| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
We changed type forking into type notify as part of commit
d4063e9a21a4e203bee7e0a0144fa8cabb14cc46.
But we forgot to update template drop-in file for logging into journald.
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of the effort of making all responders socket-activatable (or,
in the IFP case, dbus-activatable), let's make the IFP responder ready
for this by providing its systemd's units.
Related:
https://fedorahosted.org/sssd/ticket/2243
Resolves:
https://fedorahosted.org/sssd/ticket/3129
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of the effort of making all responder socket-activatable, let's
make Sudo responder ready for this by providing its systemd's units.
In case the administrators want to use Sudo responder taking advantage
of socket-activation they will need to enable sssd-sudo.socket and
after a restart of the sssd service, the Sudo socket will be ready
waiting for any activity in order to start the Sudo responder. Also,
the Sudo responder must be removed from the services line on sssd.conf.
The Sudo responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.
Related:
https://fedorahosted.org/sssd/ticket/2243
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of the effort of making all responder socket-activatable, let's
make SSH responder ready for this by providing its systemd's units.
In case the administrators want to use SSH responder taking advantage
of socket-activation they will need to enable sssd-ssh.socket and after
a restart of the sssd service, the SSH socket will be ready waiting for
any activity in order to start the SSH responder. Also, the SSH
responder must be removed from the services line on sssd.conf.
The SSH responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.
Related:
https://fedorahosted.org/sssd/ticket/2243
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of the effort of making all responder socket-activatable, let's
make PAM responder ready for this by providing its systemd's units.
In case the administrators want to use PAM responder taking advantage
of socket-activation they will need to enable sssd-pam.socket and after
a restart of the sssd service, the PAM socket will be ready waiting for
any activity in order to start the PAM responder. Also, the PAM
responder must be removed from the services line on sssd.conf.
The PAM responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.
PAM responder, differently from the others, is a special case as it has
two sockets and its private sockets must be owned by root and must have
a specifc permission (0600). It's not new, though, and it's following
what has been already done in the project..
Related:
https://fedorahosted.org/sssd/ticket/2243
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of the effort of making all responder socket-activatable, let's
make PAC responder ready for this by providing its systemd's units.
In case the administrators want to use PAC responder taking advantage
of socket-activation they will need to enable sssd-pac.socket and after
a restart of the sssd service, the PAC socket will be ready waiting for
any activity in order to start the PAC responder. Also, the PAC
responder must be removed from the services line on sssd.conf.
The PAC responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.
Related:
https://fedorahosted.org/sssd/ticket/2243
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of the effort of making all responders socket-activatable, let's
make the NSS responder ready for this by providing its systemd's units.
In case the administrators want to use NSS responder taking advantage
of socket-activation they will need to enable sssd-nss.socket and after
a restart of the sssd service, the NSS socket will be ready waiting for
any activity in order to start the NSS responder. Also, the NSS
responder must be removed from the services line on sssd.conf.
The NSS responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.
Is quite important to mention that NSS responder will always run as
root. The reason behind this is that systemd calls getpwnam() and
getgprnam() when "User="/"Group=" is set to something different than
"root". As it's done _before_ starting NSS responder, the clients would
end up hanging for a few minutes (due to "default_client_timeout"),
which is something that we really want to avoid.
Related:
https://fedorahosted.org/sssd/ticket/2243
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of the effort of making all responders socket-activatable, let's
make the AutoFS responder ready for this by providing its systemd's
units.
In case the administrators want to use AutoFS responder taking advantage
of socket-activation they will need to enable sssd-autofs.socket and
after a restart of the sssd service, the AutoFS socket will be ready
waiting for any activity in order to start the AutoFS responder. Also,
the AutoFS responder must be removed from the services line on
sssd.conf.
The AutoFS responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.
Related:
https://fedorahosted.org/sssd/ticket/2243
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3080
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3053
Documents the API and the purpose of the sssd-secrets responder.
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds two new files: sssd-secrets.socket and sssd-secrets.service. These
can be used to socket-acticate the secrets responder even without
explicitly starting it in the sssd config file.
The specfile activates the socket after installation which means that
the admin would just be able to use the secrets socket and the
sssd_secrets responder would be started automatically by systemd.
The sssd-secrets responder is started as root, mostly because I didn't
think of an easy way to pass the uid/gid to the responders without
asking about the sssd user identity in the first place. But nonetheless,
the sssd-secrets responder wasn't tested as non-root and at least the
initialization should be performed as root for the time being.
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The syslog.target is not part of systemd anymore.
The non-socket-activated syslog daemons are not supported in systemd >= 35
and in the same version it was recomemded to not use this target in service
files.
http://www.freedesktop.org/wiki/Software/systemd/syslog/
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2722
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1088619
Before permitting user sessions sssd should be running. This also correctly
orders shutdown of sssd after the user sessions.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bash function daemon will call success or fail. It is useless to call them
one more time. It may cause strange behaviour with some configurations of
terminal.
# service sssd restart
Stopping sssd: [ OK ]
[ OK ] sssd: [ OK ]
Resolves:
https://fedorahosted.org/sssd/ticket/2280
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
systemd supports overrides of the standard service file to be placed in
/etc/systemd/system/<service>.service.d/
With this patch, we will install a commented-out override file to /etc
that will instruct the user on how to enable logging to journald.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Output from init scripts should go to a file (ideally in
/var/log directory) instead of stderr.
Signed-off-by: Markos Chandras <hwoarang@gentoo.org>
|
| |
|
|
|
|
|
| |
Allow sssd to use the xdm wrapper so login managers can
use sssd to authenticate users.
Signed-off-by: Markos Chandras <hwoarang@gentoo.org>
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1959
|
| |
|
|
|
|
|
| |
Previously, these contained hard-coded paths. Now they are
populated correctly by the configure script.
https://fedorahosted.org/sssd/ticket/1986
|
| |
|
|
|
|
|
|
| |
SSSD needs to be started before NFS-related processes or they will
mount with the username 'nobody' if they would have otherwise used
LDAP accounts.
https://fedorahosted.org/sssd/ticket/1273
|
| |
|
|
|
|
| |
This patch fixes the provided systemd unit file so it is the same
as the one Jóhann B. Guðmundsson provided in Red Hat Bugzilla #689853
except for hardcoded paths.
|
| | |
|
| |
|
|
|
|
|
| |
So far, the systemd unit file is only packaged but not used in any of
the packaged spec files.
Fixes: #483
|
| |
|
|
| |
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
| | |
|
|
|
Also update BUILD.txt
|
