On Fri, Aug 14, 2009 at 03:46:54PM -0400, Stephen Gallagher wrote:
This timeout specifies the lifetime of a cache entry before it is
updated out-of-band. When this timeout is hit, the request will
still complete from cache, but the SSSD will also go and update
the cached entry in the
Hi,
commit c0f3393d4ab923e2eedab0fad88a864e2aae9fc9 removed a needed
hash_create. This patch adds it again.
bye,
Sumit
From 26584f63fdf4139c1d3bf6577e9dd26a5c2520ae Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 18 Aug 2009 11:57:50 +0200
Subject: [PATCH] added missing
From 6bc7402f112d8ed612d0a8128e74459d4c072809 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 21 Aug 2009 12:08:31 +0200
Subject: [PATCH] use stored upn if available
If a user principle name (upn) can be found in sysdb the krb5
backend will use this otherwise is build
On Thu, Aug 27, 2009 at 09:21:55AM -0400, Simo Sorce wrote:
On Thu, 2009-08-27 at 01:03 -0400, Simo Sorce wrote:
This affects only the ldap driver.
Enumerations are now a background task, on startup a full enumeration is
performed.
Then every 5 minutes (changeable default) only
a9a1c7e26b919c2edb6fa64fbb4e7d9e243eb565 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 27 Aug 2009 14:05:36 +0200
Subject: [PATCH] check if gid attribute is empty
---
server/providers/ldap/sdap_async.c |6 ++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/server
On Thu, Aug 27, 2009 at 09:38:14AM -0400, Simo Sorce wrote:
On Wed, 2009-08-26 at 13:25 +0200, Sumit Bose wrote:
I have include the check in the sss_client directory, but I'm
reluctant
to add it to common, too. IMO the maintainers of the packages should
decide if errno_t makes sense
On Thu, Aug 27, 2009 at 01:58:15PM -0400, Simo Sorce wrote:
This patch should make the enumeration code ~ O(log n) instead of O(n)
On my system it brought enumeration down from 12s to 4s with the same
data set.
Although I haven't measured it I see a speed-up, too.
I have only one issue
From: Sumit Bose sb...@redhat.com
Date: Wed, 26 Aug 2009 11:08:55 +0200
Subject: [PATCH] send SSSD_REALM and SSSD_KDCIP environment to the client
Currently the kerberos locator plugin needs these two variables to
be set to find a KDC which is configured in sssd but not in
/etc/krb5.conf.
---
server
On Fri, Aug 28, 2009 at 12:16:51PM +0200, Sumit Bose wrote:
Hi,
the environment variable which are send back by this patch are currently
needed in the user session of the client. When the DNS helper is
available and used by the kerberos locator plugin they can be removed.
bye,
Sumit
Hi,
a previous patch added a new attribute and also changed the internal
order of the existing attributes. This patch changes the numbering of
the attributes to match the new order.
bye,
Sumit
From a4e1484f0dc9297f9c609196e4356e97d244ad14 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb
tests which uses 'provider=files' might fail if I have
messed up the expansion.
bye,
Sumit
From 79ffba6e5d1ee01fe8474aacaec412e9387a85df Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 2 Sep 2009 12:21:55 +0200
Subject: [PATCH] remove the concept of a backend name
The data
On Tue, Sep 01, 2009 at 04:35:14PM -0400, Simo Sorce wrote:
On Tue, 2009-09-01 at 16:33 -0400, Simo Sorce wrote:
When enumerate is set to flse we don't return entries on an enumerating
getent but we still run the enumeration task.
Obey the enumerate flag and don't start the task if it is
On Tue, Sep 01, 2009 at 04:36:26PM -0400, Simo Sorce wrote:
newer tevent versions (correctly) fail if loops are nested.
fix the code to never nest loops.
Simo.
