summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_auth.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix unchecked return values of pam_add_responsesssd-1_5_11Jakub Hrozek2011-07-051-2/+7
| | | | https://fedorahosted.org/sssd/ticket/798
* Use ldap_init_fd() instead of ldap_initialize() if availableSumit Bose2011-06-301-1/+2
|
* Do not check pwdAttributeSumit Bose2011-06-161-9/+0
| | | | | | | It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy.
* Do not attempt to use START_TLS on SSL connectionsStephen Gallagher2011-02-161-9/+17
| | | | | | | Not all LDAP servers are capable of handling dual-encryption with both TLS and SSL. https://fedorahosted.org/sssd/ticket/795
* Add option to disable TLS for LDAP authsssd-1_5_1Stephen Gallagher2011-01-271-1/+13
| | | | | Option is named to discourage use in production environments and is intentionally not listed in the SSSDConfig API.
* Fix return value checkSumit Bose2011-01-191-2/+2
|
* Add ldap_chpass_uri config optionSumit Bose2010-12-061-5/+14
|
* Make string_to_shadowpw_days() publicSumit Bose2010-12-061-33/+0
|
* Fix offline detection for LDAP auth/chpassSumit Bose2010-11-191-5/+13
|
* Return offline instead of errorStephen Gallagher2010-10-041-1/+2
| | | | | | | | When the failover code returns that there are no available servers while we are marked offline, we were returning an error to the PAM authentication code. Instead, we should return success with a result value of SDAP_UNAVAIL so that the PAM responder will mark the domain offline and attempt offline authentication.
* Treat a zero-length password as a failureStephen Gallagher2010-08-241-0/+7
| | | | | Some LDAP servers allow binding with blank passwords. We should not allow a blank password to authenticate the SSSD.
* Fix chpass operations with LDAP providerStephen Gallagher2010-08-041-0/+1
| | | | | | | The initial verification of the old password was returning an error because we were not explicitly setting dp_err to DP_ERR_SUCCESS and it was initialized earlier in the function to DP_ERR_FATAL.
* Add more warnings about nearly expired passwordsSumit Bose2010-05-071-5/+66
| | | | | For the shadow and mit_kerberos password policy warnings are sent to the client if the password is about to expire.
* Use all available servers in LDAP providerJakub Hrozek2010-05-071-6/+33
|
* Display a message if a password reset by root failsSumit Bose2010-04-261-0/+8
|
* sysdb: convert sysdb_get_user_attrSimo Sorce2010-04-121-134/+69
|
* sysdb: convert sysdb_cache_passwordSimo Sorce2010-04-121-32/+11
|
* Fix warnings from -Wmissing-field-initializersSumit Bose2010-03-251-1/+3
| | | | This patch removes some tab-indentations from pamsrv.c, too.
* Improvements for LDAP Password Policy supportRalf Haferkamp2010-03-221-2/+50
| | | | | | | | Display warnings about remaining grace logins and password expiration to the user, when LDAP Password Policies are used. Improved detection if LDAP Password policies are supported by LDAP Server.
* Fixed authentication check for CHAUTHTOK_PRELIMRalf Haferkamp2010-03-151-1/+1
| | | | | When changing passwords, treat SDAP_AUTH_PW_EXPIRED as a successful authentication in SSS_PAM_CHAUTHTOK_PRELIM.
* Handle expired passwords like other PAM modulesSumit Bose2010-02-231-1/+1
| | | | | | | | | | | | | So far we handled expired password during authentication. Other PAM modules typically detect expired password during account management and return PAM_NEW_AUTHTOK_REQD if the password is expired and should be changed. The PAM library then calls the change password routines. To meet these standards pam_sss is change accordingly. As a result it is now possible to update an expired password via ssh if sssd is running with PasswordAuthentication=yes. One drawback due to limitations of PAM is that the user now has to type his current password again before setting a new one.
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+1055
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-11 00:05:22 +0000