summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Swap SBus client server role between proxy and proxy_childsssd-1-2-proxySumit Bose2010-05-212-184/+167
|
* Remove signal event if child was terminated by a signalSumit Bose2010-05-212-6/+29
|
* Move start of the proxy_child to proxy providerSumit Bose2010-05-212-92/+138
|
* Move parse_args() to utilSumit Bose2010-05-213-100/+101
|
* Review fixesSumit Bose2010-05-212-48/+4
|
* Reworked proxy providerSumit Bose2010-05-205-151/+1105
| | | | | | | - synchronous pam operation are run in a separate process - proxy provider queues pam request and send them to the new process - _SSS_LOOPS is unset in the new process to allow getpw*() and getgr*() calls
* Add enumerate details to the manpage and examplesStephen Gallagher2010-05-202-3/+21
|
* Copy pam data from DBus messageSumit Bose2010-05-203-54/+75
| | | | | | | | Instead of just using references to the pam data inside of the DBus message the data is copied. New the DBus message can be freed at any time and the pam data is part of the memory hierarchy. Additionally it is possible to overwrite the authentication tokens in the DBus message, because it is not used elsewhere.
* Defer sbus_dispatch() for 30ms during reconnectSumit Bose2010-05-201-1/+2
|
* Fix check if LDAP id provider is already initializedSumit Bose2010-05-201-1/+1
|
* Add a better error message for TLS failuresStephen Gallagher2010-05-201-3/+32
|
* Reset run_online_cb flag even if there are no callbacksSumit Bose2010-05-201-8/+10
|
* SSSDConfigAPI fixesJakub Hrozek2010-05-204-6/+8
| | | | | | | | * add forgotten ldap_dns_service option * sync IPA and LDAP options (ldap_pwd_policy and ldap_tls_cacertdir) * ldap_uri is no longer mandatory for LDAP provider - the default is to use service discovery with no address set now. Ditto for krb5_kdcip and ipa_server
* Update pl translationPiotr Drąg2010-05-201-7/+3
|
* Update version to 1.1.92Stephen Gallagher2010-05-1814-321/+409
| | | | Update translation strings.
* Set ldap_search_timeout default to 5 secondsStephen Gallagher2010-05-185-2/+47
| | | | | | | | | The manpages had five seconds listed, but the source disagreed (it was set to 60 seconds). This resulted in long wait times when unlocking the screen after network disconnection, for example. If enumerate=True, we will set this value to a minimum of 30s
* Remove unused ldap_offline_timeout optionStephen Gallagher2010-05-188-7/+5
|
* Add offline callback to disconnect global SDAP handleSumit Bose2010-05-184-1/+24
|
* Add krb5 SIGTERM handler to ipa auth providerSumit Bose2010-05-181-0/+6
|
* Refactor krb5 SIGTERM handler installationSumit Bose2010-05-183-14/+39
|
* Krb5 locator plugin returns KRB5_PLUGIN_NO_HANDLESumit Bose2010-05-181-6/+6
| | | | | | To allow a fallback to the setting in krb5.conf the locator plugin returns KRB5_PLUGIN_NO_HANDLE in nearly all error conditions. Only if the call back fails the error code of the callback is returned.
* Add callback to remove krb5 info files when going offlineSumit Bose2010-05-186-41/+162
|
* Add run_callbacks flagSumit Bose2010-05-182-2/+25
|
* Refactor krb5_finalize()Sumit Bose2010-05-181-12/+27
|
* Add offline callbacksSumit Bose2010-05-183-1/+32
|
* Refactor data provider callbacksSumit Bose2010-05-184-142/+188
|
* Revert "Create kdcinfo and kpasswdinfo file at startup"Sumit Bose2010-05-183-50/+1
| | | | This reverts commit 4f5664a2ec401f43c090e6170ed9c78390c35272.
* Add ldap_access_filter optionStephen Gallagher2010-05-161-1/+1
| | | | | | | | | | This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
* Add ldap_krb5_ticket_lifetime optionSumit Bose2010-05-1613-12/+58
|
* Allow Debian/Ubuntu build to pass --install-layout=deb to setup.pyPetter Reinholdtsen2010-05-162-4/+13
|
* Don't report a fatal error for an HBAC denialStephen Gallagher2010-05-161-1/+1
|
* Add ldap_access_filter optionStephen Gallagher2010-05-1615-4/+748
| | | | | | | | | | This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
* Update uk translationYuri Chornoivan2010-05-101-28/+32
|
* Update pl translationPiotr Drąg2010-05-101-32/+32
|
* Update version to 1.1.91Stephen Gallagher2010-05-0714-1157/+1813
| | | | Commit new strings for string freeze
* Add dynamic DNS updates to FreeIPAStephen Gallagher2010-05-0713-14/+715
| | | | | | | | | | | | | | | | | | This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
* Use service discovery in backendsJakub Hrozek2010-05-0717-36/+224
| | | | | | | | | Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
* Add callback when the ID provider switches from offline to onlineStephen Gallagher2010-05-074-0/+174
| | | | | | | | Allow backends to set a callback in the be_ctx that should be invoked when the ID provider goes online. This can be used to perform regular maintenance tasks that are valid only when going online.
* Add more warnings about nearly expired passwordsSumit Bose2010-05-071-5/+66
| | | | | For the shadow and mit_kerberos password policy warnings are sent to the client if the password is about to expire.
* Add retry option to pam_sssSumit Bose2010-05-072-92/+164
|
* Add support for delayed kinit if offlineSumit Bose2010-05-0722-37/+618
| | | | | | | If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
* Compare the full service nameSumit Bose2010-05-071-1/+2
|
* Create kdcinfo and kpasswdinfo file at startupSumit Bose2010-05-073-1/+50
|
* Clean up kdcinfo and kpasswdinfo files when exitingStephen Gallagher2010-05-075-1/+67
|
* Fix memory hierarchy in the ipa timerulesJakub Hrozek2010-05-071-4/+4
|
* Handle Krb5 password expiration warningSumit Bose2010-05-074-176/+213
|
* Split pam_data utilities into a separate fileSumit Bose2010-05-073-35/+62
|
* Improve the offline authentication messageJakub Hrozek2010-05-071-2/+2
|
* Make krb5_kpasswd available for any krb5 providerStephen Gallagher2010-05-073-1/+5
| | | | | | | | | Previously, the option krb5_kpasswd was only available if 'chpass_provider = krb5' was specified explicitly. Now it will be available also if 'auth_provider = krb5'. This option was also missing from the IPA options, so I have added it there as well
* Properly set up SIGCHLD handlersStephen Gallagher2010-05-076-54/+116
| | | | | | Instead of having all-purpose SIGCHLD handlers that try to catch every occurrence, we instead create a per-PID handler. This will allow us to specify callbacks to occur when certain children exit.
generated by cgit (git 2.34.1) at 2026-04-03 04:44:39 +0000