If during a enumeration an uid/gid is found which is not in the range,
the whole transaction is canceled and nothing is cached. Is
Hi,
this patch adds some autotols cleanups.
bye,
Sumit
From 9775390adcaa7ad42f78930d9ffa5bbadb85cff5 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 7 Sep 2009 18:06:21 +0200
Subject: [PATCH] fix libdbus configure check
- remove unneeded CFLAGS component
- do not leak
Hi,
valgrind told me that the sockaddr_in structure might be used
uninitialized. This patch fixes this and adds some debugging messages I
found useful to follow the usage of the plugin.
bye,
Sumit
From be17f8cefb0b2485fde334d60eddd3dababa1fb1 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb
an error, too.
I cannot see the other warnings, what compiler options and code revision
are you using?
bye,
Sumit
From 08b9b713d3da341c161b1bd6505d9f3968b84f6b Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 8 Sep 2009 12:08:39 +0200
Subject: [PATCH] fix two possible
On Fri, Sep 04, 2009 at 06:02:09PM -0400, Simo Sorce wrote:
Hello list.
So far we have been using a single database file for all our caches as
well as for the local domain.
Initially I used a single database because I thought we could optimize
some search queries when it came to
Hi,
older versions of libpcre only support the Python naming style,
?Pname, for subpatterns. This patch changes our default pattern and
adds some hints about this.
bye,
Sumit
From d5730a503f6d923c1cc21b27d7693a496e13e054 Mon Sep 17 00:00:00 2001
From: sbose sb...@sles10.site
Date: Wed, 9 Sep
Hi,
I think the LDAP provider should link agains a LDAP library. So far it
only worked, because sssd_be exports all symbols and links against
libldb which links against libldap.
bye,
Sumit
From 911e1f245e00b95621d1d21e43c688e8973ceb12 Mon Sep 17 00:00:00 2001
From: sbose sb...@sles10.site
Date:
On Wed, Sep 09, 2009 at 08:25:19AM -0400, Stephen Gallagher wrote:
On 09/09/2009 07:50 AM, Sumit Bose wrote:
On Tue, Sep 08, 2009 at 08:32:55PM -0400, Stephen Gallagher wrote:
I have refactored nsssrv_cmd.c and created a new patch for the
EntryCacheNoWaitRefreshTimeout.
I have created
to examine whether
the cache is still valid.
Addressing other points from the review inline below.
On 08/17/2009 11:19 AM, Sumit Bose wrote:
On Fri, Aug 14, 2009 at 03:46:54PM -0400, Stephen Gallagher wrote:
This timeout specifies the lifetime of a cache entry before it is
updated out-of-band
On Wed, Sep 09, 2009 at 08:58:54AM -0400, Stephen Gallagher wrote:
On 09/09/2009 08:46 AM, Sumit Bose wrote:
On Tue, Sep 08, 2009 at 08:32:55PM -0400, Stephen Gallagher wrote:
I have refactored nsssrv_cmd.c and created a new patch for the
EntryCacheNoWaitRefreshTimeout.
I have created
On Fri, Sep 11, 2009 at 09:07:01AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2009 06:13 AM, Sumit Bose wrote:
Hi,
with this patch the client sends its PID to sssd. This is at least
needed by the krb5 provider if the client PID should
On Fri, Sep 11, 2009 at 05:46:24PM -0400, Simo Sorce wrote:
On Fri, 2009-09-11 at 17:10 +0200, Sumit Bose wrote:
Most of items are not mandatory at the protocol level. If e.g. the
remote host is not known to the client it is not sent to the server
and
the server complains if he really
On Sat, Sep 12, 2009 at 09:02:34PM -0400, Simo Sorce wrote:
On Sat, 2009-09-12 at 10:11 +0200, Sumit Bose wrote:
On Fri, Sep 11, 2009 at 05:46:24PM -0400, Simo Sorce wrote:
On Fri, 2009-09-11 at 17:10 +0200, Sumit Bose wrote:
Most of items are not mandatory at the protocol level. If e.g
On Mon, Sep 14, 2009 at 08:03:14AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/13/2009 10:38 AM, Simo Sorce wrote:
This patch finally allows us to define the type for basic options.
