sssd.git - sssd with jhrozek's patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	Remove support for pre-1.1 netlink	Stephen Gallagher	2011-01-17	1	-25/+24
\| \| \| \| \| \| \|	Netlink 1.0 and older is buggy and unreliable, occasionally causing tight-loops. We're no longer going to try to support it. https://fedorahosted.org/sssd/ticket/755
*	Add support for FAST in krb5 provider	Sumit Bose	2010-12-07	1	-1/+3
\|
*	Raise the required version of libdhash	Sumit Bose	2010-10-13	1	-1/+1
\| \| \| \| \|	libdhash version 0.4.2 is required because older versions cannot update hash entries.
*	Use new MIT krb5 API for better password expiration warnings	Sumit Bose	2010-09-23	1	-1/+2
\|
*	Add gentoo distrubutions	Maxim	2010-09-02	1	-1/+5
\| \| \| \|	Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
*	Fix configure check for ldb	Maxim	2010-08-23	1	-1/+1
\|
*	Rewrite toplevel Makefile	Stephen Gallagher	2010-08-19	3	-30/+24
\| \| \| \| \| \|	There is no longer a need to have nested Makefiles and configure scripts. This patch combines the src/ Makefile and configure.ac into the root.
*	Require -ltalloc for tevent configure check	Stephen Gallagher	2010-08-03	1	-2/+8
\|
*	Use netlink to detect going online	Jakub Hrozek	2010-07-09	1	-0/+36
\| \| \| \| \| \| \| \|	Integrates libnl to detect adding routes. When a route is added, the offline status of all back ends is reset. This patch adds no heuristics to detect whether back end went offline. Fixes: #456
*	Add support for delayed kinit if offline	Sumit Bose	2010-05-26	1	-0/+11
\| \| \| \| \| \| \|	If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
*	Remove bash-isms from configure macros	Petter Reinholdtsen	2010-05-21	2	-9/+9
\|
*	Allow Debian/Ubuntu build to pass --install-layout=deb to setup.py	Petter Reinholdtsen	2010-05-16	1	-2/+6
\|
*	Add dynamic DNS updates to FreeIPA	Stephen Gallagher	2010-05-16	1	-0/+8
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
*	Revert "Add dynamic DNS updates to FreeIPA"	Stephen Gallagher	2010-05-07	1	-8/+0
\| \| \| \| \| \| \|	This reverts commit 973b7c27c0b294b8b2f120296f64c6a3a36e44b7. While this patch applied cleanly, it was uncompilable. Reverting until it can be properly merged.
*	Add dynamic DNS updates to FreeIPA	Stephen Gallagher	2010-05-07	1	-0/+8
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
*	Use SO_PEERCRED on the PAM socket	Sumit Bose	2010-04-16	1	-0/+12
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
*	Revert "Add better checks on PAM socket"	Sumit Bose	2010-04-16	1	-12/+0
\| \| \| \|	This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
*	SELinux login management	Jakub Hrozek	2010-04-08	1	-0/+12
\| \| \| \| \| \| \| \| \| \|	Adds a new option -Z to sss_useradd and sss_usermod. This option allows user to specify the SELinux login context for the user. On deleting the user with sss_userdel, the login mapping is deleted, so subsequent adding of the same user would result in the default login context unless -Z is specified again. MLS security is not supported as of this patch.
*	Flush NSCD cache after modifying local database	Jakub Hrozek	2010-03-15	1	-0/+9
\| \| \| \|	Fixes: #221
*	Add better checks on PAM socket	Sumit Bose	2010-03-11	1	-0/+12
\| \| \| \| \|	- check if the public socket belongs to root and has 0666 permissions - use a SCM_CREDENTIALS message if available
*	Rename server/ directory to src/	Stephen Gallagher	2010-02-18	20	-0/+609
	Also update BUILD.txt