sssd.git/src/responder/pam, branch master

pam: Incerease p11 child timeout

2015-08-17T13:10:03+00:00

Ticket:
https://fedorahosted.org/sssd/ticket/2746

It was timeouting often in CI machines.

Reviewed-by: Lukáš Slebodník

PAM: add certificate support to PAM (pre-)auth requests

2015-07-31T07:52:01+00:00

Reviewed-by: Jakub Hrozek

PAM: Only cache first-factor

2015-07-06T18:19:15+00:00

Reviewed-by: Sumit Bose

Minor code improvements

2015-07-06T18:19:12+00:00

pam_helpers.h had to be included after util.h.
Removed exara empty line.
Fixed code alignment

Reviewed-by: Jakub Hrozek

PAM: authenticate agains cache

2015-07-06T18:19:09+00:00

Enable authenticating users from cache even when SSSD is in online mode.

Introduce new option `cached_auth_timeout`.

Resolves:
https://fedorahosted.org/sssd/ticket/1807

Reviewed-by: Jakub Hrozek

sysdb: new attribute lastOnlineAuthWithCurrentToken

2015-07-06T18:19:02+00:00

Introduce new user attribute lastOnlineAuthWithCurrentToken.
This attribute behaves similarly to lastOnlineAuth but is set to NULL
after password is changed.

This attribute is needed for use-case when cached authentication is used, to
request online authentication after password is locally changed.

Resolves:
https://fedorahosted.org/sssd/ticket/1807

Reviewed-by: Jakub Hrozek

2FA offline auth

2015-05-08T07:14:26+00:00

Reviewed-by: Lukáš Slebodník

Add pre-auth request

2015-05-08T07:13:23+00:00

Reviewed-by: Lukáš Slebodník

pam: handle 2FA authentication token in the responder

2015-05-08T07:13:19+00:00

Reviewed-by: Lukáš Slebodník

responders: reset ncache after domains are discovered during startup

2015-04-09T06:35:23+00:00

After responders start, they add a lookup operation that discovers the
subdomains so that qualifying users works. After this operation is
finishes, we need to reset negcache to allow users to be added into the
newly discovered domains.

Reviewed-by: Lukáš Slebodník