| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Do not attempt to validate expired entries in cache, just delete them.
Also increase the cache timeouts.
Fixes: #331
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
So far we handled expired password during authentication. Other PAM
modules typically detect expired password during account management and
return PAM_NEW_AUTHTOK_REQD if the password is expired and should be
changed. The PAM library then calls the change password routines. To
meet these standards pam_sss is change accordingly.
As a result it is now possible to update an expired password via ssh if
sssd is running with PasswordAuthentication=yes. One drawback due to
limitations of PAM is that the user now has to type his current password
again before setting a new one.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Adds a new option that tells resolver which address family to prefer or
use exclusively.
Fixes: #404
|
| |
|
|
|
| |
Kerberos-specific options are pulled using dp_get_opts() and defined
in Kerberos subtree. There is no need to keep these in confdb.
|
| |
|
|
|
|
| |
If we're sending a message to the backend, we already know which
domain the request is targeting. Carrying this information is not
useful and confuses the interface.
|
| |
|
|
|
|
| |
This was a holdover from when the DP and the providers were unique
processes. The NSS and PAM registrations do not need to send the
domain, as it is not ambiguous which one they are talking to.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Merging ba8937d83675c7d69808d1d3df8f823afdc5ce2a left the COPYING
and COPYING.LESSER files in the now-defunct sss_client directory.
This patch moves them into the right location and fixes the spec
file to look for them correctly.
|
| | |
|
| | |
|
| | |
|
|
|
Also update BUILD.txt
|
