summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_init.c
Commit message (Collapse)AuthorAgeFilesLines
* Expose an initializer function from subdomainSimo Sorce2012-08-011-22/+6
| | | | | | Instead of exporting internal structures, expose an initilizer function like the autofs code and initialize everything inside the ipa_subdomains.c file.
* Primary server support: new option in IPA providerJan Zeleny2012-08-011-4/+4
| | | | | | This patch adds support for new config option ipa_backup_server. The description of this option's functionality is included in man page in one of previous patches.
* Primary server support: IPA adaptationJan Zeleny2012-08-011-1/+1
| | | | | | This patch adds support for the primary server functionality into IPA provider. No backup servers are added at the moment, just the basic support is in place.
* Renamed session provider to selinux providerJan Zeleny2012-07-271-15/+15
|
* KRB5: Create a common init routine for krb5_child optionsStephen Gallagher2012-07-061-45/+6
| | | | | This will reduce code duplication between the krb5, ipa and ad providers
* Add support for ID rangesSumit Bose2012-06-211-0/+1
|
* IPA subdomains - ask for information about master domainJan Zeleny2012-06-101-2/+2
| | | | | | | The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
* IPA: Add get-domains targetSumit Bose2012-04-241-0/+38
|
* IPA: Check nsAccountLock during PAM_ACCT_MGMTStephen Gallagher2012-03-091-0/+11
| | | | https://fedorahosted.org/sssd/ticket/1227
* IPA hosts refactoringJan Zeleny2012-02-241-7/+3
|
* AUTOFS: IPA providerJakub Hrozek2012-02-071-2/+24
|
* IPA: Add host info handlerJan Cholasta2012-02-071-0/+49
|
* Session target in IPA providerJan Zeleny2012-02-061-0/+42
|
* Implemented support for multiple search bases in HBAC rules and servicesJan Zeleny2012-02-061-0/+1
|
* Support multiple search bases in HBACJan Zeleny2012-01-141-0/+1
|
* Pass sdap_id_ctx to online check from IPA providerJakub Hrozek2011-12-191-1/+1
|
* Move child_common routines to utilStephen Gallagher2011-12-191-1/+1
|
* IPA migration fixesJakub Hrozek2011-11-291-0/+9
| | | | | | | * use the id connection for looking up the migration flag * force TLS on the password based authentication connection https://fedorahosted.org/sssd/ticket/924
* Fix sdap_id_ctx/ipa_id_ctx mismatch in IPA providerJakub Hrozek2011-11-251-1/+3
| | | | | This was causing a segfault during HBAC processing and any ID lookups except for netgroups
* Added IPA account info handlerJan Zeleny2011-11-231-1/+2
| | | | | Currently it is only handling netgroups by itself, other requests are forwarded to LDAP provider.
* New IPA ID contextJan Zeleny2011-11-231-13/+21
|
* Cleanup: Remove unused parametersJakub Hrozek2011-11-221-1/+1
|
* Check DNS records before updatingJakub Hrozek2011-07-111-4/+2
| | | | https://fedorahosted.org/sssd/ticket/802
* Allow krb5_realm to override ipa_domainStephen Gallagher2011-02-221-8/+1
| | | | | | It is possible to set up FreeIPA servers where the Kerberos realm differs from the IPA domain name. We need to allow setting the krb5_realm explicitly to handle this.
* Remove check_access_time() from IPA access providerSumit Bose2010-12-081-7/+0
| | | | | | It is planned to release IPA 2.0 without time range specifications in the access control rules. To avoid confusion the evaluation is removed from sssd, too.
* Pass sdap_id_ctx in sdap_id_op functions.Simo Sorce2010-12-071-3/+1
|
* Add support for FAST in krb5 providerSumit Bose2010-12-071-1/+2
|
* Add check_online method to LDAP ID providerSumit Bose2010-12-011-1/+2
|
* Use new LDAP connection framework in IPA access backend.eindenbom2010-07-091-3/+3
|
* Add offline callback to disconnect global SDAP handleSumit Bose2010-05-271-0/+7
|
* Add krb5 SIGTERM handler to ipa auth providerSumit Bose2010-05-271-0/+6
|
* Add callback to remove krb5 info files when going offlineSumit Bose2010-05-271-0/+6
|
* Add support for delayed kinit if offlineSumit Bose2010-05-261-0/+9
| | | | | | | If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
* Add dynamic DNS updates to FreeIPAStephen Gallagher2010-05-161-0/+41
| | | | | | | | | | | | | | | | | | This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
* Properly set up SIGCHLD handlersStephen Gallagher2010-05-161-15/+0
| | | | | | Instead of having all-purpose SIGCHLD handlers that try to catch every occurrence, we instead create a per-PID handler. This will allow us to specify callbacks to occur when certain children exit.
* New version of IPA auth and password migrationSumit Bose2010-05-161-20/+63
| | | | | | | | | The current version modified some global structures to be able to use Kerberos and LDAP authentication during the IPA password migration. This new version only uses tevent requests. Additionally the ipaMigrationEnabled attribute is read from the IPA server to see if password migration is allowed or not.
* Revert "Add dynamic DNS updates to FreeIPA"Stephen Gallagher2010-05-071-41/+0
| | | | | | | This reverts commit 973b7c27c0b294b8b2f120296f64c6a3a36e44b7. While this patch applied cleanly, it was uncompilable. Reverting until it can be properly merged.
* Add dynamic DNS updates to FreeIPAStephen Gallagher2010-05-071-0/+41
| | | | | | | | | | | | | | | | | | This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
* Use service discovery in backendsJakub Hrozek2010-05-071-2/+1
| | | | | | | | | Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
* Make ID provider init functions clearerStephen Gallagher2010-04-161-5/+5
| | | | | | | | | | | Using sssm_*_init() as the name of the initialization function for identity providers was a holdover from earlier development when we thought we would only have a single "provider" entry in the config file. As we have now separated out the initialization functions for auth, chpass and access, we should rename sssm_*_init() to sssm_*_id_init() for a cleaner interface.
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+293
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-21 05:06:30 +0000