sssd.git - sssd with jhrozek's patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	MAN: Move ssh_known_hosts_timeout documentation to the correct section	Jan Cholasta	2012-12-14	1	-12/+12
\|
*	Run IPA subdomain provider if IPA ID provider is configured	Sumit Bose	2012-11-14	1	-5/+9
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	To make configuration easier the IPA subdomain provider should be always loaded if the IPA ID provider is configured and the subdomain provider is not explicitly disabled. But to avoid the overhead of regular subdomain requests in setups where no subdomains are used the IPA subdomain provider should behave differently if configured explicit or implicit. If the IPA subdomain provider is configured explicitly, i.e. 'subdomains_provider = ipa' can be found in the domain section of sssd.conf subdomain request are always send to the server if needed. If it is configured implicitly and a request to the server fails with an indication that the server currently does not support subdomains at all, e.g. is not configured to handle trust relationships, a new request will be only send to the server after a long timeout or after a going-online event. To be able to make this distinction this patch save the configuration status to the subdomain context. Fixes https://fedorahosted.org/sssd/ticket/1613
*	MAN: Specify the correct location for the force_timeout option	Stephen Gallagher	2012-11-11	1	-16/+32
\|
*	MAN: improve wording of default_domain parameter	Jakub Hrozek	2012-10-12	1	-5/+5
\|
*	Fix typos	Yuri Chornoivan	2012-10-09	1	-1/+1
\|
*	man: Note that automounter must be restarted to re-read the master map	Jakub Hrozek	2012-10-05	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1563
*	SSH: Expire hosts in known_hosts	Jan Cholasta	2012-10-05	1	-0/+12
\|
*	Add man page section about provider specific re_expression	Sumit Bose	2012-10-02	1	-8/+33
\| \| \| \|	Fixes: https://fedorahosted.org/sssd/ticket/1525
*	Add new option default_domain_suffix	Sumit Bose	2012-10-01	1	-0/+24
\|
*	autofs, sudo, ssh and PAC are not experimental anymore	Jakub Hrozek	2012-09-24	1	-21/+0
\|
*	Document entry_cache_autofs_timeout	Jakub Hrozek	2012-08-10	1	-0/+14
\|
*	Fix various typos in documentation.	Yuri Chornoivan	2012-08-03	1	-1/+1
\|
*	Renamed session provider to selinux provider	Jan Zeleny	2012-07-27	1	-7/+8
\|
*	NSS: Add override_shell option	Stephen Gallagher	2012-07-20	1	-0/+14
\| \| \| \| \| \| \| \| \|	If override_shell is specified in the [nss] section, all users managed by SSSD will have their shell set to this value. If it is specified in the [domain/DOMAINNAME] section, it will apply to only that domain (and override the [nss] value, if any). https://fedorahosted.org/sssd/ticket/1087
*	MAN: Improvements to the AD provider manpage	Stephen Gallagher	2012-07-20	1	-0/+16
\| \| \| \| \| \| \|	Add information about ID mapping (including how to disable it) as well as information on how to handle homedir and shell. https://fedorahosted.org/sssd/ticket/1433
*	MAN: List all available backends for provider options	Stephen Gallagher	2012-07-20	1	-14/+84
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1432
*	Fix typo: exhasution->exhaustion.	Yuri Chornoivan	2012-07-10	1	-1/+1
\|
*	pac responder: limit access by checking UIDs	Sumit Bose	2012-07-10	1	-4/+27
\| \| \| \| \| \| \| \| \| \| \| \|	A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
*	MAN: Unify "SEE ALSO" sections	Stephen Gallagher	2012-07-06	1	-32/+2
\|
*	sudo: manpage updated	Pavel Březina	2012-06-29	1	-26/+14
\| \| \| \|	Removes old options and adds new ones.