It uses a union to store different types, and an enum to list the
On Mon, Sep 14, 2009 at 11:30:44AM -0400, Simo Sorce wrote:
On Mon, 2009-09-14 at 07:48 -0400, Stephen Gallagher wrote:
Just a nitpick, but why did you replace sbus_conn_send_reply() in
be_check_online with sbus_get_connection and dbus_connection_send()?
They are functionally identical.
Hi,
this patch adds a timeout handling for the kerberos children. If a child
needs omre then krb5auth_timeout seconds to send a response it is killed
and the baclend is marked offline.
bye,
Sumit
From 4104863d945c66e947f47af6cde9141646bf51ce Mon Sep 17 00:00:00 2001
From: Sumit Bose sb
On Thu, Sep 24, 2009 at 11:56:00AM +0200, Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/23/2009 07:16 PM, Jakub Hrozek wrote:
Introduces a new option --debug-to-files which makes SSSD output its
debug information to a file instead of stderr, which is still the
Hi,
this patch suppresses a compiler warning when KRB5_PLUGIN_DEBUG is not
set, which is the common case.
bye,
Sumit
From bc6076e2cf15cfe63afee133921063a12a611eec Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 24 Sep 2009 14:28:33 +0200
Subject: [PATCH] declare hostip only
On Thu, Sep 24, 2009 at 09:09:04AM -0400, Simo Sorce wrote:
On Thu, 2009-09-24 at 14:39 +0200, Sumit Bose wrote:
Hi,
this patch suppresses a compiler warning when KRB5_PLUGIN_DEBUG is not
set, which is the common case.
Sumit,
would it be possible to use an env variable to control
On Thu, Sep 24, 2009 at 03:21:49PM +0200, Sumit Bose wrote:
On Thu, Sep 24, 2009 at 09:09:04AM -0400, Simo Sorce wrote:
On Thu, 2009-09-24 at 14:39 +0200, Sumit Bose wrote:
Hi,
this patch suppresses a compiler warning when KRB5_PLUGIN_DEBUG is not
set, which is the common case
to problems on systems where
python was compiled without large file support, but I think most will
have it.
bye,
Sumit
From d28d33218bad200da3781921e1a98a095660121a Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 25 Sep 2009 17:12:06 +0200
Subject: [PATCH] add defines for large
On Fri, Sep 25, 2009 at 09:40:49AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/25/2009 09:09 AM, Sumit Bose wrote:
Hi,
this patch to the sssd-krb5 man page should clarify how the krb5
provider will find the right UPN.
This hopefully fixes
Hi,
this patch should make sysdb tests happy again.
bye,
Sumit
From cd13b1e84e8b9f972851e07857d6a547c6077677 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 28 Sep 2009 16:58:31 +0200
Subject: [PATCH] update sysdb tests to new config file version
---
server/tests/sysdb
On Mon, Sep 28, 2009 at 02:50:30PM -0400, Stephen Gallagher wrote:
On 09/28/2009 01:46 PM, Dmitri Pal wrote:
Stephen Gallagher wrote:
On 09/28/2009 09:55 AM, Simo Sorce wrote:
On Mon, 2009-09-28 at 09:38 -0400, Stephen Gallagher wrote:
The SSSD needs a config_from_fd() variant
On Fri, Oct 02, 2009 at 03:20:33PM -0400, Stephen Gallagher wrote:
On 09/28/2009 03:05 PM, Sumit Bose wrote:
On Mon, Sep 28, 2009 at 02:51:11PM -0400, Stephen Gallagher wrote:
On 09/28/2009 01:52 PM, Stephen Gallagher wrote:
On 09/28/2009 12:24 PM, Stephen Gallagher wrote:
On 09/28/2009
: Sumit Bose sb...@redhat.com
Date: Fri, 2 Oct 2009 13:50:20 +0200
Subject: [PATCH 1/3] handle expired password during authentication
---
server/providers/krb5/krb5_child.c | 12 ++--
1 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/server/providers/krb5/krb5_child.c
b
Hi,
this patch is a fix for bug #213. The reason for the bug is a double
free during the call of the sdap timeout handler.
