authenticated with cached credentials' messages is always display. Is this acceptable or shall we introduce a threshold parameter here?
bye, Sumit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/27/2010 07:57 AM, Sumit Bose wrote:
Hi,
this patch should fix ticket #604, but maybe we want to add some more levels to pam_verbosity and also handle other messages with this patch.
Currently I have two questions. First, is more granularity needed for pam_verbosity or is it enough to switch between only important and all messages? Second, if offline_credentials_expiration is set, the 'Authenticated with cached credentials' messages is always display. Is this acceptable or shall we introduce a threshold parameter here?
Nack.
My original thought was that this should be based on severity level. pam_verbosity should be:
0: Do not print any messages at all. 1: Print only important messages 2: Print informational messages 3: Print low-level debug messages
If we're at pam_verbosity = 1, then we should see the "Authenticated with cached credentials" with the expiration information. At level 0, it should be suppressed. At level 2, we should see it even when not using offline_credentials_expiration.
Level 3 isn't used right now, but should be available for future use.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
On Thu, Nov 04, 2010 at 09:47:33AM -0400, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/27/2010 07:57 AM, Sumit Bose wrote:
Hi,
this patch should fix ticket #604, but maybe we want to add some more levels to pam_verbosity and also handle other messages with this patch.
Currently I have two questions. First, is more granularity needed for pam_verbosity or is it enough to switch between only important and all messages? Second, if offline_credentials_expiration is set, the 'Authenticated with cached credentials' messages is always display. Is this acceptable or shall we introduce a threshold parameter here?
Nack.
My original thought was that this should be based on severity level. pam_verbosity should be:
0: Do not print any messages at all. 1: Print only important messages 2: Print informational messages 3: Print low-level debug messages
If we're at pam_verbosity = 1, then we should see the "Authenticated with cached credentials" with the expiration information. At level 0, it should be suppressed. At level 2, we should see it even when not using offline_credentials_expiration.
Level 3 isn't used right now, but should be available for future use.
Thanks for the comments. I've added the two other levels and modified the code accordingly. So far only SSS_PAM_USER_INFO_OFFLINE_AUTH is handled and the level 0 which suppresses all messages.
While making the changes I realized that we do not want to use long long to send the expiration time and the delay to the client but a more strict defined type like int64_t. I've added the patch here and not as a separate one, because the verbosity patch depends on it.
bye, Sumit
Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkzSuXUACgkQeiVVYja6o6OGWwCfaVNB1eWSwfnj5omYzZJqTnam SFwAnA3w1bsZWpum+gfTVQwC8bKC44/5 =QU/C -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
On Fri, Nov 05, 2010 at 10:01:45PM +0100, Sumit Bose wrote:
On Thu, Nov 04, 2010 at 09:47:33AM -0400, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/27/2010 07:57 AM, Sumit Bose wrote:
Hi,
this patch should fix ticket #604, but maybe we want to add some more levels to pam_verbosity and also handle other messages with this patch.
Currently I have two questions. First, is more granularity needed for pam_verbosity or is it enough to switch between only important and all messages? Second, if offline_credentials_expiration is set, the 'Authenticated with cached credentials' messages is always display. Is this acceptable or shall we introduce a threshold parameter here?
Nack.
My original thought was that this should be based on severity level. pam_verbosity should be:
0: Do not print any messages at all. 1: Print only important messages 2: Print informational messages 3: Print low-level debug messages
If we're at pam_verbosity = 1, then we should see the "Authenticated with cached credentials" with the expiration information. At level 0, it should be suppressed. At level 2, we should see it even when not using offline_credentials_expiration.
Level 3 isn't used right now, but should be available for future use.
Thanks for the comments. I've added the two other levels and modified the code accordingly. So far only SSS_PAM_USER_INFO_OFFLINE_AUTH is handled and the level 0 which suppresses all messages.
