sssd-devel June 2017

sssd-devel@lists.fedorahosted.org

5 participants
68 discussions

[sssd PR#308][comment] HBAC: Do not rely on originalMemberOf, use the sysdb memberof links instead (sssd-1-13 backport)
by jhrozek 14 Jun '17

14 Jun '17

URL: https://github.com/SSSD/sssd/pull/308 Title: #308: HBAC: Do not rely on originalMemberOf, use the sysdb memberof links instead (sssd-1-13 backport) jhrozek commented: """ OK, let's try this again """ See the full comment at https://github.com/SSSD/sssd/pull/308#issuecomment-308425786

1 0

[sssd PR#305][+Accepted] krb5: use plain principal if password is expired
by fidencio 14 Jun '17

14 Jun '17

URL: https://github.com/SSSD/sssd/pull/305 Title: #305: krb5: use plain principal if password is expired Label: +Accepted

1 0

[sssd PR#305][comment] krb5: use plain principal if password is expired
by fidencio 14 Jun '17

14 Jun '17

URL: https://github.com/SSSD/sssd/pull/305 Title: #305: krb5: use plain principal if password is expired fidencio commented: """ Patch looks good and the following test has been manually done: Preparation: On client side: - Add 'krb5_use_enterprise_principal = True' to the domain's section - Restart SSSD On server side: - Reset a user password (which makes the password expired) Without Sumit's patch: ``` [ffidenci@client ~]$ ssh -l bob(a)sc.ff localhost Password: Password: Password: bob@sc.ff@localhost's password: Permission denied, please try again. bob@sc.ff@localhost's password: Permission denied, please try again. bob@sc.ff@localhost's password: Received disconnect from UNKNOWN port 65535:2: Too many authentication failures ``` With Sumit's patch: ``` [ffidenci@client ~]$ ssh -l bob(a)sc.ff localhost Password: Password: Password expired. Change your password now. Current Password: New password: Retype new password: Last failed login: Wed Jun 14 14:38:15 CEST 2017 from ::1 on ssh:notty There were 13 failed login attempts since the last successful login. Last login: Wed Jun 14 14:32:48 2017 from ::1 Could not chdir to home directory /home/bob: No such file or directory -sh-4.4$ ``` ACK! """ See the full comment at https://github.com/SSSD/sssd/pull/305#issuecomment-308419719

1 0

[sssd PR#306][comment] IPA: Enable enterprise principals even if there are no changes to subdomains
by jhrozek 14 Jun '17

14 Jun '17

URL: https://github.com/SSSD/sssd/pull/306 Title: #306: IPA: Enable enterprise principals even if there are no changes to subdomains jhrozek commented: """ On Tue, Jun 13, 2017 at 06:07:30AM -0700, lslebodn wrote: > I would push the patch. But it is related to the ticket https://pagure.io/SSSD/sssd/issue/3001? > I am just guessing based on git log :-) > No, this is an unrelated issue I found while trying to reproduce https://pagure.io/SSSD/sssd/issue/3426 If you prefer, we can have a new ticket (I think it would be a good idea..) """ See the full comment at https://github.com/SSSD/sssd/pull/306#issuecomment-308415975

1 0

[sssd PR#303][opened] IFP: Add domain and domainname attributes to the user
by pbrezina 09 Jun '17

09 Jun '17

URL: https://github.com/SSSD/sssd/pull/303 Author: pbrezina Title: #303: IFP: Add domain and domainname attributes to the user Action: opened PR body: """ org.freedekstop.sssd.infopipe.Users.User gets two new attributes: - domain: object path of user's domain - domainname: user's domain name org.freedekstop.sssd.infopipe.GetUserAttr can now request new attribute: - domainname: user's domain name Resolves: https://pagure.io/SSSD/sssd/issue/2714 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/303/head:pr303 git checkout pr303

2 5

[sssd PR#299][opened] pam_sss: Fix leaking of memory in case of failures
by lslebodn 08 Jun '17

08 Jun '17

URL: https://github.com/SSSD/sssd/pull/299 Author: lslebodn Title: #299: pam_sss: Fix leaking of memory in case of failures Action: opened PR body: """ Found by coverity. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/299/head:pr299 git checkout pr299

3 5

[sssd PR#304][opened] cache_req: Do not use default_domain_suffix with netgroups
by lslebodn 08 Jun '17

08 Jun '17

URL: https://github.com/SSSD/sssd/pull/304 Author: lslebodn Title: #304: cache_req: Do not use default_domain_suffix with netgroups Action: opened PR body: """ Resolves: https://pagure.io/SSSD/sssd/issue/3428 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/304/head:pr304 git checkout pr304

3 5

[sssd PR#285][opened] SSSCTL: Add primary or subdomain information
by justin-stephenson 08 Jun '17

08 Jun '17

URL: https://github.com/SSSD/sssd/pull/285 Author: justin-stephenson Title: #285: SSSCTL: Add primary or subdomain information Action: opened PR body: """ Add **verbose** option to `sssctl domain-list`, when this option is provided SSSD will print the domain type(primary or subdomain) retrieved from infopipe API, in addition to the domain name. Resolves: https://pagure.io/SSSD/sssd/issue/3065 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/285/head:pr285 git checkout pr285

5 29

[sssd PR#293][opened] certmap: Remove unnecessary included files
by lslebodn 08 Jun '17

08 Jun '17

URL: https://github.com/SSSD/sssd/pull/293 Author: lslebodn Title: #293: certmap: Remove unnecessary included files Action: opened PR body: """ Patch also replace util.h on place where it was not needed directly and directly include required header files. + some patches to reduce util/util.h """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/293/head:pr293 git checkout pr293

3 6

[sssd PR#302][opened] krb5: disable enterprise principals during password changes
by sumit-bose 08 Jun '17

08 Jun '17

URL: https://github.com/SSSD/sssd/pull/302 Author: sumit-bose Title: #302: krb5: disable enterprise principals during password changes Action: opened PR body: """ Currently using enterprise principals during password changes does not work reliable. First there is a special behavior if canonicalization, which in general should be used together with enterprise principals, is enabled with AD, see https://pagure.io/SSSD/sssd/issue/1405 and https://pagure.io/SSSD/sssd/issue/1615 for details. As a result of this SSSD currently disables canonicalization during password changes. Additionally it looks like MIT Kerberos does not handle canonicalized principals well, even if canonicalization is enabled, if not the default krbtgt/REALM@REALM but kadmin/changepw@REALM is requested. Since it is currently not clear what is the expected behavior here it make sense to completely disable enterprise principals during password changes for the time being. Resolves https://pagure.io/SSSD/sssd/issue/3426 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/302/head:pr302 git checkout pr302

2 6

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel June 2017