bye,
Sumit
From da74240dd2d521d479327351ef2931aacfa9b3ac Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 5 Oct 2009 09:38:29 +0200
Subject: [PATCH
On Mon, Oct 05, 2009 at 10:45:04AM -0400, Simo Sorce wrote:
On Mon, 2009-10-05 at 14:06 +0200, Sumit Bose wrote:
On Mon, Oct 05, 2009 at 06:48:14AM -0400, Simo Sorce wrote:
On Mon, 2009-10-05 at 10:45 +0200, Sumit Bose wrote:
- currently PAM_AUTHTOK_EXPIRED is returned if the password
of LDAP
attributes indicating an expired password
bye,
Sumit
From 316291baf060097d37579c675e06a9194e42c251 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 7 Oct 2009 18:15:27 +0200
Subject: [PATCH] add support for server side LDAP password policies
- password policy request
Hi,
this patch adds an explanation of the chpass_provider option to the
sssd.conf man page.
bye,
Sumit
From a2aa152c86bb4b470ac2b451aa8f90866f7ec1df Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 8 Oct 2009 09:58:11 +0200
Subject: [PATCH] add description of chpass_provider
On Mon, Oct 12, 2009 at 12:20:37PM +0200, Ralf Haferkamp wrote:
Hi,
since the LDAP provider does calls into the krb5 libs it should also be
linked
against them :). Attached patch should fix that.
--
regards,
Ralf
Obviously correct.
ACK
Thanks.
bye,
Sumit
Hi,
Martin was so nice to point me to a bug introduced by the short read
patch. This patch should fix it.
bye,
Sumit
From 190ac953255966ad49d915f9ce6741543a3fa824 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 12 Oct 2009 12:13:36 +0200
Subject: [PATCH] fix a wrong
On Fri, Oct 09, 2009 at 04:29:42PM -0400, Simo Sorce wrote:
On Fri, 2009-10-09 at 21:02 +0200, Sumit Bose wrote:
Hi,
this one should fix #223. Because sshd runs as root the old password
was
not sent to sssd and changing the user password failed. Please review
carefully.
I guess
to have
matching permissions. A possible solution would be to create the file
with 666 permissions during the setup of the kerberos backend. Any other
ideas?
bye,
Sumit
From b6b92883b333107e743cb6665716a17e6cdee964 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 12 Oct 2009 15:38
On Mon, Oct 12, 2009 at 12:10:43PM -0400, Dmitri Pal wrote:
Simo Sorce wrote:
On Mon, 2009-10-12 at 10:47 -0400, Dmitri Pal wrote:
Just pass the fd to the client, it's simple and doesn't require us to
replicate logic to open/close debug files in the children.
I didn't
On Tue, Oct 13, 2009 at 09:22:51AM -0400, Stephen Gallagher wrote:
On 10/13/2009 08:08 AM, Stephen Gallagher wrote:
On 10/13/2009 06:22 AM, Stephen Gallagher wrote:
Do not push. This patch is incomplete.
On Oct 12, 2009, at 5:27 PM, Simo Sorce sso...@redhat.com wrote:
On Mon,
Hi,
this patch should fix the build issue on RHEL5 where ldap_control_create
is not available. I'm preparing a similar patch for Kerberos.
bye,
Sumit
From 2c8466a3c8d67dac39eb3ed237dd17a364ee6f7f Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 13 Oct 2009 12:11:07 +0200
On Wed, Oct 14, 2009 at 07:45:46PM -0400, Simo Sorce wrote:
On Fri, 2009-10-09 at 21:38 +0200, Sumit Bose wrote:
Hi,
with this patch the LDAP provider check typical attributes which
determines the lifetime of a password. If there is more than one scheme
available the following order
89440744c616396fc56dd4990eb5a5b93284f8c4 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 12 Oct 2009 15:38:29 +0200
Subject: [PATCH] enable debugging of krb5_child
---
server/Makefile.am |2 +
server/providers/krb5/krb5_auth.c | 101
On Thu, Oct 15, 2009 at 12:12:57PM +0200, Sumit Bose wrote:
On Wed, Oct 14, 2009 at 01:33:18PM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/14/2009 07:24 AM, Sumit Bose wrote:
Hi,
if auth_provider is set to a provider which can handle
On Thu, Oct 15, 2009 at 05:26:14PM -0400, Dmitri Pal wrote:
Hi,
Couple questions about async processing.
