sssd.git/src/confdb, branch master Unnamed repository; edit this file 'description' to name the repository. confdb: warn if memcache_timeout > than entry_cache 2015-09-30T14:37:57+00:00 Pavel Reichl preichl@redhat.com 2015-09-21T14:26:20+00:00 3fb1ee96f508784d7e06f079111d4d32d401a99b Only group and user records are cached in memory cache so only timeouts for those are checked. Resolves: https://fedorahosted.org/sssd/ticket/2176 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Only group and user records are cached in memory cache so only timeouts
for those are checked.

Resolves:
https://fedorahosted.org/sssd/ticket/2176

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
PAM: Make p11_child timeout configurable 2015-09-23T21:08:50+00:00 Michal Židek mzidek@redhat.com 2015-09-07T13:19:53+00:00 d85be8ad409c9efa9cf9e9ab6f9c2d911b01e5c1 Ticket: https://fedorahosted.org/sssd/ticket/2773 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Ticket:
https://fedorahosted.org/sssd/ticket/2773

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
UTIL: Convert domain->disabled into tri-state with domain states 2015-09-21T15:03:01+00:00 Jakub Hrozek jhrozek@redhat.com 2015-08-18T15:15:44+00:00 b5825c74b6bf7a99ae2172392dbecb51179013a6 Required for: https://fedorahosted.org/sssd/ticket/2637 This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as active, previously we only relied on talloc_zero marking dom->disabled as false. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Required for:
https://fedorahosted.org/sssd/ticket/2637

This is a first step towards making it possible for domain to be around,
but not contacted by Data Provider.

Also explicitly create domains as active, previously we only relied on
talloc_zero marking dom->disabled as false.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
CONFDB: Assume config file version 2 if missing 2015-09-03T07:32:15+00:00 Michal Židek mzidek@redhat.com 2015-07-07T13:15:32+00:00 175613be0cfb0890174d12d941e634d833b63dd9 Default to config file version 2 if the version is not specified explicitly. Ticket: https://fedorahosted.org/sssd/ticket/2688 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Default to config file version 2 if the version
is not specified explicitly.

Ticket:
https://fedorahosted.org/sssd/ticket/2688

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
sudo: use "higher value wins" when ordering rules 2015-08-14T20:47:45+00:00 Pavel Březina pbrezina@redhat.com 2015-07-29T12:51:30+00:00 52e3ee5c5ff2c5a4341041826a803ad42d2b2de7 This commit changes the default ordering logic (lower value wins) to a correct one that is used by native ldap support. It also adds a new option sudo_inverse_order to switch to the original SSSD (incorrect) behaviour if needed. Resolves: https://fedorahosted.org/sssd/ticket/2682 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This commit changes the default ordering logic (lower value wins) to
a correct one that is used by native ldap support. It also adds a new
option sudo_inverse_order to switch to the original SSSD (incorrect)
behaviour if needed.

Resolves:
https://fedorahosted.org/sssd/ticket/2682

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ssh: generate public keys from certificate 2015-07-31T07:52:06+00:00 Sumit Bose sbose@redhat.com 2015-07-15T07:40:00+00:00 4de84af23db74e13e867985c9093f394c9fa8d51 Resolves: https://fedorahosted.org/sssd/ticket/2711 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves: https://fedorahosted.org/sssd/ticket/2711

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
PAM: add certificate support to PAM (pre-)auth requests 2015-07-31T07:52:01+00:00 Sumit Bose sbose@redhat.com 2015-07-10T15:54:07+00:00 a8d887323f83984679a7d9b827a70146656bb7b2 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
TESTS: fix compiler warnings 2015-07-28T11:30:46+00:00 Pavel Reichl preichl@redhat.com 2015-07-28T08:12:48+00:00 4f68747b1baca78be496e9a5ebe4b89a9845dc8d Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
IFP: Add wildcard requests 2015-07-15T15:32:49+00:00 Jakub Hrozek jhrozek@redhat.com 2015-06-17T11:39:43+00:00 bdf32fbb3c947dd1b2c54d1c21d8028a1ddc80e6 Resolves: https://fedorahosted.org/sssd/ticket/2553 Can be used as: dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Users.ListByName \ string:r\* uint32:10 dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Groups \ org.freedesktop.sssd.infopipe.Groups.ListByName \ string:r\* uint32:10 dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Users.ListByDomainAndName \ string:ipaldap string:r\* uint32:10 dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Groups \ org.freedesktop.sssd.infopipe.Groups.ListByDomainAndName \ string:ipaldap string:r\* uint32:10 By default the wildcard_limit is unset, that is, the request will return all cached entries that match. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Resolves:
    https://fedorahosted.org/sssd/ticket/2553

Can be used as:

dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \
        /org/freedesktop/sssd/infopipe/Users \
        org.freedesktop.sssd.infopipe.Users.ListByName \
        string:r\* uint32:10

dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \
        /org/freedesktop/sssd/infopipe/Groups \
        org.freedesktop.sssd.infopipe.Groups.ListByName \
        string:r\* uint32:10

dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \
        /org/freedesktop/sssd/infopipe/Users \
        org.freedesktop.sssd.infopipe.Users.ListByDomainAndName \
        string:ipaldap string:r\* uint32:10

dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \
        /org/freedesktop/sssd/infopipe/Groups \
        org.freedesktop.sssd.infopipe.Groups.ListByDomainAndName \
        string:ipaldap string:r\* uint32:10

By default the wildcard_limit is unset, that is, the request will return
all cached entries that match.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
PAM: authenticate agains cache 2015-07-06T18:19:09+00:00 Pavel Reichl preichl@redhat.com 2015-04-16T07:41:58+00:00 0aa18cc0bf3447ca734476926724f1632e160807 Enable authenticating users from cache even when SSSD is in online mode. Introduce new option `cached_auth_timeout`. Resolves: https://fedorahosted.org/sssd/ticket/1807 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Enable authenticating users from cache even when SSSD is in online mode.

Introduce new option `cached_auth_timeout`.

Resolves:
https://fedorahosted.org/sssd/ticket/1807

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>