On Fri, 2012-03-09 at 13:18 +0100, Jan Zelený wrote:
> Patch 0001: Make sdap_access_send() public so the IPA provider
can
> consume it.
>
> Patch 0002: Check that the user is not disabled before performing the
> HBAC check. I chose to do the nsAccountLock check first because it's a
> very fast operation against the cache, so if it returns PAM_PERM_DENIED
> we will skip the slower HBAC checks and jump straight to denial.
Ack to both.
Pushed to master and sssd-1-8.