The communication usually consists of several parts. Imagine that you
have an object that is responsible for some sort of communication
(socket, pipe, file, bus - whatever).
Here are
On Thu, Oct 15, 2009 at 07:10:26PM -0400, Simo Sorce wrote:
This patcheset does the minimal necessary work to separate
initialization from actual providers code for ldap and kerberos and uses
this to introduce a first basic ipa provider skeleton that simply reuses
the ldap and krb5 providers
On Fri, Oct 16, 2009 at 02:47:38PM -0400, Simo Sorce wrote:
On Fri, 2009-10-16 at 11:58 +0200, Sumit Bose wrote:
Hi,
currently the sdap interface is only used by the ID provider and
consequently only offers special search for users and groups. This
patch
adds a generic search, i.e
a look at the sysdb_check_handle_* request, too. I think it
makes the code more readable and helps to reduce code duplications.
bye,
Sumit
From 1615be0ba99dd996a58d43d2e6000edae9cc272b Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 6 Oct 2009 09:17:56 +0200
Subject: [PATCH
On Mon, Oct 19, 2009 at 01:09:54PM -0400, Stephen Gallagher wrote:
0001: Use Python 3-compatible sitearch and sitelib
0002: Better detect installed language files. Previously we were
including the translation files for both the daemon and clients in the
server package. This will separate
On Fri, Oct 16, 2009 at 07:10:36PM -0400, Simo Sorce wrote:
This patch introduces the first set of native ipa options.
At the moment a full configuration still requires specifying krb5
specific options. This will be fixed once Sumit provides a patch for the
krb5 provider that uses the
On Tue, Oct 20, 2009 at 07:46:02PM -0400, Simo Sorce wrote:
On Mon, 2009-10-19 at 16:42 +0200, Sumit Bose wrote:
Hi,
this patch adds a store/search/delete sysdb API for data not related
to
users of groups. The data is stored in cn=custom,cn=domain,cn=sysdb.
The
client must specify
On Thu, Oct 22, 2009 at 12:39:57PM -0400, Simo Sorce wrote:
one liner
--
Simo Sorce * Red Hat, Inc * New York
From 86e1b6c35ed196140f25235a3e1a9610133696fc Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
Date: Thu, 22 Oct 2009 12:33:14 -0400
Subject: [PATCH] Fix setting the
Hi,
with this patch the original DN of a group object is store in sysdb.
This is needed e.g. for IPA HBAC.
bye,
Sumit
From 2466992484ad8d6838471208c5a1c3eb7968eaa5 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 23 Oct 2009 13:54:28 +0200
Subject: [PATCH] store original DN
On Sat, Oct 24, 2009 at 02:07:15PM -0400, Simo Sorce wrote:
Shouldn't require comments.
Simo.
[PATCH] Add IPA conf template, looks ok to me: ACK
[PATCH] Copy option overrides, ACK, but please fix the typo in the patch
description.
Maybe it would be helpful to add a call to dump the current
On Tue, Oct 27, 2009 at 09:23:54AM -0400, Simo Sorce wrote:
On Sat, 2009-10-24 at 14:08 -0400, Simo Sorce wrote:
With this patch we correctly parse groups.
