summaryrefslogtreecommitdiffstats
path: root/src/sss_client/sss_cli.h
Commit message (Collapse)AuthorAgeFilesLines
* Add a renew task to krb5_childSumit Bose2010-12-031-1/+7
|
* sss_client: make code thread-safeSimo Sorce2010-11-221-0/+5
| | | | | | | | | | Add mutexes around nss operations and serialize them. This is necessary because nss operations may have global state. For pam it is sufficient to protect socket operations instead. As pam functions use only the provided pam handler. Fixes: https://fedorahosted.org/sssd/ticket/640
* Avoid long long in messages to PAM client use int64_tSumit Bose2010-11-151-3/+3
|
* Add handling of nested netgroups to nss clientSumit Bose2010-10-131-0/+5
|
* Add support for netgroups to NSS sss_clientStephen Gallagher2010-10-131-2/+2
|
* Add utility function sss_strnlen()Stephen Gallagher2010-10-131-0/+5
| | | | This is useful for guaranteeing the size of an input buffer.
* Handle Krb5 password expiration warningSumit Bose2010-05-261-1/+5
|
* Use SO_PEERCRED on the PAM socketSumit Bose2010-04-161-0/+11
| | | | | | | | | | | | | | | | | This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
* Improvements for LDAP Password Policy supportRalf Haferkamp2010-03-221-7/+16
| | | | | | | | Display warnings about remaining grace logins and password expiration to the user, when LDAP Password Policies are used. Improved detection if LDAP Password policies are supported by LDAP Server.
* Fixed alignment problems in nss client/serverGeorge McCollister2010-03-081-0/+14
| | | | | | | | I fixed a handful of alignment problems in sss_client and nss responder. Enumerating group and passwd with getgrent and getpwent now works correctly on ARM. Signed-off-by: George McCollister <georgem@novatech-llc.com>
* Handle expired passwords like other PAM modulesSumit Bose2010-02-231-1/+20
| | | | | | | | | | | | | So far we handled expired password during authentication. Other PAM modules typically detect expired password during account management and return PAM_NEW_AUTHTOK_REQD if the password is expired and should be changed. The PAM library then calls the change password routines. To meet these standards pam_sss is change accordingly. As a result it is now possible to update an expired password via ssh if sssd is running with PasswordAuthentication=yes. One drawback due to limitations of PAM is that the user now has to type his current password again before setting a new one.
* Add documentation for PAM response messagesSumit Bose2010-02-191-19/+200
|
* Fix licensing issues for sss_clientStephen Gallagher2010-02-181-8/+22
|
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+220
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-10 16:22:31 +0000