[PATCH] Serialize requests of the same user in the krb5 provider
by Sumit Bose
Hi,
I would like to propose this patch as an alternative fix for ticket
#533. This patch puts parallel auth requests of a user in a wait queue
and handles them one after the other. This will delay parallel auth
requests a bit but avoids all kind of race conditions I still can see in
the approach for creating the potential new ccache file at the beginning
of the request.
bye,
Sumit
13 years, 4 months
[PATCH] Fixes for automatic ticket renewal
by Sumit Bose
Hi,
I have found some minor issues with automatic ticket renewal while
testing.
If random ccache file names are used the name of the ccache file should
be kept if the user is not logged in, but the TGT is still renewable.
If a user logs in and out repeatedly and random names are used a new
hash entry is created for every new ticket. The old entries just eat
away some memory because the related ccache file is already deleted.
Using the user name as the hash key solves this, because currently sssd
(and MIT Kerberos) support one ccache per user.
bye,
Sumit
13 years, 4 months
[PATCHES] block sss_nss before the first enumeration task
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Patch 0001: Add sysdb_has_enumerated and sysdb_set_enumerated helper
functions
Patch 0002: Start first enumeration immediately
Previously, we would wait for ten seconds before starting an
enumeration. However, this meant that on the first startup (before
we had run our first enumeration) there was a ten-second window
where clients would immediately get back a response with no
entries instead of blocking until the enumeration completed.
With this patch, SSSD will now run an enumeration immediately upon
startup. Further startups will retain the ten-second delay so as
not to slow down system bootups.
Fixes https://fedorahosted.org/sssd/ticket/616
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkz/+McACgkQeiVVYja6o6MjTgCdHQWbZOOKtcURTbl29PV/YR0u
j7wAoKAm7stVwQT89xdz3vZyN/w6vMZU
=xOOZ
-----END PGP SIGNATURE-----
13 years, 4 months
sssd-ldap equivalent of nss_override_attribute_value ?
by Gabriel Somlo
Hi,
I'm trying to migrate my ldap authorization setup from nss_ldap to sssd,
and got stuck on finding an sssd.conf-equivalent to the
nss_override_attribute_value statement available in nss_ldap.conf.
I can easily do something like
ldap_user_uid_number unixUid
instead of
nss_map_attribute uidNumber unixUid
but can't figure out a way to do the equivalent of
nss_override_attribute_value gidNumber 100
(the group numbers returned via the unixGid attribute by our ldap
server -- over which I have no control -- are useless).
I realize this *might* not be a devel-related issue (unless it's
currently not possible to accomplish, in which case it's a feature
request :) ) but I couldn't find an sssd-users mailing list anywhere,
and lmgtfy.com wasn't of much help either.
Many thanks in advance for any clues !
--Gabe
13 years, 4 months
[PATCH] Fix segfault in pam_sss.so
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Not all calls to do_pam_conversation() pass in a return value for the
_answer argument (notably, all PAM_TEXT_INFO calls). So if we receive a
PAM_TEXT_INFO message, we segfault.
This burned me when I was trying to log in offline with pam_verbosity=3
Pushed to master under the one-liner and unbreak-the-build rules.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0KRIcACgkQeiVVYja6o6MfrACgnHbHfMnm0UjY6KzD6UrGxbLX
EScAoJK+0vKbsVxZwxRbVw1ctwI/KbDh
=jyfZ
-----END PGP SIGNATURE-----
13 years, 4 months
[PATCHES] Fix more assorted bugs found by Coverity
by Sumit Bose
Hi,
here are some more fixes for issues found by Coverity. Please have a
careful look on the patch for ticket #727. I think the patch will fix
the issue, but I'm not sure if some other kind of fix is needed here.
bye,
Sumit
13 years, 4 months
