sssd.git/src/sysv/systemd, branch certificate_mapping Unnamed repository; edit this file to name it for gitweb. SYSTEMD: Update journald drop-in file 2017-02-07T13:30:38+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-02-07T08:52:59+00:00 7b4704a10958bb7d3390db9eff863875d2b643f7 We changed type forking into type notify as part of commit d4063e9a21a4e203bee7e0a0144fa8cabb14cc46. But we forgot to update template drop-in file for logging into journald. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
We changed type forking into type notify as part of commit
d4063e9a21a4e203bee7e0a0144fa8cabb14cc46.
But we forgot to update template drop-in file for logging into journald.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
IFP: Make IFP responder dbus-activatable 2017-01-23T17:46:37+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-11-17T00:20:14+00:00 9222a4fcbeec9d5a6f84aab31a5131f14d4a6430 As part of the effort of making all responders socket-activatable (or, in the IFP case, dbus-activatable), let's make the IFP responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Resolves: https://fedorahosted.org/sssd/ticket/3129 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
As part of the effort of making all responders socket-activatable (or,
in the IFP case, dbus-activatable), let's make the IFP responder ready
for this by providing its systemd's units.

Related:
https://fedorahosted.org/sssd/ticket/2243

Resolves:
https://fedorahosted.org/sssd/ticket/3129

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SUDO: Make Sudo responder socket-activatable 2017-01-23T17:46:37+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-11-17T00:03:13+00:00 f37e795cd16310759dc9741c1ab1323b287a9101 As part of the effort of making all responder socket-activatable, let's make Sudo responder ready for this by providing its systemd's units. In case the administrators want to use Sudo responder taking advantage of socket-activation they will need to enable sssd-sudo.socket and after a restart of the sssd service, the Sudo socket will be ready waiting for any activity in order to start the Sudo responder. Also, the Sudo responder must be removed from the services line on sssd.conf. The Sudo responder service is binded to the SSSD service, which means that the responder will be restarted in case SSSD is restarted and shutdown in case SSSD is shutdown/crashes. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
As part of the effort of making all responder socket-activatable, let's
make Sudo responder ready for this by providing its systemd's units.

In case the administrators want to use Sudo responder taking advantage
of socket-activation they will need to enable sssd-sudo.socket and
after a restart of the sssd service, the Sudo socket will be ready
waiting for any activity in order to start the Sudo responder. Also,
the Sudo responder must be removed from the services line on sssd.conf.

The Sudo responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.

Related:
https://fedorahosted.org/sssd/ticket/2243

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SSH: Make SSH responder socket-activatable 2017-01-23T17:46:37+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-11-17T00:09:56+00:00 b33c275ebac86695f7a2fa866e5766d469e2c578 As part of the effort of making all responder socket-activatable, let's make SSH responder ready for this by providing its systemd's units. In case the administrators want to use SSH responder taking advantage of socket-activation they will need to enable sssd-ssh.socket and after a restart of the sssd service, the SSH socket will be ready waiting for any activity in order to start the SSH responder. Also, the SSH responder must be removed from the services line on sssd.conf. The SSH responder service is binded to the SSSD service, which means that the responder will be restarted in case SSSD is restarted and shutdown in case SSSD is shutdown/crashes. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
As part of the effort of making all responder socket-activatable, let's
make SSH responder ready for this by providing its systemd's units.

In case the administrators want to use SSH responder taking advantage
of socket-activation they will need to enable sssd-ssh.socket and after
a restart of the sssd service, the SSH socket will be ready waiting for
any activity in order to start the SSH responder. Also, the SSH
responder must be removed from the services line on sssd.conf.

The SSH responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.

Related:
https://fedorahosted.org/sssd/ticket/2243

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
PAM: Make PAM responder socket-activatable 2017-01-23T17:46:37+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-11-16T23:53:22+00:00 6a7e28f06e4db1fa07e63ee39f3c28446ff56f4e As part of the effort of making all responder socket-activatable, let's make PAM responder ready for this by providing its systemd's units. In case the administrators want to use PAM responder taking advantage of socket-activation they will need to enable sssd-pam.socket and after a restart of the sssd service, the PAM socket will be ready waiting for any activity in order to start the PAM responder. Also, the PAM responder must be removed from the services line on sssd.conf. The PAM responder service is binded to the SSSD service, which means that the responder will be restarted in case SSSD is restarted and shutdown in case SSSD is shutdown/crashes. PAM responder, differently from the others, is a special case as it has two sockets and its private sockets must be owned by root and must have a specifc permission (0600). It's not new, though, and it's following what has been already done in the project.. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
As part of the effort of making all responder socket-activatable, let's
make PAM responder ready for this by providing its systemd's units.

In case the administrators want to use PAM responder taking advantage
of socket-activation they will need to enable sssd-pam.socket and after
a restart of the sssd service, the PAM socket will be ready waiting for
any activity in order to start the PAM responder. Also, the PAM
responder must be removed from the services line on sssd.conf.

The PAM responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.

PAM responder, differently from the others, is a special case as it has
two sockets and its private sockets must be owned by root and must have
a specifc permission (0600). It's not new, though, and it's following
what has been already done in the project..

