sssd.git/src/confdb, branch sudo1-13 Unnamed repository; edit this file 'description' to name the repository. config: Allow timeout for all sevices 2017-05-26T13:01:29+00:00 Michal Židek mzidek@redhat.com 2016-07-11T11:03:28+00:00 3f9b38d702c0b22202b59fe2814df60b5aa42a43 Allow option "timeout" for all sevices. Also remove unused macro CONFDB_SERVICE_TIMEOUT. Resolves: https://fedorahosted.org/sssd/ticket/3068 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 1b9b5477027d86a2afb2e72981253d108c5398da) 
Allow option "timeout" for all sevices.
Also remove unused macro CONFDB_SERVICE_TIMEOUT.

Resolves:
https://fedorahosted.org/sssd/ticket/3068

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 1b9b5477027d86a2afb2e72981253d108c5398da)
PAM: add pam_response_filter option 2016-11-02T13:02:18+00:00 Sumit Bose sbose@redhat.com 2016-10-20T16:40:01+00:00 27e38ce07c3f2bb9682e2219ac2ac78e855d43b5 Currently the main use-case for this new option is to not set the KRB5CCNAME environment varible for services like 'sudo-i'. Resolves https://fedorahosted.org/sssd/ticket/2296 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Currently the main use-case for this new option is to not set the
KRB5CCNAME environment varible for services like 'sudo-i'.

Resolves https://fedorahosted.org/sssd/ticket/2296

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
PROXY: Adding proxy_max_children option 2016-09-14T10:41:22+00:00 Petr Cech pcech@redhat.com 2016-08-24T12:41:09+00:00 90c62a1b4bac450712bc5a194b793761329a1d3a The new option 'proxy_max_children' is applicable in domain section. Default value is 10. Resolves: https://fedorahosted.org/sssd/ticket/3153 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit aef0171e0bdc9a683958d69c7ee984fb10cd5de7) 
The new option 'proxy_max_children' is applicable
in domain section. Default value is 10.

Resolves:
https://fedorahosted.org/sssd/ticket/3153

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit aef0171e0bdc9a683958d69c7ee984fb10cd5de7)
REFACTOR: umask(0177) --> umask(SSS_DFL_UMASK) 2016-04-07T12:24:51+00:00 Petr Cech pcech@redhat.com 2015-10-05T13:38:10+00:00 00301cb04b24b3ae4f320631c773f823bb08871b There are many calls of umask function with 0177 argument. This patch add new constant SSS_DFL_UMASK which stands for 0177. So all occurences of umask(0177) (except responder code) are replaced by constant SSS_DFL_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit c299f997e20011536e365bc18e59e73f68629d2c) 
There are many calls of umask function with 0177 argument. This patch
add new constant SSS_DFL_UMASK which stands for 0177. So all occurences
of umask(0177) (except responder code) are replaced by constant
SSS_DFL_UMASK.

Resolves:
https://fedorahosted.org/sssd/ticket/2424

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit c299f997e20011536e365bc18e59e73f68629d2c)
PAM: Pass account lockout status and display message 2016-02-17T14:48:31+00:00 Pavel Reichl preichl@redhat.com 2016-02-05T12:31:45+00:00 1b9f294dab02e6bcd4ce54e3447648d3d664ceaa Tested against Windows Server 2012. Resolves: https://fedorahosted.org/sssd/ticket/2839 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 4180d485829969d4626cc7d49d2b5f7146512f21) 
Tested against Windows Server 2012.

Resolves:
https://fedorahosted.org/sssd/ticket/2839

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 4180d485829969d4626cc7d49d2b5f7146512f21)
p11: enable ocsp checks 2015-11-26T15:45:15+00:00 Sumit Bose sbose@redhat.com 2015-11-05T17:20:27+00:00 14a983160300421b048b9665114b909c42684cec This patch enables the Online Certificate Status Protocol in NSS and adds an option to disable it if needed. To make further tuning of certificate verification more easy it is not an option on its own but an option to the new certificate_verification configuration option. Resolves https://fedorahosted.org/sssd/ticket/2812 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 544a20de7667f05c1a406c4dea0706b0ab507430) 
This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.

Resolves https://fedorahosted.org/sssd/ticket/2812

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 544a20de7667f05c1a406c4dea0706b0ab507430)
util: Update get_next_domain's interface 2015-10-30T21:34:41+00:00 Michal Židek mzidek@redhat.com 2015-09-09T12:37:48+00:00 2a385185e0c57bebda38b769579a012c6d38eb23 Update get next domain to be able to include disbled domains and change the interface to accept flags instead of multiple booleans. Ticket: https://fedorahosted.org/sssd/ticket/2673 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 877b92e80bde510d5cd9f03dbf01e2bcf73ab072) 
Update get next domain to be able to
include disbled domains and change the
interface to accept flags instead of
multiple booleans.

Ticket:
https://fedorahosted.org/sssd/ticket/2673

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 877b92e80bde510d5cd9f03dbf01e2bcf73ab072)
confdb: warn if memcache_timeout > than entry_cache 2015-09-30T14:37:57+00:00 Pavel Reichl preichl@redhat.com 2015-09-21T14:26:20+00:00 3fb1ee96f508784d7e06f079111d4d32d401a99b Only group and user records are cached in memory cache so only timeouts for those are checked. Resolves: https://fedorahosted.org/sssd/ticket/2176 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Only group and user records are cached in memory cache so only timeouts
for those are checked.

Resolves:
https://fedorahosted.org/sssd/ticket/2176

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
PAM: Make p11_child timeout configurable 2015-09-23T21:08:50+00:00 Michal Židek mzidek@redhat.com 2015-09-07T13:19:53+00:00 d85be8ad409c9efa9cf9e9ab6f9c2d911b01e5c1 Ticket: https://fedorahosted.org/sssd/ticket/2773 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Ticket:
https://fedorahosted.org/sssd/ticket/2773

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
UTIL: Convert domain->disabled into tri-state with domain states 2015-09-21T15:03:01+00:00 Jakub Hrozek jhrozek@redhat.com 2015-08-18T15:15:44+00:00 b5825c74b6bf7a99ae2172392dbecb51179013a6 Required for: https://fedorahosted.org/sssd/ticket/2637 This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as active, previously we only relied on talloc_zero marking dom->disabled as false. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Required for:
https://fedorahosted.org/sssd/ticket/2637

This is a first step towards making it possible for domain to be around,
but not contacted by Data Provider.

Also explicitly create domains as active, previously we only relied on
talloc_zero marking dom->disabled as false.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>