Patch 0001: Ensure that all domains are checked for users/groups
There was a bug in the negative cache checks (probably a leftover
from when filter_users was global-only) that meant that if a user
was filtered out of a domain, the remaining domains would not be
checked for that user. (Same for groups/initgroups)
Patch 0002: Refactor the negative cache
Rename functions from nss_ncache_* to sss_ncache_*
Move negative cache to responder/common and rename as negcache.c/h
Patch 0003: Move setup of filter_users and filter_groups to negcache.c
Creates a new function - sss_ncache_prepopulate() - that can be
shared with other responders, such as PAM.
Patch 0004: Honor filter_users in PAM.
Previously, while the user was filtered out of NSS, we were still trying
to authenticate against the user in PAM.
See
https://bugzilla.redhat.com/show_bug.cgi?id=596295 for more details.
(Tested and verified that these patches fix that issue)
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/