*	Set default for subdomain_homedir	Sumit Bose	2012-06-25	1	-0/+3
\|
*	Add man page section for the PAC responder	Sumit Bose	2012-06-25	1	-0/+36
\|
*	Make the client idle timeout configurable	Stephen Gallagher	2012-06-18	1	-0/+15
\|
*	Clarify how comments work in sssd.conf	Ariel Barria	2012-06-12	1	-1/+2
\|
*	Make re_expression and full_name_format per domain options	Stef Walter	2012-06-12	1	-18/+49
\| \| \| \| \| \| \| \| \| \| \|	* Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
*	Allow fast memcache timeout to be configurable	Jan Zeleny	2012-06-10	1	-0/+12
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1318
*	Fix typos in message and man pages.	Yuri Chornoivan	2012-05-14	1	-2/+2
\|
*	Bad check for id_provider=local and access_provider=permit	Ariel Barria	2012-05-11	1	-1/+1
\| \| \| \| \| \|	documentation-access_provider Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
*	NSS: Add default_shell option	Stephen Gallagher	2012-05-09	1	-0/+15
\| \| \| \| \| \| \|	This option will allow administrators to set a default shell to be used if a user does not have one set in the identity provider. https://fedorahosted.org/sssd/ticket/1289
*	NSS: Add fallback_homedir option	Stephen Gallagher	2012-05-09	1	-0/+18
\| \| \| \| \| \| \| \|	This option is similar to override_homedir, except that it will take effect only for users that do not have an explicit home directory specified in LDAP. https://fedorahosted.org/sssd/ticket/1250
*	Clearer documentation for use_fully_qualified_names	Stef Walter	2012-05-09	1	-0/+5
\| \| \| \|	* Previously only the side effect was described.
*	Modify behavior of pam_pwd_expiration_warning	Jan Zeleny	2012-05-04	1	-1/+34
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider.
*	SSH: Add support for hashed known_hosts	Jan Cholasta	2012-04-24	1	-0/+25
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1203
*	New config option for subdomains	Jan Zeleny	2012-04-24	1	-0/+15
\| \| \| \| \|	subdomain_homedir - if set, it contains default value, can be overriden in further processing
*	data provider: added subdomains	Sumit Bose	2012-04-24	1	-0/+24
\|
*	Responder part of the subdomain retrieval work	Jan Zeleny	2012-04-24	1	-0/+24
\|
*	Fix typo: retreiving->retrieving	Yuri Chornoivan	2012-04-20	1	-1/+1
\|
*	Two manual pages fixes	Marco Pizzoli	2012-04-20	1	-0/+2
\|
*	Make the monitor SIGKILL time configurable	Jakub Hrozek	2012-04-20	1	-0/+16
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1119
*	proxy: new option proxy_fast_alias	Jakub Hrozek	2012-04-20	1	-0/+17
\|
*	MAN: document the hostid and autofs providers	Jakub Hrozek	2012-04-18	1	-0/+60
\|
*	MAN: timeout can be specified for services, too	Jakub Hrozek	2012-04-18	1	-14/+13
\|
*	Remove the "command" option from documentation	Jakub Hrozek	2012-04-18	1	-16/+0
\| \| \| \| \| \|	It is a low-level developer option not indended to be consumed by users https://fedorahosted.org/sssd/ticket/1174
*	RESPONDERS: Make the fd_limit setting configurable	Stephen Gallagher	2012-02-17	1	-0/+17
\| \| \| \| \| \| \| \| \| \|	This code will now attempt first to see if it has privilege to set the value as specified, and if not it will fall back to the previous behavior. So on systems with the CAP_SYS_RESOURCE capability granted to SSSD, it will be able to ignore the limits.conf hard limit. https://fedorahosted.org/sssd/ticket/1197
*	fix typos in manual	Yuri Chornoivan	2012-02-07	1	-1/+1
\|
*	Man pages for the session target and SELinux user maps fetching	Jan Zeleny	2012-02-06	1	-0/+25
\|
*	AUTOFS: responder	Jakub Hrozek	2012-02-05	1	-0/+28
\|
*	Fixes for sudo_timed	Jakub Hrozek	2012-02-04	1	-0/+13
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1116
*	SUDO Integration - in-memory cache in responder	Pavel Březina	2012-02-04	1	-0/+38
\| \| \| \| \| \|	New sudo responder option: cache_timeout https://fedorahosted.org/sssd/ticket/1111
*	NSS: Add individual timeouts for entry types	Stephen Gallagher	2012-02-04	1	-0/+53
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1016