Hi,
this patch changes the way we handle expired passwords to meet the PAM
standards.
bye,
Sumit
From bb731b875dbb78980c7e2a9d0a97cac54fc5faa2 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 22 Feb 2010 09:10:32 +0100
Subject: [PATCH] Handle expired passwords like other PAM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/22/2010 04:14 AM, Sumit Bose wrote:
On Fri, Feb 19, 2010 at 03:46:43PM -0500, Stephen Gallagher wrote:
On 02/19/2010 08:49 AM, Sumit Bose wrote:
Hi,
this patch should fix #403.
libdbus is so nice to call chmod(0777) explicitly on a newly
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 06:58 AM, Sumit Bose wrote:
Hi,
this patch changes the way we handle expired passwords to meet the PAM
standards.
bye,
Sumit
Ack.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 01:29 PM, Stephen Gallagher wrote:
Nack.
ldap_id_cleanup_users_done():
If the cleanup_groups_send subreq creation fails, you do not set
err. This means that the error you print will indicate EOK. That's
confusing to someone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
These patches must be applied on top of the Do not check entries... one.
[PATCH 1/2] Store lastLogin attribute when authenticating online
This is needed for the second patch as we rely on lastLogin to decide
whether to delete an entry or not.
[PATCH
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 07:50 AM, Jakub Hrozek wrote:
On 02/23/2010 01:29 PM, Stephen Gallagher wrote:
Nack.
ldap_id_cleanup_users_done():
If the cleanup_groups_send subreq creation fails, you do not set
err. This means that the error you print will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ssia
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkuD1X0ACgkQHsardTLnvCXeMwCeOcsuDT1zfnhRguXywuzjF4Hk
jZgAn0LyplwYuMoEPuDxxhtt74C3e1d+
=wSYP
-END PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 08:15 AM, Stephen Gallagher wrote:
On 02/23/2010 07:50 AM, Jakub Hrozek wrote:
On 02/23/2010 01:29 PM, Stephen Gallagher wrote:
Nack.
ldap_id_cleanup_users_done():
If the cleanup_groups_send subreq creation fails, you do not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 08:17 AM, Jakub Hrozek wrote:
ssia
Ack.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 03:56 PM, Stephen Gallagher wrote:
Sorry, I need to correct this to a Nack.
Please update manpage entries for ldap_purge_cache_timeout and
entry_cache_timeout.
Sure, attached.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 07:50 AM, Jakub Hrozek wrote:
These patches must be applied on top of the Do not check entries... one.
[PATCH 1/2] Store lastLogin attribute when authenticating online
This is needed for the second patch as we rely on lastLogin to
On Tue, 23 Feb 2010 13:50:42 +0100
Jakub Hrozek jhro...@redhat.com wrote:
[PATCH 1/2] Store lastLogin attribute when authenticating online
This is needed for the second patch as we rely on lastLogin to decide
whether to delete an entry or not.
This one seem to save the last login _only_ when
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 11:58 AM, Simo Sorce wrote:
On Tue, 23 Feb 2010 13:50:42 +0100
Jakub Hrozek jhro...@redhat.com wrote:
[PATCH 1/2] Store lastLogin attribute when authenticating online
This is needed for the second patch as we rely on lastLogin to
On Tue, 23 Feb 2010 13:50:42 +0100
Jakub Hrozek jhro...@redhat.com wrote:
+
+ = dp_opt_get_int(opts-basic,
+ SDAP_LOGIN_CACHE_TIMEOUT);
+
+if (!offline_credentials_expiration ldap_cred_expiration) {
+DEBUG(1, (Conflicting values for
On Tue, 23 Feb 2010 13:50:42 +0100
Jakub Hrozek jhro...@redhat.com wrote:
+varlistentry
+termlogin_cache_timeout (integer)/term
+listitem
+para
Just thinking out loud, but the name looks not very clear.
I would
On Tue, 23 Feb 2010 11:59:27 -0500
Stephen Gallagher sgall...@redhat.com wrote:
[PATCH 1/2] Store lastLogin attribute when authenticating online
This is needed for the second patch as we rely on lastLogin to
decide whether to delete an entry or not.
This one seem to save the last
On Tue, 23 Feb 2010 13:50:42 +0100
Jakub Hrozek jhro...@redhat.com wrote:
if (!req) {
@@ -281,19 +286,41 @@ static struct tevent_req
*cleanup_users_send(TALLOC_CTX *memctx, }
state-ev = ev;
-state-sysdb = sysdb;
-state-domain = domain;
+state-sysdb = ctx-be-sysdb;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 06:03 PM, Simo Sorce wrote:
This snipped is very confusing.
It looks like ldap_cred_expiration should really be called
login_cache_timeout, or what I am not understanding here?
Yes, this is confusing. As you mentioned in the other
On Tue, 23 Feb 2010 13:50:42 +0100
Jakub Hrozek jhro...@redhat.com wrote:
+ret = get_uid_table(state, state-uid_table);
+if (ret != EOK) {
+tevent_req_error(req, ret);
+return;
+}
+
On non-linux platforms this returns ENOSYS
You can't make it a hard error IMO.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This patch reverts the change we made to use enumerations by default.
It should be pushed along with the patch Do not schedule enumeration
after a cleanup, now that we have identified and fixed the bug that
caused the performance hit when enumeration
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 01:43 PM, Jakub Hrozek wrote:
Attached is a revised patch.
The changes:
* reverted the error condition handling in cleanup_users_send()
* handles ENOSYS returned from get_uid_table()
* commented the checks on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 07:46 PM, Stephen Gallagher wrote:
successful wasn't the only part of the ConfigAPI description that
needed changing. It's still bad English.
_('How long to keep cached entries with after last successful login'),
Should read
On Tue, 23 Feb 2010 19:52:50 +0100
Jakub Hrozek jhro...@redhat.com wrote:
-subfilter = talloc_asprintf(state, ((!(%s=0))(%s=%ld)),
+account_cache_expiration =
dp_opt_get_int(state-ctx-opts-basic,
+
SDAP_ACCOUNT_CACHE_EXPIRATION);
+DEBUG(9, (Cache expiration is set to %d days\n,
On Tue, 23 Feb 2010 19:52:50 +0100
Jakub Hrozek jhro...@redhat.com wrote:
On 02/23/2010 07:46 PM, Stephen Gallagher wrote:
successful wasn't the only part of the ConfigAPI description that
needed changing. It's still bad English.
_('How long to keep cached entries with after last
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 04:08 PM, Jakub Hrozek wrote:
On 02/23/2010 08:30 PM, Simo Sorce wrote:
Aside from the talloc_asprintf_append() point in the other mail,
patches looks good to me.
Simo.
Thanks for the review, new patches are attached.
Looks
25 matches
Mail list logo