sssd.git/src/man, branch sssctl Unnamed repository; edit this file 'description' to name the repository. MAN: GPO Security Filtering limitation 2017-10-27T14:22:46+00:00 Michal Židek mzidek@redhat.com 2017-10-26T15:12:17+00:00 6c1661d2f4e860d1b547d6188a4fe2bd564e87cf Note in the man pages that current version of SSSD does not support host entries in the 'Security filtering' list. Resolves: https://pagure.io/SSSD/sssd/issue/3444 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Note in the man pages that current version of SSSD does not support
host entries in the 'Security filtering' list.

Resolves:
https://pagure.io/SSSD/sssd/issue/3444

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
sudo: document background activity 2017-10-26T08:30:45+00:00 Pavel Březina pbrezina@redhat.com 2017-10-20T09:49:26+00:00 5c7170c6d602f0bb3208487d860417bde59ab60b When we introduced socket activation, we changed the internall behaviour. Previously we disabled sudo if it was not listed in services, with socket activation we removed this feature. Some users were confused so this change documents current behaviour. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
When we introduced socket activation, we changed the internall behaviour.
Previously we disabled sudo if it was not listed in services, with
socket activation we removed this feature. Some users were confused
so this change documents current behaviour.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
CONFIG: Add a new option auto_private_groups 2017-10-26T08:10:49+00:00 Jakub Hrozek jhrozek@redhat.com 2017-10-03T10:34:33+00:00 d72ac2c58360cd272277b5ddde67bbff53106a74 The auto_private_groups option is used to configure the domain->mpg flag which was already set automatically for subdomains, but for some time was not settable by the admin via the configuration file. The new option name, instead of the old magic_private_groups, was chosen purely because this name would hopefully be better understood by admins. The option doesn't do anything yet, it is just added to all the places a new option should be added to. Related: https://pagure.io/SSSD/sssd/issue/1872 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
The auto_private_groups option is used to configure the domain->mpg flag
which was already set automatically for subdomains, but for some time was
not settable by the admin via the configuration file.

The new option name, instead of the old magic_private_groups, was chosen
purely because this name would hopefully be better understood by admins.

The option doesn't do anything yet, it is just added to all the places a
new option should be added to.

Related:
    https://pagure.io/SSSD/sssd/issue/1872

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Fix minor spelling mistakes 2017-10-25T08:24:49+00:00 René Genz liebundartig@freenet.de 2017-10-22T20:24:27+00:00 a02a5ed51178b2cbede0396d66aed716b8898096 Merges: https://pagure.io/SSSD/sssd/pull-request/3556 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Merges: https://pagure.io/SSSD/sssd/pull-request/3556

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
MAN: Document memcache_timeout=0 meaning 2017-10-24T13:13:33+00:00 Michal Židek mzidek@redhat.com 2017-10-19T14:46:43+00:00 1becbb7bec29a3d418d8f19fc52433cf86bcf395 Document that by setting memcache_timeout to 0 the in-memoory cache will be disabled. Related: https://pagure.io/SSSD/sssd/issue/3496 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Document that by setting memcache_timeout to 0 the in-memoory cache
will be disabled.

Related:
https://pagure.io/SSSD/sssd/issue/3496

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Updating the translation for the 1.16.0 release 2017-10-20T14:37:04+00:00 Jakub Hrozek jhrozek@redhat.com 2017-10-20T14:37:04+00:00 9a839b29816c8906d4a6b074cf76df790cac9209 






LDAP: Add support for rhost access control
2017-10-19T14:05:06+00:00

Alexey Kamenskiy
alexey.kamenskiy@chinanetcloud.com

2017-10-18T10:28:07+00:00

f34a8330c1615511795847b0a1454249d782db2a

This patch implements verification of pam_rhost against
rules stored in LDAP entry of a user.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>





This patch implements verification of pam_rhost against
rules stored in LDAP entry of a user.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>







IPA: Add threshold for sudo searches
2017-10-19T11:36:26+00:00

Justin Stephenson
jstephen@redhat.com

2017-09-05T14:29:37+00:00

bc854800cc67271205d63136daaf68d7863cea6b

Apply the sudo threshold to IPA provider sudo command and command
group searches to prevent SSSD from creating large search filters.

The IPA sudo threshold value will utilize the sudo responder
sudo_threshold value. If the threshold is exceeded, a basic search
filter will be used as a fallback to retrieve all IPA sudo commands or
command groups.

Resolves:
https://pagure.io/SSSD/sssd/issue/3507

Reviewed-by: Pavel Březina <pbrezina@redhat.com>





Apply the sudo threshold to IPA provider sudo command and command
group searches to prevent SSSD from creating large search filters.

The IPA sudo threshold value will utilize the sudo responder
sudo_threshold value. If the threshold is exceeded, a basic search
filter will be used as a fallback to retrieve all IPA sudo commands or
command groups.

Resolves:
https://pagure.io/SSSD/sssd/issue/3507

Reviewed-by: Pavel Březina <pbrezina@redhat.com>







ldap: Change ldap_user_certificate to userCertificate;binary
2017-10-04T06:54:41+00:00

amitkuma
amitkuma@redhat.com

2017-09-06T18:01:45+00:00

d1d6f3a7f08cd1dc5128105eb6ad7ec311f281b8

IPA and AD providers default to userCertificate;binary for the
ldap_user_certificate option. It will be good to default that value
also for the generic LDAP provider.

Resolves:
https://pagure.io/SSSD/sssd/issue/3499

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>





IPA and AD providers default to userCertificate;binary for the
ldap_user_certificate option. It will be good to default that value
also for the generic LDAP provider.

Resolves:
https://pagure.io/SSSD/sssd/issue/3499

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>







SSSCTL: Replace sss_debuglevel with shell wrapper
2017-09-25T19:50:32+00:00

Justin Stephenson
jstephen@redhat.com

2017-05-13T02:42:40+00:00

da19eaea902744ec3cb41f87fa93fadb767f90e7

The sss_debuglevel binary is replaced by a shell wrapper calling
sssctl debug-level as part of merging sss_debuglevel into sssctl.
The wrapper will redirect sss_debuglevel to the sssctl debug-level
command performing the same task. The sss_debuglevel(8) man page is
updated to indicate that sss_debuglevel is deprecated and functionality
exists now in sssctl.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>





The sss_debuglevel binary is replaced by a shell wrapper calling
sssctl debug-level as part of merging sss_debuglevel into sssctl.
The wrapper will redirect sss_debuglevel to the sssctl debug-level
command performing the same task. The sss_debuglevel(8) man page is
updated to indicate that sss_debuglevel is deprecated and functionality
exists now in sssctl.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>