sssd2.git/src/config, branch sssd-1-2 System Security Services Daemon [okos' clone] Remove references to the DP service from the SSSDConfig API tests 2010-06-16T20:22:04+00:00 Stephen Gallagher sgallagh@redhat.com 2010-06-16T18:21:25+00:00 df8252e0f0a26cc20d239d280b0100e335dfe17b 






Handle (ignore) unknown options in get_domain() and get_service()
2010-06-16T20:22:04+00:00

Stephen Gallagher
sgallagh@redhat.com

2010-06-16T18:01:05+00:00

c2a0a5c4b61f1a21bec65d85f50afd6b931e2c1c

We will now eliminate any unknown options and providers to
guarantee that the domain is safe for use.





We will now eliminate any unknown options and providers to
guarantee that the domain is safe for use.







Undocument the krb5_changepw_principal option
2010-06-14T20:54:42+00:00

Jakub Hrozek
jhrozek@redhat.com

2010-06-10T14:16:24+00:00

efeada8c40ade5e6911fa5b4ba58ce8c720d18f1

Fixes: #531





Fixes: #531







Change default min_id to 1
2010-06-09T12:29:47+00:00

Stephen Gallagher
sgallagh@redhat.com

2010-06-08T12:14:35+00:00

d306ced6189d1ba4eec6cb88098143718ed93a5b

Also update manpage for min_id/max_id to be more clear about how
it relates to primary GID.





Also update manpage for min_id/max_id to be more clear about how
it relates to primary GID.







SSSDConfigAPI fixes
2010-05-20T18:04:56+00:00

Jakub Hrozek
jhrozek@redhat.com

2010-05-11T15:51:55+00:00

9e4899d75dd13904b2310206fad4790b867c5a94

* add forgotten ldap_dns_service option
* sync IPA and LDAP options (ldap_pwd_policy and ldap_tls_cacertdir)
* ldap_uri is no longer mandatory for LDAP provider - the default is to
  use service discovery with no address set now. Ditto for krb5_kdcip
  and ipa_server





* add forgotten ldap_dns_service option
* sync IPA and LDAP options (ldap_pwd_policy and ldap_tls_cacertdir)
* ldap_uri is no longer mandatory for LDAP provider - the default is to
  use service discovery with no address set now. Ditto for krb5_kdcip
  and ipa_server







Remove unused ldap_offline_timeout option
2010-05-18T17:08:37+00:00

Stephen Gallagher
sgallagh@redhat.com

2010-05-18T14:17:22+00:00

6663abdda9ce55aace1b19c4170b1153d39136e0












Add ldap_krb5_ticket_lifetime option
2010-05-16T17:28:43+00:00

Sumit Bose
sbose@redhat.com

2010-05-11T15:51:02+00:00

bc45212faf209b10d2d6eb57e056a5e6f04b0876












Add ldap_access_filter option
2010-05-16T17:28:43+00:00

Stephen Gallagher
sgallagh@redhat.com

2010-05-06T14:09:41+00:00

fa26de3b1a8993a1c5a4b071851e5e5ff7ec2ce6

This option (applicable to access_provider=ldap) allows the admin
to set an additional LDAP search filter that must match in order
for a user to be granted access to the system.

Common examples for this would be limiting access to users by in a
particular group, for example:
ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com





This option (applicable to access_provider=ldap) allows the admin
to set an additional LDAP search filter that must match in order
for a user to be granted access to the system.

Common examples for this would be limiting access to users by in a
particular group, for example:
ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com







Add dynamic DNS updates to FreeIPA
2010-05-07T20:38:24+00:00

Stephen Gallagher
sgallagh@redhat.com

2010-05-02T11:48:26+00:00

f432c0b1875e6167f07bf3e27eaf040a29aae199

This adds two new options:

ipa_dyndns_update: Boolean value to select whether this client
should automatically update its IP address in FreeIPA DNS.

ipa_dyndns_iface: Choose an interface manually to use for
updating dynamic DNS. Default is to use the interface associated
with the LDAP connection to FreeIPA.

This patch supports A and AAAA records. It relies on the presence
of the nsupdate tool from the bind-utils package to perform the
actual update step. The location of this utility is set at build
time, but its availability is determined at runtime (so clients
that do not require dynamic update capability do not need to meet
this dependency).





This adds two new options:

ipa_dyndns_update: Boolean value to select whether this client
should automatically update its IP address in FreeIPA DNS.

ipa_dyndns_iface: Choose an interface manually to use for
updating dynamic DNS. Default is to use the interface associated
with the LDAP connection to FreeIPA.

This patch supports A and AAAA records. It relies on the presence
of the nsupdate tool from the bind-utils package to perform the
actual update step. The location of this utility is set at build
time, but its availability is determined at runtime (so clients
that do not require dynamic update capability do not need to meet
this dependency).







Add support for delayed kinit if offline
2010-05-07T20:38:23+00:00

Sumit Bose
sbose@redhat.com

2010-04-19T09:59:09+00:00

fc7ec12f1b851bab1eedf3ecdcb094ea80b46dd2

If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.





If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.