sssd.git/src/confdb, branch prompting Unnamed repository; edit this file to name it for gitweb. CONFIG: Use default config when none provided 2016-05-11T09:34:14+00:00 Stephen Gallagher sgallagh@redhat.com 2016-04-19T15:58:35+00:00 59744cff6edb106ae799b2321cb8731edadf409a This patch makes SSSD possibly useful "out of the box" by allowing packagers to provide a default config file located in $LIBDIR/sssd/conf that will be copied by the monitor to /etc/sssd if no file already exists in that location. This will make it possible to have SSSD set up to have distribution-specific default configuration, such as enabling the proxy provider to cache /etc/passwd (such as in the provided example in this patch). Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This patch makes SSSD possibly useful "out of the box" by allowing
packagers to provide a default config file located in $LIBDIR/sssd/conf
that will be copied by the monitor to /etc/sssd if no file already
exists in that location. This will make it possible to have SSSD set up
to have distribution-specific default configuration, such as enabling
the proxy provider to cache /etc/passwd (such as in the provided
example in this patch).

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Internal: Rename CONFDB_DEFAULT_CONFIG_FILE 2016-05-11T09:34:10+00:00 Stephen Gallagher sgallagh@redhat.com 2016-04-19T14:16:15+00:00 98dbaea0a00c60972b991755a44c51964dfb7877 New name is SSSD_CONFIG_FILE. This is done because we will start to ship a static default configuration in addition to the runtime configuration. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
New name is SSSD_CONFIG_FILE. This is done because we will start to
ship a static default configuration in addition to the runtime
configuration.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
PAC: only save PAC blob into the cache 2016-04-13T08:43:19+00:00 Sumit Bose sbose@redhat.com 2016-02-08T14:01:19+00:00 d0d7de66c9494621c1bc12384e41e5e38a77fbeb Resolves https://fedorahosted.org/sssd/ticket/2158 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Resolves https://fedorahosted.org/sssd/ticket/2158

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
PAM: Pass account lockout status and display message 2016-02-17T14:46:19+00:00 Pavel Reichl preichl@redhat.com 2016-02-05T12:31:45+00:00 4180d485829969d4626cc7d49d2b5f7146512f21 Tested against Windows Server 2012. Resolves: https://fedorahosted.org/sssd/ticket/2839 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Tested against Windows Server 2012.

Resolves:
https://fedorahosted.org/sssd/ticket/2839

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
p11: enable ocsp checks 2015-11-26T15:39:49+00:00 Sumit Bose sbose@redhat.com 2015-11-05T17:20:27+00:00 544a20de7667f05c1a406c4dea0706b0ab507430 This patch enables the Online Certificate Status Protocol in NSS and adds an option to disable it if needed. To make further tuning of certificate verification more easy it is not an option on its own but an option to the new certificate_verification configuration option. Resolves https://fedorahosted.org/sssd/ticket/2812 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.

Resolves https://fedorahosted.org/sssd/ticket/2812

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SSSD: Add a new option diag_cmd 2015-11-13T09:55:50+00:00 Jakub Hrozek jhrozek@redhat.com 2015-11-02T10:41:31+00:00 89530c830ded58c6140cdb34c9de07bf77bb5bc0 This option is an optional one that is run when a sbus ping times out and before a SIGKILL signal is sent. It is undocumented by default. diag_cmd (string): A command that should be run for diagnostic purpose when an sbus timeout fails. The option value may contain %p which would be expanded for the process ID of the process that timed out Example: pstack %p This setting would print the stackstrace of the service whose ping timed out. Default: not set. Reviewed-by: Petr Cech <pcech@redhat.com> 
This option is an optional one that is run when a sbus ping times out
and before a SIGKILL signal is sent.

It is undocumented by default.

diag_cmd (string):
A command that should be run for diagnostic purpose when an sbus timeout
fails. The option value may contain %p which would be expanded for the
process ID of the process that timed out

Example:
        pstack %p
This setting would print the stackstrace of the service whose ping timed out.

Default: not set.

Reviewed-by: Petr Cech <pcech@redhat.com>
util: Update get_next_domain's interface 2015-10-23T08:32:23+00:00 Michal Židek mzidek@redhat.com 2015-09-09T12:37:48+00:00 877b92e80bde510d5cd9f03dbf01e2bcf73ab072 Update get next domain to be able to include disbled domains and change the interface to accept flags instead of multiple booleans. Ticket: https://fedorahosted.org/sssd/ticket/2673 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Update get next domain to be able to
include disbled domains and change the
interface to accept flags instead of
multiple booleans.

Ticket:
https://fedorahosted.org/sssd/ticket/2673

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
REFACTOR: umask(0177) --> umask(SSS_DFL_UMASK) 2015-10-14T11:27:02+00:00 Petr Cech pcech@redhat.com 2015-10-05T13:38:10+00:00 c299f997e20011536e365bc18e59e73f68629d2c There are many calls of umask function with 0177 argument. This patch add new constant SSS_DFL_UMASK which stands for 0177. So all occurences of umask(0177) (except responder code) are replaced by constant SSS_DFL_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
There are many calls of umask function with 0177 argument. This patch
add new constant SSS_DFL_UMASK which stands for 0177. So all occurences
of umask(0177) (except responder code) are replaced by constant
SSS_DFL_UMASK.

Resolves:
https://fedorahosted.org/sssd/ticket/2424

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
confdb: warn if memcache_timeout > than entry_cache 2015-09-30T14:37:57+00:00 Pavel Reichl preichl@redhat.com 2015-09-21T14:26:20+00:00 3fb1ee96f508784d7e06f079111d4d32d401a99b Only group and user records are cached in memory cache so only timeouts for those are checked. Resolves: https://fedorahosted.org/sssd/ticket/2176 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Only group and user records are cached in memory cache so only timeouts
for those are checked.

Resolves:
https://fedorahosted.org/sssd/ticket/2176

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
PAM: Make p11_child timeout configurable 2015-09-23T21:08:50+00:00 Michal Židek mzidek@redhat.com 2015-09-07T13:19:53+00:00 d85be8ad409c9efa9cf9e9ab6f9c2d911b01e5c1 Ticket: https://fedorahosted.org/sssd/ticket/2773 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Ticket:
https://fedorahosted.org/sssd/ticket/2773

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>