sssd2.git/src, branch 1-1-0 System Security Services Daemon [okos' clone] Treat a zero-length password as a failure 2010-08-24T16:44:56+00:00 Stephen Gallagher sgallagh@redhat.com 2010-08-18T16:57:43+00:00 2448114d633cd144482fb8e1bcf14c82a5ec7eb8 Some LDAP servers allow binding with blank passwords. We should not allow a blank password to authenticate the SSSD. 
Some LDAP servers allow binding with blank passwords. We should
not allow a blank password to authenticate the SSSD.
Update translation files for 1.1.1 release 2010-04-01T14:17:21+00:00 Stephen Gallagher sgallagh@redhat.com 2010-04-01T14:13:23+00:00 b55cec93ae9432a6fce50c50e3ed3e2c975da134 






Do not revert options to defaults in SSSDConfig.get_domain()
2010-03-31T13:34:20+00:00

Stephen Gallagher
sgallagh@redhat.com

2010-03-31T13:10:55+00:00

5e12d81215f2a7e49ce61a9513c6624cc1afa1ad

There was a faulty check in get_domain() that led to the
*_provider options being re-added, sometimes after options related
to them had already been set. If those options had a default
value, they would be overwritten by the default.

Fixes: https://fedorahosted.org/sssd/ticket/441





There was a faulty check in get_domain() that led to the
*_provider options being re-added, sometimes after options related
to them had already been set. If those options had a default
value, they would be overwritten by the default.

Fixes: https://fedorahosted.org/sssd/ticket/441







Add regression test for https://fedorahosted.org/sssd/ticket/441
2010-03-31T13:34:20+00:00

Stephen Gallagher
sgallagh@redhat.com

2010-03-31T13:12:58+00:00

fc8a12ac4c0eb7fe68f7f289cc69703459a79f58












Allow arbitrary-length PAM messages
2010-03-25T20:02:19+00:00

Stephen Gallagher
sgallagh@redhat.com

2010-03-23T20:35:49+00:00

f5397172fca9935c5f0867d7c13d71d29dc92c42

The PAM standard allows for messages of any length to be returned
to the client. We were discarding all messages of length greater
than 255. This patch dynamically allocates the message buffers so
we can pass the complete message.

This resolves https://fedorahosted.org/sssd/ticket/432





The PAM standard allows for messages of any length to be returned
to the client. We were discarding all messages of length greater
than 255. This patch dynamically allocates the message buffers so
we can pass the complete message.

This resolves https://fedorahosted.org/sssd/ticket/432







Fix LDAP search paths for IPA HBAC
2010-03-25T16:14:03+00:00

Sumit Bose
sbose@redhat.com

2010-03-25T15:21:12+00:00

01498c6bc57e8e137ef57fed9acffedccfa03e93

- use domain_to_basedn() to construct LDAP search paths for IPA HBAC
- move domain_to_basedn() to a separate file to simplify the build of
  a test





- use domain_to_basedn() to construct LDAP search paths for IPA HBAC
- move domain_to_basedn() to a separate file to simplify the build of
  a test







Add krb5_kpasswd to IPA provider
2010-03-25T16:14:03+00:00

Eugene Indenbom
eindenbom@gmail.com

2010-03-25T14:27:01+00:00

27ca4bb27bead02dc155099f45c9b2669b064a16

The krb5 options were out of sync, causing a runtime abort.





The krb5 options were out of sync, causing a runtime abort.







Regression test against RHBZ #576856
2010-03-25T16:14:03+00:00

Jakub Hrozek
jhrozek@redhat.com

2010-03-25T14:10:56+00:00

a47382e30b86fb90495de5bab04690f215980ec4












Set LDAP_OPT_RESTART for ldap_sasl_interactive_bind_s()
2010-03-25T16:14:03+00:00

Sumit Bose
sbose@redhat.com

2010-03-23T16:01:59+00:00

6e8f828c84334c43500311ddcdb4341d87cdd71f

This option is needed for the rare case where a poll() call during
ldap_sasl_interactive_bind_s() is interrupted by a signal.
LDAP_OPT_RESTART enables the handling of the EINTR error instead of
returning an error.





This option is needed for the rare case where a poll() call during
ldap_sasl_interactive_bind_s() is interrupted by a signal.
LDAP_OPT_RESTART enables the handling of the EINTR error instead of
returning an error.







Fix kinit after password change
2010-03-25T16:14:02+00:00

Sumit Bose
sbose@redhat.com

2010-03-23T15:34:31+00:00

1fafd0ab7e7c136ccc4fda54e6d2e0f947e28713

In an environment with slave KDCs and a central server where password
changes are allowed the request for a new TGT immediately after the
password change should be made against this server, because the slave
server might not know the new password.

To achieve this the Kerberos localtor plugin now returns the address of
the kpasswd server as master_kdc.





In an environment with slave KDCs and a central server where password
changes are allowed the request for a new TGT immediately after the
password change should be made against this server, because the slave
server might not know the new password.

To achieve this the Kerberos localtor plugin now returns the address of
the kpasswd server as master_kdc.