sssd.git, branch email-login Unnamed repository; edit this file to name it for gitweb. IPA: fix lookup by UPN for subdomains 2016-07-22T15:35:43+00:00 Sumit Bose sbose@redhat.com 2016-07-22T15:35:43+00:00 340f15e647b83a5adf0deb406493c488877d8f70 Currently the user name used in the extdom exop request is unconditionally set to the short name. While this is correct for the general name based lookups it breaks UPN/email based lookups where the name part after the @-sign might not match to domain name. I guess this was introduce during the sysdb refactoring. 
Currently the user name used in the extdom exop request is
unconditionally set to the short name. While this is correct for the
general name based lookups it breaks UPN/email based lookups where the
name part after the @-sign might not match to domain name. I guess this
was introduce during the sysdb refactoring.
PAM: Fix domain for UPN based lookups 2016-07-22T15:34:20+00:00 Sumit Bose sbose@redhat.com 2016-07-22T15:34:20+00:00 4feba5311a859b1c4eaa100f77d54bdbb6bc9501 Since sysdb_search_user_by_upn() searches the whole cache we have to set the domain so that it matches the result. 
Since sysdb_search_user_by_upn() searches the whole cache we have to set
the domain so that it matches the result.
NSS: use different neg cache name for UPN searches 2016-07-22T14:01:38+00:00 Sumit Bose sbose@redhat.com 2016-07-22T14:01:38+00:00 452f42c0117701d651ba3b1efa40f051d2785419 If Kerberos principals or email address have the same domain suffix as the domain itself the first user lookup by name might have already added the name to the negative cache and the second lookup by UPN/email will skip the domain because of the neg cache entry. To avoid this a special name with a '@' prefix is used here. 
If Kerberos principals or email address have the same domain suffix as
the domain itself the first user lookup by name might have already added
the name to the negative cache and the second lookup by UPN/email will
skip the domain because of the neg cache entry. To avoid this a special
name with a '@' prefix is used here.
SDAP: add special handling for IPA Kerberos enterprise principal strings 2016-07-22T12:17:54+00:00 Sumit Bose sbose@redhat.com 2016-07-22T10:20:33+00:00 dba718b86c5a6fdf4bed9081f1bd86e5ac3710f9 






LDAP: allow multiple user principals
2016-07-22T12:17:54+00:00

Sumit Bose
sbose@redhat.com

2016-07-22T10:19:26+00:00

5d998691f8013dc1f3f30df653864865db6910dd












PAM: continue with UPN/email search if name was not found
2016-07-22T12:17:54+00:00

Sumit Bose
sbose@redhat.com

2016-06-22T16:21:11+00:00

1e37a8d772d2b4876014a2bd9d6c2d59aaa7b8b6












NSS: continue with UPN/email search if name was not found
2016-07-22T12:17:54+00:00

Sumit Bose
sbose@redhat.com

2016-06-21T09:06:19+00:00

ef02a5f95a4c7004174bd75329d778eac9ef6aee












LDAP/IPA: add local email address to aliases
2016-07-22T12:17:54+00:00

Sumit Bose
sbose@redhat.com

2016-06-20T14:30:03+00:00

f5501a567b15ebfd6fa0785c900d59bb965450fc












utils: add is_email_from_domain()
2016-07-22T12:17:54+00:00

Sumit Bose
sbose@redhat.com

2016-06-20T14:11:11+00:00

0d10de16f44d79d2d479b1e368fd413e864523e1












NSS: add user email to fill_orig()
2016-07-22T12:17:54+00:00

Sumit Bose
sbose@redhat.com

2016-06-20T11:37:56+00:00

6c896de7e0f922ef564e881edb85e6d766a91dab