sssd.git, branch ipa_automatic_enterprise

IPA/AD: globally set krb5 canonicalization flag

2016-07-05T10:03:57+00:00

If Kerberos principal canonicalization is configured in SSSD, currently
it is the default for the IPA provider, a configuration snippet is
generated for the system-wide libkrb5 configuration so that all
kerberized applications will use canonicalization by default.

Resolves https://fedorahosted.org/sssd/ticket/3041

utils: add sss_write_krb5_snippet_common()

2016-07-05T10:03:57+00:00

localauth: make plugin non-authoritative on failures

2016-07-05T09:31:46+00:00

According to the documentation in localauth_plugin.h "aname will be
considered authorized if at least one module returns 0 and all other
modules return KRB5_PLUGIN_NO_HANDLE." So it is safe to always return
KRB5_PLUGIN_NO_HANDLE because a different plugin has to return 0 to
allow access to the given principal.

Resolves https://fedorahosted.org/sssd/ticket/2788

localauth: remove enable_only sssd from config snippet

2016-07-05T09:31:46+00:00

Resolves https://fedorahosted.org/sssd/ticket/2788

IPA: enable enterprise principals if server supports them

2016-07-05T09:30:24+00:00

If there are alternative UPN suffixes found on the server we can safely
assume that the IPA server supports enterprise principals.

Resolves https://fedorahosted.org/sssd/ticket/3018

IPA: add ipa_init_get_krb5_auth_ctx()

2016-07-04T11:51:34+00:00

DP: add dp_get_module_data()

2016-07-04T11:51:34+00:00

sysdb: make subdomain calls aware of upn_suffixes

2016-07-04T11:51:34+00:00

sysdb_subdomain_store() and sysdb_update_subdomains() can now update
upn_suffixes as well.

sysdb: add UPN suffix support for the master domain

2016-07-04T11:51:34+00:00

sysdb_master_domain_update() and sysdb_master_domain_add_info() are now
aware of the UPN suffix attribute.

IPA: read ipaNTAdditionalSuffixes for master and trusted domains

2016-07-04T11:51:34+00:00