URL: https://github.com/SSSD/sssd/pull/305
Title: #305: krb5: use plain principal if password is expired
fidencio commented:
"""
Patch looks good and the following test has been manually done:
Preparation:
On client side:
- Add 'krb5_use_enterprise_principal = True' to the domain's section
- Restart SSSD
On server side:
- Reset a user password (which makes the password expired)
Without Sumit's patch:
```
[ffidenci@client ~]$ ssh -l bob(a)sc.ff localhost
Password:
Password:
Password:
bob@sc.ff@localhost's password:
Permission denied, please try again.
bob@sc.ff@localhost's password:
Permission denied, please try again.
bob@sc.ff@localhost's password:
Received disconnect from UNKNOWN port 65535:2: Too many authentication failures
```
With Sumit's patch:
```
[ffidenci@client ~]$ ssh -l bob(a)sc.ff localhost
Password:
Password:
Password expired. Change your password now.
Current Password:
New password:
Retype new password:
Last failed login: Wed Jun 14 14:38:15 CEST 2017 from ::1 on ssh:notty
There were 13 failed login attempts since the last successful login.
Last login: Wed Jun 14 14:32:48 2017 from ::1
Could not chdir to home directory /home/bob: No such file or directory
-sh-4.4$
```
ACK!
"""
See the full comment at https://github.com/SSSD/sssd/pull/305#issuecomment-308419719
URL: https://github.com/SSSD/sssd/pull/303
Author: pbrezina
Title: #303: IFP: Add domain and domainname attributes to the user
Action: opened
PR body:
"""
org.freedekstop.sssd.infopipe.Users.User gets two new attributes:
- domain: object path of user's domain
- domainname: user's domain name
org.freedekstop.sssd.infopipe.GetUserAttr can now request new attribute:
- domainname: user's domain name
Resolves:
https://pagure.io/SSSD/sssd/issue/2714
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/303/head:pr303
git checkout pr303
URL: https://github.com/SSSD/sssd/pull/299
Author: lslebodn
Title: #299: pam_sss: Fix leaking of memory in case of failures
Action: opened
PR body:
"""
Found by coverity.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/299/head:pr299
git checkout pr299
URL: https://github.com/SSSD/sssd/pull/285
Author: justin-stephenson
Title: #285: SSSCTL: Add primary or subdomain information
Action: opened
PR body:
"""
Add **verbose** option to `sssctl domain-list`, when this option is provided
SSSD will print the domain type(primary or subdomain) retrieved from
infopipe API, in addition to the domain name.
Resolves:
https://pagure.io/SSSD/sssd/issue/3065
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/285/head:pr285
git checkout pr285
URL: https://github.com/SSSD/sssd/pull/293
Author: lslebodn
Title: #293: certmap: Remove unnecessary included files
Action: opened
PR body:
"""
Patch also replace util.h on place where it was not needed directly
and directly include required header files.
+ some patches to reduce util/util.h
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/293/head:pr293
git checkout pr293
URL: https://github.com/SSSD/sssd/pull/302
Author: sumit-bose
Title: #302: krb5: disable enterprise principals during password changes
Action: opened
PR body:
"""
Currently using enterprise principals during password changes does not
work reliable.
First there is a special behavior if canonicalization, which in general
should be used together with enterprise principals, is enabled with AD,
see https://pagure.io/SSSD/sssd/issue/1405 and
https://pagure.io/SSSD/sssd/issue/1615 for details. As a result of this
SSSD currently disables canonicalization during password changes.
Additionally it looks like MIT Kerberos does not handle canonicalized
principals well, even if canonicalization is enabled, if not the default
krbtgt/REALM@REALM but kadmin/changepw@REALM is requested. Since it is
currently not clear what is the expected behavior here it make sense to
completely disable enterprise principals during password changes for the
time being.
Resolves https://pagure.io/SSSD/sssd/issue/3426
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/302/head:pr302
git checkout pr302