sssd.git - sssd with jhrozek's patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	Run IPA subdomain provider if IPA ID provider is configured	Sumit Bose	2012-11-14	1	-0/+23
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	To make configuration easier the IPA subdomain provider should be always loaded if the IPA ID provider is configured and the subdomain provider is not explicitly disabled. But to avoid the overhead of regular subdomain requests in setups where no subdomains are used the IPA subdomain provider should behave differently if configured explicit or implicit. If the IPA subdomain provider is configured explicitly, i.e. 'subdomains_provider = ipa' can be found in the domain section of sssd.conf subdomain request are always send to the server if needed. If it is configured implicitly and a request to the server fails with an indication that the server currently does not support subdomains at all, e.g. is not configured to handle trust relationships, a new request will be only send to the server after a long timeout or after a going-online event. To be able to make this distinction this patch save the configuration status to the subdomain context. Fixes https://fedorahosted.org/sssd/ticket/1613
*	Always start PAC responder if IPA ID provider is configured	Sumit Bose	2012-11-14	1	-0/+6
\| \| \| \| \| \| \| \|	Since the PAC responder is used during the authentication of users from trusted realms it is started automatically if the IPA ID provider is configured for a domain to simplify the configuration. Fixes https://fedorahosted.org/sssd/ticket/1613
*	man: Note that automounter must be restarted to re-read the master map	Jakub Hrozek	2012-10-05	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1563
*	Fix various typos in documentation.	Yuri Chornoivan	2012-08-03	1	-1/+1
\|
*	Primary server support: new option in IPA provider	Jan Zeleny	2012-08-01	1	-1/+1
\| \| \| \| \| \|	This patch adds support for new config option ipa_backup_server. The description of this option's functionality is included in man page in one of previous patches.
*	MAN: Unify "SEE ALSO" sections	Stephen Gallagher	2012-07-06	1	-17/+2
\|
*	IPA subdomains - ask for information about master domain	Jan Zeleny	2012-06-10	1	-0/+19
\| \| \| \| \| \| \|	The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
*	IPA: Add get-domains target	Sumit Bose	2012-04-24	1	-0/+19
\|
*	AUTOFS: IPA provider	Jakub Hrozek	2012-02-07	1	-0/+12
\|
*	IPA: Add host info handler	Jan Cholasta	2012-02-07	1	-0/+12
\|
*	Man pages for the session target and SELinux user maps fetching	Jan Zeleny	2012-02-06	1	-0/+140
\|
*	IPA: Detect nsupdate support for the realm directive	Stephen Gallagher	2012-01-17	1	-0/+5
\| \| \| \| \|	For older platforms, do not add the 'realm' line in the update message
*	Add info about ipa_host_search_base to man page	Jan Zeleny	2012-01-14	1	-0/+29
\| \| \| \| \|	Also add comment that setting ipa_hbac_support_srchost to False disables search filters given in ipa_host_search_base
*	Add ipa_hbac_support_srchost option to IPA provider	Jan Zeleny	2011-11-29	1	-0/+12
\| \| \| \| \|	don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078
*	Added and modified options for IPA netgroups	Jan Zeleny	2011-11-23	1	-1/+88
\|
*	Fix typos in manual pages	Yuri Chornoivan	2011-11-10	1	-1/+1
\|
*	Add support to request canonicalization on krb AS requests	Jan Zeleny	2011-11-02	1	-0/+17
\| \| \| \|	https://fedorahosted.org/sssd/ticket/957
*	man page fix (lists are comma-separated)	Jan Zeleny	2011-10-13	1	-1/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1024
*	Add ipa_hbac_treat_deny_as option	Stephen Gallagher	2011-07-08	1	-0/+27
\| \| \| \| \| \|	By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
*	Add ipa_hbac_refresh option	Stephen Gallagher	2011-07-08	1	-0/+15
\| \| \| \| \|	This option describes the time between refreshes of the HBAC rules on the IPA server.
*	Use realm for basedn instead of IPA domain	Jakub Hrozek	2011-02-28	1	-0/+15
\| \| \| \|	https://fedorahosted.org/sssd/ticket/807
*	Add ipa_hbac_search_base config option	Sumit Bose	2011-01-19	1	-0/+13
\|
*	Man pages should mention supported providers	Jan Zeleny	2010-10-13	1	-0/+4
\| \| \| \| \| \| \|	Each back end can support id, auth or access provider, but each back end supports different subset of these. Man pages should describe which providers are supported by each back end. Ticket: #615
*	Add dynamic DNS updates to FreeIPA	Stephen Gallagher	2010-05-16	1	-0/+28
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
*	Revert "Add dynamic DNS updates to FreeIPA"	Stephen Gallagher	2010-05-07	1	-28/+0
\| \| \| \| \| \| \|	This reverts commit 973b7c27c0b294b8b2f120296f64c6a3a36e44b7. While this patch applied cleanly, it was uncompilable. Reverting until it can be properly merged.
*	Add dynamic DNS updates to FreeIPA	Stephen Gallagher	2010-05-07	1	-0/+28
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
*	Use service discovery in backends	Jakub Hrozek	2010-05-07	1	-0/+4
\| \| \| \| \| \| \| \| \|	Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
*	Rename server/ directory to src/	Stephen Gallagher	2010-02-18	1	-0/+159
	Also update BUILD.txt