sssd.git/src/confdb, branch ldapdebug sssd with jhrozek's patches Convert the value of pwd_exp_warning to seconds 2013-01-22T12:04:15+00:00 Jakub Hrozek jhrozek@redhat.com 2013-01-22T08:07:37+00:00 1d262e93850e2be65a774da070600947f1b75153 When read from the domain section, the pwd_expiration_warning was properly converted to seconds from days, but not the pam_pwd_expiration_warning set in the [pam] section. https://fedorahosted.org/sssd/ticket/1773 
When read from the domain section, the pwd_expiration_warning was
properly converted to seconds from days, but not the
pam_pwd_expiration_warning set in the [pam] section.

https://fedorahosted.org/sssd/ticket/1773
Move mpg flag to the domain where it belongs 2013-01-15T09:53:03+00:00 Simo Sorce simo@redhat.com 2013-01-08T18:45:55+00:00 c14184c07634801cda7864aa17c6fa8dc9ab43d1 A sysdb contains now multiple domains, but the mpg property is a property of a specific domain not of the underlying database. 
A sysdb contains now multiple domains, but the mpg property is a
property of a specific domain not of the underlying database.
failover: Protect against empty host names 2013-01-02T16:44:09+00:00 Michal Zidek mzidek@redhat.com 2012-10-15T10:21:00+00:00 04759b59e71c78ab23b84d13dd29d9c6dd680adb Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484 
Added new parameter to split_on_separator that allows to skip
empty values.

The whole function was rewritten. Unit test case was added to
check the new implementation.

https://fedorahosted.org/sssd/ticket/1484
Add ignore_group_members option. 2012-11-15T19:03:27+00:00 Paul B. Henson henson@acm.org 2012-11-13T11:31:43+00:00 59f136cd254d1acf2991c97221eb08803784777d https://fedorahosted.org/sssd/ticket/1376 
https://fedorahosted.org/sssd/ticket/1376
Allow setting the default_shell option per-domain as well 2012-10-18T18:19:33+00:00 Jakub Hrozek jhrozek@redhat.com 2012-10-17T12:43:07+00:00 66318dfe1e7138ff3fc780c4b3f0b29c4b2d8712 https://fedorahosted.org/sssd/ticket/1583 
https://fedorahosted.org/sssd/ticket/1583
SSH: Expire hosts in known_hosts 2012-10-05T08:51:55+00:00 Jan Cholasta jcholast@redhat.com 2012-09-25T08:29:29+00:00 3882325ff60f89d0c312e9519bdfd1351978fd73 






Add new option default_domain_suffix
2012-10-01T19:45:21+00:00

Sumit Bose
sbose@redhat.com

2012-09-21T16:30:30+00:00

1542b85f13d72329685bdd97aa879c36d11f81be












Renamed session provider to selinux provider
2012-07-27T08:37:06+00:00

Jan Zeleny
jzeleny@redhat.com

2012-07-24T16:31:19+00:00

38e2ec1c757955ab557fd95807afa58042d09482












NSS: Add override_shell option
2012-07-20T18:21:19+00:00

Stephen Gallagher
sgallagh@redhat.com

2012-07-19T19:50:52+00:00

695bca9d2f73096254308e0883fcc74b2631850e

If override_shell is specified in the [nss] section, all users
managed by SSSD will have their shell set to this value. If it is
specified in the [domain/DOMAINNAME] section, it will apply to
only that domain (and override the [nss] value, if any).

https://fedorahosted.org/sssd/ticket/1087





If override_shell is specified in the [nss] section, all users
managed by SSSD will have their shell set to this value. If it is
specified in the [domain/DOMAINNAME] section, it will apply to
only that domain (and override the [nss] value, if any).

https://fedorahosted.org/sssd/ticket/1087







pac responder: limit access by checking UIDs
2012-07-10T13:07:26+00:00

Sumit Bose
sbose@redhat.com

2012-07-05T08:50:08+00:00

2d257ccf620ce1b611f89cec8f0a94c88c2f2881

A check for allowed UIDs is added in the common responder code directly
after accept(). If the platform does not support reading the UID of the
peer but allowed UIDs are configured, access is denied.

Currently only the PAC responder sets the allowed UIDs for a socket. The
default is that only root is allowed to access the socket of the PAC
responder.

Fixes: https://fedorahosted.org/sssd/ticket/1382





A check for allowed UIDs is added in the common responder code directly
after accept(). If the platform does not support reading the UID of the
peer but allowed UIDs are configured, access is denied.

Currently only the PAC responder sets the allowed UIDs for a socket. The
default is that only root is allowed to access the socket of the PAC
responder.

Fixes: https://fedorahosted.org/sssd/ticket/1382