| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Currently the main use-case for this new option is to not set the
KRB5CCNAME environment varible for services like 'sudo-i'.
Resolves https://fedorahosted.org/sssd/ticket/2296
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
This patch switches ncache from pam_ctx to resp_ctx.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
It removes neg_timeout parameter from struct pam_ctx. Timeout is
handled by context of negative cache internally.
This patch additioanlly removes neg_timeout from struct cache_req_state.
Resolves:
https://fedorahosted.org/sssd/ticket/2317
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.
Resolves https://fedorahosted.org/sssd/ticket/2812
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Extend PAM responder unit test to check 'online' cached authentication.
Resolves:
https://fedorahosted.org/sssd/ticket/2697
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Enable authenticating users from cache even when SSSD is in online mode.
Introduce new option `cached_auth_timeout`.
Resolves:
https://fedorahosted.org/sssd/ticket/1807
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
Keeping a per-request flag in a global structure is really dangerous.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam_public_domains option is a list of numerical UIDs or user names
that are trusted.
pam_public_domains option is a list of domains accessible even for
untrusted users.
Based on:
https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
| |
This member was used only in a single call where a local variable suits
better.
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1869
Currently the private data passed to the PAM request is a structure
allocated on the client context. But in the odd case where the back end
would be stopped or stuck until the idle timeout hits, the DP callback
would access data that were freed when the client timed out.
This patch introduces a new structure allocated on responder context,
whose only purpose is to live as long as the request is active.
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of timing out the initgroups lookup on a per-cctx basis,
we will maintain a hash table of recently-seen users and use this
instead. This will allow SSSD to handle user's logging into
multiple services simultaneously more graciously, as well as
playing nicer with SSH (which makes calls to PAM both before and
after a fork).
https://fedorahosted.org/sssd/ticket/1063
|
|
|
|
|
|
|
|
| |
Also adds an option to limit how often we check the ID provider,
so that conversations with multiple PAM requests won't update the
cache multiple times.
https://fedorahosted.org/sssd/ticket/749
|
| |
|
| |
|
| |
|
|
Also update BUILD.txt
|