While making the changes I realized that we do not want to use long long to send the expiration time and the delay to the client but a more strict defined type like int64_t. I've added the patch here and not as a separate one, because the verbosity patch depends on it.
bye, Sumit
sorry, I forgot to initialize do_not_send_to_client. New versions attached.
bye, Sumit
Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkzSuXUACgkQeiVVYja6o6OGWwCfaVNB1eWSwfnj5omYzZJqTnam SFwAnA3w1bsZWpum+gfTVQwC8bKC44/5 =QU/C -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/09/2010 07:52 AM, Sumit Bose wrote:
On Fri, Nov 05, 2010 at 10:01:45PM +0100, Sumit Bose wrote:
On Thu, Nov 04, 2010 at 09:47:33AM -0400, Stephen Gallagher wrote:
On 10/27/2010 07:57 AM, Sumit Bose wrote:
Hi,
this patch should fix ticket #604, but maybe we want to add some more levels to pam_verbosity and also handle other messages with this patch.
Currently I have two questions. First, is more granularity needed for pam_verbosity or is it enough to switch between only important and all messages? Second, if offline_credentials_expiration is set, the 'Authenticated with cached credentials' messages is always display. Is this acceptable or shall we introduce a threshold parameter here?
Nack.
My original thought was that this should be based on severity level. pam_verbosity should be:
0: Do not print any messages at all. 1: Print only important messages 2: Print informational messages 3: Print low-level debug messages
If we're at pam_verbosity = 1, then we should see the "Authenticated with cached credentials" with the expiration information. At level 0, it should be suppressed. At level 2, we should see it even when not using offline_credentials_expiration.
Level 3 isn't used right now, but should be available for future use.
Thanks for the comments. I've added the two other levels and modified the code accordingly. So far only SSS_PAM_USER_INFO_OFFLINE_AUTH is handled and the level 0 which suppresses all messages.
While making the changes I realized that we do not want to use long long to send the expiration time and the delay to the client but a more strict defined type like int64_t. I've added the patch here and not as a separate one, because the verbosity patch depends on it.
bye, Sumit
sorry, I forgot to initialize do_not_send_to_client. New versions attached.
Ack to both.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/15/2010 11:58 AM, Stephen Gallagher wrote:
On 11/09/2010 07:52 AM, Sumit Bose wrote:
On Fri, Nov 05, 2010 at 10:01:45PM +0100, Sumit Bose wrote:
On Thu, Nov 04, 2010 at 09:47:33AM -0400, Stephen Gallagher wrote:
On 10/27/2010 07:57 AM, Sumit Bose wrote:
Hi,
this patch should fix ticket #604, but maybe we want to add some more levels to pam_verbosity and also handle other messages with this patch.
Currently I have two questions. First, is more granularity needed for pam_verbosity or is it enough to switch between only important and all messages? Second, if offline_credentials_expiration is set, the 'Authenticated with cached credentials' messages is always display. Is this acceptable or shall we introduce a threshold parameter here?
Nack.
My original thought was that this should be based on severity level. pam_verbosity should be:
0: Do not print any messages at all. 1: Print only important messages 2: Print informational messages 3: Print low-level debug messages
If we're at pam_verbosity = 1, then we should see the "Authenticated with cached credentials" with the expiration information. At level 0, it should be suppressed. At level 2, we should see it even when not using offline_credentials_expiration.
Level 3 isn't used right now, but should be available for future use.
Thanks for the comments. I've added the two other levels and modified the code accordingly. So far only SSS_PAM_USER_INFO_OFFLINE_AUTH is handled and the level 0 which suppresses all messages.
While making the changes I realized that we do not want to use long long to send the expiration time and the delay to the client but a more strict defined type like int64_t. I've added the patch here and not as a separate one, because the verbosity patch depends on it.
bye, Sumit
sorry, I forgot to initialize do_not_send_to_client. New versions attached.
Ack to both.
Pushed to master.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
sssd-devel@lists.fedorahosted.org