sssd.git/src/config/etc, branch sysdb sssd with jhrozek's patches AD: Add autofs provider 2015-11-26T15:51:41+00:00 Jakub Hrozek jhrozek@redhat.com 2015-11-18T14:29:58+00:00 03b859510dc13a13a456ca4aa94c0561a0e9684c https://fedorahosted.org/sssd/ticket/1632 Adds the possibility to configure: autofs_provider = ad The AD autofs provider uses the rfc2307 (nis*) attribute maps. This is different (at the moment) from using autofs_provider=ldap with ldap_schema=ad. Reviewed-by: Ondrej Valousek <ondrejv2@fedoraproject.org> Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
https://fedorahosted.org/sssd/ticket/1632

Adds the possibility to configure:
    autofs_provider = ad

The AD autofs provider uses the rfc2307 (nis*) attribute maps. This is
different (at the moment) from using autofs_provider=ldap with
ldap_schema=ad.

Reviewed-by: Ondrej Valousek <ondrejv2@fedoraproject.org>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
p11: enable ocsp checks 2015-11-26T15:39:49+00:00 Sumit Bose sbose@redhat.com 2015-11-05T17:20:27+00:00 544a20de7667f05c1a406c4dea0706b0ab507430 This patch enables the Online Certificate Status Protocol in NSS and adds an option to disable it if needed. To make further tuning of certificate verification more easy it is not an option on its own but an option to the new certificate_verification configuration option. Resolves https://fedorahosted.org/sssd/ticket/2812 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.

Resolves https://fedorahosted.org/sssd/ticket/2812

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SSSD: Add a new option diag_cmd 2015-11-13T09:55:50+00:00 Jakub Hrozek jhrozek@redhat.com 2015-11-02T10:41:31+00:00 89530c830ded58c6140cdb34c9de07bf77bb5bc0 This option is an optional one that is run when a sbus ping times out and before a SIGKILL signal is sent. It is undocumented by default. diag_cmd (string): A command that should be run for diagnostic purpose when an sbus timeout fails. The option value may contain %p which would be expanded for the process ID of the process that timed out Example: pstack %p This setting would print the stackstrace of the service whose ping timed out. Default: not set. Reviewed-by: Petr Cech <pcech@redhat.com> 
This option is an optional one that is run when a sbus ping times out
and before a SIGKILL signal is sent.

It is undocumented by default.

diag_cmd (string):
A command that should be run for diagnostic purpose when an sbus timeout
fails. The option value may contain %p which would be expanded for the
process ID of the process that timed out

Example:
        pstack %p
This setting would print the stackstrace of the service whose ping timed out.

Default: not set.

Reviewed-by: Petr Cech <pcech@redhat.com>
PAM: Make p11_child timeout configurable 2015-09-23T21:08:50+00:00 Michal Židek mzidek@redhat.com 2015-09-07T13:19:53+00:00 d85be8ad409c9efa9cf9e9ab6f9c2d911b01e5c1 Ticket: https://fedorahosted.org/sssd/ticket/2773 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Ticket:
https://fedorahosted.org/sssd/ticket/2773

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
DYNDNS: Add a new option dyndns_server 2015-08-14T21:51:02+00:00 Jakub Hrozek jhrozek@redhat.com 2014-07-06T20:53:27+00:00 8145ab51b05aa86b2f1a21b49383f55e50b0a2e3 Some environments use a different DNS server than identity server. For these environments, it would be useful to be able to override the DNS server used to perform DNS updates. This patch adds a new option dyndns_server that, if set, would be used to hardcode a DNS server address into the nsupdate message. Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Some environments use a different DNS server than identity server. For
these environments, it would be useful to be able to override the DNS
server used to perform DNS updates.

This patch adds a new option dyndns_server that, if set, would be used
to hardcode a DNS server address into the nsupdate message.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
sudo: use "higher value wins" when ordering rules 2015-08-14T20:47:45+00:00 Pavel Březina pbrezina@redhat.com 2015-07-29T12:51:30+00:00 52e3ee5c5ff2c5a4341041826a803ad42d2b2de7 This commit changes the default ordering logic (lower value wins) to a correct one that is used by native ldap support. It also adds a new option sudo_inverse_order to switch to the original SSSD (incorrect) behaviour if needed. Resolves: https://fedorahosted.org/sssd/ticket/2682 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This commit changes the default ordering logic (lower value wins) to
a correct one that is used by native ldap support. It also adds a new
option sudo_inverse_order to switch to the original SSSD (incorrect)
behaviour if needed.

Resolves:
https://fedorahosted.org/sssd/ticket/2682

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ssh: generate public keys from certificate 2015-07-31T07:52:06+00:00 Sumit Bose sbose@redhat.com 2015-07-15T07:40:00+00:00 4de84af23db74e13e867985c9093f394c9fa8d51 Resolves: https://fedorahosted.org/sssd/ticket/2711 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves: https://fedorahosted.org/sssd/ticket/2711

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
LDAP: Add the wildcard_limit option 2015-07-15T15:32:46+00:00 Jakub Hrozek jhrozek@redhat.com 2015-06-17T14:13:51+00:00 b9e74a747b8f1012bba3575f3e4289ef4877d64a Related: https://fedorahosted.org/sssd/ticket/2553 Adds a new wildcard_limit option that is set by default to 1000 (one page). This option limits the number of entries that can by default be returned by a wildcard search. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related:
    https://fedorahosted.org/sssd/ticket/2553

Adds a new wildcard_limit option that is set by default to 1000 (one
page). This option limits the number of entries that can by default be
returned by a wildcard search.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
PAM: authenticate agains cache 2015-07-06T18:19:09+00:00 Pavel Reichl preichl@redhat.com 2015-04-16T07:41:58+00:00 0aa18cc0bf3447ca734476926724f1632e160807 Enable authenticating users from cache even when SSSD is in online mode. Introduce new option `cached_auth_timeout`. Resolves: https://fedorahosted.org/sssd/ticket/1807 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Enable authenticating users from cache even when SSSD is in online mode.

Introduce new option `cached_auth_timeout`.

Resolves:
https://fedorahosted.org/sssd/ticket/1807

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
LDAP: add ldap_user_certificate option 2015-06-19T15:21:24+00:00 Sumit Bose sbose@redhat.com 2015-05-07T08:59:10+00:00 e22e04517b9f9d0c7759dc4768eedfd05908e9b6 Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related to https://fedorahosted.org/sssd/ticket/2596

Reviewed-by: Pavel Březina <pbrezina@redhat.com>