Related:
https://fedorahosted.org/sssd/ticket/2243

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
PAC: Make PAC responder socket-activatable 2017-01-23T17:46:37+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-11-16T23:36:10+00:00 e4093605339062548364d338c811431673bdfe25 As part of the effort of making all responder socket-activatable, let's make PAC responder ready for this by providing its systemd's units. In case the administrators want to use PAC responder taking advantage of socket-activation they will need to enable sssd-pac.socket and after a restart of the sssd service, the PAC socket will be ready waiting for any activity in order to start the PAC responder. Also, the PAC responder must be removed from the services line on sssd.conf. The PAC responder service is binded to the SSSD service, which means that the responder will be restarted in case SSSD is restarted and shutdown in case SSSD is shutdown/crashes. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
As part of the effort of making all responder socket-activatable, let's
make PAC responder ready for this by providing its systemd's units.

In case the administrators want to use PAC responder taking advantage
of socket-activation they will need to enable sssd-pac.socket and after
a restart of the sssd service, the PAC socket will be ready waiting for
any activity in order to start the PAC responder. Also, the PAC
responder must be removed from the services line on sssd.conf.

The PAC responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.

Related:
https://fedorahosted.org/sssd/ticket/2243

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
NSS: Make NSS responder socket-activatable 2017-01-23T17:46:37+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-11-16T23:24:25+00:00 40e9ad2bf250cc3bfcdec7fb96031e2771160f69 As part of the effort of making all responders socket-activatable, let's make the NSS responder ready for this by providing its systemd's units. In case the administrators want to use NSS responder taking advantage of socket-activation they will need to enable sssd-nss.socket and after a restart of the sssd service, the NSS socket will be ready waiting for any activity in order to start the NSS responder. Also, the NSS responder must be removed from the services line on sssd.conf. The NSS responder service is binded to the SSSD service, which means that the responder will be restarted in case SSSD is restarted and shutdown in case SSSD is shutdown/crashes. Is quite important to mention that NSS responder will always run as root. The reason behind this is that systemd calls getpwnam() and getgprnam() when "User="/"Group=" is set to something different than "root". As it's done _before_ starting NSS responder, the clients would end up hanging for a few minutes (due to "default_client_timeout"), which is something that we really want to avoid. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
As part of the effort of making all responders socket-activatable, let's
make the NSS responder ready for this by providing its systemd's units.

In case the administrators want to use NSS responder taking advantage
of socket-activation they will need to enable sssd-nss.socket and after
a restart of the sssd service, the NSS socket will be ready waiting for
any activity in order to start the NSS responder. Also, the NSS
responder must be removed from the services line on sssd.conf.

The NSS responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.

Is quite important to mention that NSS responder will always run as
root. The reason behind this is that systemd calls getpwnam() and
getgprnam() when "User="/"Group=" is set to something different than
"root". As it's done _before_ starting NSS responder, the clients would
end up hanging for a few minutes (due to "default_client_timeout"),
which is something that we really want to avoid.

Related:
https://fedorahosted.org/sssd/ticket/2243

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
AUTOFS: Make AutoFS responder socket-activatable 2017-01-23T17:46:37+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-11-16T17:39:15+00:00 61cd5c8307be4c4ac53028c4499b8bdd78e322b6 As part of the effort of making all responders socket-activatable, let's make the AutoFS responder ready for this by providing its systemd's units. In case the administrators want to use AutoFS responder taking advantage of socket-activation they will need to enable sssd-autofs.socket and after a restart of the sssd service, the AutoFS socket will be ready waiting for any activity in order to start the AutoFS responder. Also, the AutoFS responder must be removed from the services line on sssd.conf. The AutoFS responder service is binded to the SSSD service, which means that the responder will be restarted in case SSSD is restarted and shutdown in case SSSD is shutdown/crashes. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
As part of the effort of making all responders socket-activatable, let's
make the AutoFS responder ready for this by providing its systemd's
units.

In case the administrators want to use AutoFS responder taking advantage
of socket-activation they will need to enable sssd-autofs.socket and
after a restart of the sssd service, the AutoFS socket will be ready
waiting for any activity in order to start the AutoFS responder. Also,
the AutoFS responder must be removed from the services line on
sssd.conf.

The AutoFS responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.

Related:
https://fedorahosted.org/sssd/ticket/2243

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
MONITOR: Create pidfile after responders started 2017-01-09T15:40:32+00:00 Victor Tapia victor.tapia@canonical.com 2016-10-03T15:36:08+00:00 d4063e9a21a4e203bee7e0a0144fa8cabb14cc46 Resolves: https://fedorahosted.org/sssd/ticket/3080 Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/3080

Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
MAN: sssd-secrets documentation 2016-09-30T07:09:26+00:00 Jakub Hrozek jhrozek@redhat.com 2016-08-08T15:48:51+00:00 54c64aad71e6792edb7cf99988d9a7f4bc2b0c61 Resolves: https://fedorahosted.org/sssd/ticket/3053 Documents the API and the purpose of the sssd-secrets responder. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Resolves:
    https://fedorahosted.org/sssd/ticket/3053

Documents the API and the purpose of the sssd-secrets responder.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>