| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds two new options:
ipa_dyndns_update: Boolean value to select whether this client
should automatically update its IP address in FreeIPA DNS.
ipa_dyndns_iface: Choose an interface manually to use for
updating dynamic DNS. Default is to use the interface associated
with the LDAP connection to FreeIPA.
This patch supports A and AAAA records. It relies on the presence
of the nsupdate tool from the bind-utils package to perform the
actual update step. The location of this utility is set at build
time, but its availability is determined at runtime (so clients
that do not require dynamic update capability do not need to meet
this dependency).
|
| |
|
|
|
|
|
| |
If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to the way RPM processes the %configure macro, these variables
were not actually being passed down to recursive configure
invocations. In other words, they were useless.
Futhermore, in more recent Fedora versions (13+), some of the
dependencies have moved from -lnss to -lnspr4. As a result, it is
safer to rely on the complete output of 'pkg-config nss --libs'
instead of restricting to -lnss. The downside to this is that it
may result in linking unnecessarily against other NSS components
such as libsmime3 and libplc4 (among others). However, since these
are already dependencies of libnss itself, there should be no risk
of them being unavailable on the platform when installed.
|
| |
|
|
| |
Package refarray documentation by default
|
| |
|
|
|
|
|
|
|
|
| |
Adds a new option -Z to sss_useradd and sss_usermod. This option allows
user to specify the SELinux login context for the user. On deleting the
user with sss_userdel, the login mapping is deleted, so subsequent
adding of the same user would result in the default login context unless
-Z is specified again.
MLS security is not supported as of this patch.
|
| |
|
|
|
|
|
| |
Packages /etc/rwtab.d/sssd file that allows SSSD to run on a read-only
root filesystem.
Fixes: #428
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Since we don't keep the changelog up to date, it makes more sense
to simply truncate it to always report that it is an automated
build.
|
| |
|
|
|
|
|
|
| |
This patch brings our spec file into compliance with Fedora python
requirements.
See http://fedoraproject.org/wiki/Packaging/Python#Macros for more
details
|
| | |
|
| |
|
|
| |
This is needed to create the collection documentation
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
The Fedora Package Guidelines forbid the use of rpaths
|
| |
|
|
|
|
|
|
| |
Merging ba8937d83675c7d69808d1d3df8f823afdc5ce2a left the COPYING
and COPYING.LESSER files in the now-defunct sss_client directory.
This patch moves them into the right location and fixes the spec
file to look for them correctly.
|
| | |
|
| |
|
|
| |
Also update BUILD.txt
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Right now, the pkg-config checks for the system version of
libdhash are forcibly disabled, requiring the SSSD to build it
from its own tree. In the future, when we split the libraries off
from the SSSD, it will be easy to switch this check to the
external library.
|
| |
|
|
|
|
|
| |
This patch adds a utility called sss_groupshow that allows user to
print properties of a group in the local domain.
Fixes: #306
|
| | |
|
| |
|
|
|
|
|
| |
We were actually listing files that are on the system, not those that we
created in the $RPM_BUILD_ROOT. Also, by doing an echo with the regular
expression, we put more than one file on one line. Rpmbuild doesn't like
that and will not generate the rpms.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Then name or IP adress of the KDC is written into the pubconf directory
into a file named kdcinfo.REALM. The locator plugin will then read this
file and pass the data to the kerberos libraries.
|
| | |
|
| | |
|
| |
|
|
| |
This is needed by LDAP GSSAPI binds.
|
| |
|
|
|
|
| |
Older versions of rpmbuild do not accept multiple '-f' options
being specified, so we'll add the krb5_locator_plugin.so to the
sss_daemon.lang filelist instead of putting it in its own file.
|
| |
|
|
|
| |
First step generate ldap options from ipa options.
Add sssd-ipa man page too.
|
| |
|
|
|
|
| |
- Run ldconfig in sssd-client post and postun
- Version libnss_sss.so as libnss_sss.so.2 (to set the correct
SONAME)
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
SSSD may contain passwords and other sensitive data, make sure we always keep its
permission tight. Also make /etc/sssd permission very strict, just in case,
admins may inadvertently copy an sssd.conf file without checking it's
permissions.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Introduces a new option --debug-to-files which makes SSSD output its
debug information to a file instead of stderr, which is still the
default.
Also introduces a new confdb option debug_to_files which does the same,
but can be specified per-service in the config file.
The logfiles are stored in /var/log/sssd by default.
Changes the initscript to log to files by default.
|
| | |
|
