freeipa.git/daemons, branch testotp FreeIPA project Teach ipa-pwd-extop to respect global ipaUserAuthType settings 2014-02-11T12:41:12+00:00 Nathaniel McCallum npmccallum@redhat.com 2014-01-31T20:16:35+00:00 e8c425b2b46bd762389c1071aaa472ba6ca4e503 https://fedorahosted.org/freeipa/ticket/4105 
https://fedorahosted.org/freeipa/ticket/4105
Add OTP sync support to ipa-pwd-extop 2014-02-11T12:41:05+00:00 Nathaniel McCallum npmccallum@redhat.com 2014-01-28T22:09:58+00:00 05b620c6009bac717ec21bffe331dc819f2f0256 






Add HOTP support
2014-02-11T12:19:16+00:00

Nathaniel McCallum
npmccallum@redhat.com

2014-01-28T22:11:04+00:00

ea3589f41b9db2ddb7bea3a69f5e1b2d285f5173












Add OTP last token plugin
2014-02-10T17:13:21+00:00

Nathaniel McCallum
npmccallum@redhat.com

2013-12-16T21:19:08+00:00

ab00dce3f50042062f7171c6a6ab5ea8f494790f

This plugin prevents the deletion or deactivation of the last
valid token for a user. This prevents the user from migrating
back to single factor authentication once OTP has been enabled.

Thanks to Mark Reynolds for helping me with this patch.





This plugin prevents the deletion or deactivation of the last
valid token for a user. This prevents the user from migrating
back to single factor authentication once OTP has been enabled.

Thanks to Mark Reynolds for helping me with this patch.







Add libotp internal library for slapi plugins
2014-02-10T17:12:40+00:00

Nathaniel McCallum
npmccallum@redhat.com

2014-01-06T21:50:07+00:00

28630d550ff1f756fadc00a81595cd69c8b11ab6












Enable building in C99 mode
2014-02-10T17:08:57+00:00

Nathaniel McCallum
npmccallum@redhat.com

2013-12-16T21:10:05+00:00

034cdafed5d48f6f03a0ded9f40beee8f89fed01

C99 is supported on all compilers we target and
provides some useful features, including:
  * Standard struct initializers
  * Compound literals
  * For-loop declarations
  * Standard bool type
  * Variable arrays (use with caution)
  * Too many others to mention...





C99 is supported on all compilers we target and
provides some useful features, including:
  * Standard struct initializers
  * Compound literals
  * For-loop declarations
  * Standard bool type
  * Variable arrays (use with caution)
  * Too many others to mention...







ipa-kdb: validate that an OTP user has tokens
2014-02-10T17:05:03+00:00

Nathaniel McCallum
npmccallum@redhat.com

2014-02-06T15:56:46+00:00

8b9c73968f3d60bb7b15190162e23f4be85298a6

This handles the case where a user is configured for OTP in ipaUserAuthType,
but the user has not yet created any tokens. Until the user creates tokens,
the user should still be able to log in via password. This logic already
exists in LDAP, but ipa-kdb needs to perform the same validation to know
what data to return to the KDC.

https://fedorahosted.org/freeipa/ticket/4154





This handles the case where a user is configured for OTP in ipaUserAuthType,
but the user has not yet created any tokens. Until the user creates tokens,
the user should still be able to log in via password. This logic already
exists in LDAP, but ipa-kdb needs to perform the same validation to know
what data to return to the KDC.

https://fedorahosted.org/freeipa/ticket/4154







ipa-lockout: do not fail when default realm cannot be read
2014-02-04T11:44:45+00:00

Martin Kosek
mkosek@redhat.com

2014-02-04T10:02:34+00:00

b351b210be4809b856915a9c63a4288ebd3c9fdf

When ipa-lockout plugin is started during FreeIPA server installation,
the default realm may not be available and plugin should then not end
with failure.

Similarly to other plugins, start in degraded mode in this situation.
Operation is fully restored during the final services restart.

https://fedorahosted.org/freeipa/ticket/4085





When ipa-lockout plugin is started during FreeIPA server installation,
the default realm may not be available and plugin should then not end
with failure.

Similarly to other plugins, start in degraded mode in this situation.
Operation is fully restored during the final services restart.

https://fedorahosted.org/freeipa/ticket/4085







Fallback to global policy in ipa-lockout plugin
2014-02-03T07:57:14+00:00

Martin Kosek
mkosek@redhat.com

2014-01-30T15:58:25+00:00

d85e2c9a8220e5a61c8dbc205d71693e832b668a

krbPwdPolicyReference is no longer filled default users. Instead, plugins
fallback to hardcoded global policy reference.

Fix ipa-lockout plugin to fallback to it instead of failing to apply
the policy.

https://fedorahosted.org/freeipa/ticket/4085





krbPwdPolicyReference is no longer filled default users. Instead, plugins
fallback to hardcoded global policy reference.

Fix ipa-lockout plugin to fallback to it instead of failing to apply
the policy.

https://fedorahosted.org/freeipa/ticket/4085







BUILD: Fix portability of NSS in file ipa_pwd.c
2014-01-28T15:35:34+00:00

Lukas Slebodnik
lslebodn@redhat.com

2014-01-28T15:35:34+00:00

a4faa2f444f42644e6565675999d0db360716db0

Tested-by: Timo Aaltonen <tjaalton@ubuntu.com>





Tested-by: Timo Aaltonen <tjaalton@ubuntu.com>