A 2 pass approach for setting members assures even complicated nested
groups do not risk to miss memberships
Rebased on top of Sumit
On Tue, Oct 27, 2009 at 10:27:40AM -0400, Simo Sorce wrote:
On Mon, 2009-10-26 at 17:43 +0100, Sumit Bose wrote:
Hi,
this patch adds a sysdb interface for ASQ (attribute scoped query)
searches. These are useful to limit searches to objects listed in
member/memberof attributes
79149782d1dafc59f91fce3fcb305a2d652ecf7e Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 28 Oct 2009 19:42:06 +0100
Subject: [PATCH] Allow sysdb_search_entry request to return more than one result
---
server/db/sysdb.h |3 +-
server/db/sysdb_ops.c | 90
On Thu, Oct 29, 2009 at 09:15:23AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/28/2009 02:55 PM, Sumit Bose wrote:
Hi,
this patch makes the sysdb_search_entry request more flexible by
enableing it to return more than one result. I have modified
On Wed, Oct 28, 2009 at 05:12:59PM -0400, Simo Sorce wrote:
And other changes, see commit message.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 1b8814820fad2d6e399af0a5f93713312b64d28d Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
Date: Wed, 28 Oct 2009 17:02:45
On Thu, Oct 29, 2009 at 01:39:21PM +0100, Sumit Bose wrote:
Hi,
this patch adds a recursive delete request to the sysdb API. It has the
same interface as sysdb_delete_entry, but does not delete the entry, but
its children.
bye,
Sumit
This is a new version of the patch which tries
On Thu, Oct 29, 2009 at 01:43:06PM -0400, Stephen Gallagher wrote:
Original warnings:
../../../common/dhash/dhash_test.c: In function ‘main’:
../../../common/dhash/dhash_test.c:288: warning: declaration of ‘i’
shadows a previous local
../../../common/dhash/dhash_test.c:115: warning:
On Thu, Oct 29, 2009 at 09:32:34PM +, Simo Sorce wrote:
On Thu, 2009-10-29 at 19:40 +0100, Sumit Bose wrote:
On Thu, Oct 29, 2009 at 01:39:21PM +0100, Sumit Bose wrote:
Hi,
this patch adds a recursive delete request to the sysdb API. It has
the
same interface
On Fri, Oct 30, 2009 at 01:54:19PM -0700, Jeff Schroeder wrote:
I've built this package for Fedora 10 and am testing it out.
http://kojipkgs.fedoraproject.org/packages/sssd/0.7.1/1.fc12/src/sssd-0.7.1-1.fc12.src.rpm
In /var/log/sssd/sssd.log:
[sssd[be[LDAP]]] [load_backend_module] (0):
On Fri, Oct 30, 2009 at 05:42:10PM -0400, Simo Sorce wrote:
On Fri, 2009-10-30 at 12:01 +0100, Sumit Bose wrote:
On Thu, Oct 29, 2009 at 11:26:39PM +0100, Sumit Bose wrote:
On Thu, Oct 29, 2009 at 09:32:34PM +, Simo Sorce wrote:
On Thu, 2009-10-29 at 19:40 +0100, Sumit Bose wrote
On Fri, Oct 30, 2009 at 10:51:13PM +0100, Sumit Bose wrote:
On Fri, Oct 30, 2009 at 05:42:10PM -0400, Simo Sorce wrote:
On Fri, 2009-10-30 at 12:01 +0100, Sumit Bose wrote:
On Thu, Oct 29, 2009 at 11:26:39PM +0100, Sumit Bose wrote:
On Thu, Oct 29, 2009 at 09:32:34PM +, Simo Sorce
Hi,
this patch should fix #251.
bye,
Sumit
From 9ec33e808fe82895473e8350eb2e8c5a78ba1ccb Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 2 Nov 2009 14:32:00 +0100
Subject: [PATCH] Make debug message less irritating.
The 'Unable to load' debug message is now only shown when
Hi,
I find this patch useful. If IPA_HOSTNAME is found to be NULL later on
in the code you can simply assume an error and don't have to call
gethostname again and again.
bye,
Sumit
From d87db5a63e0737cc5da955c6679a410350939419 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed
68d17d27f4f876e2060b93bbeb981a5a97667182 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 4 Nov 2009 12:36:25 +0100
Subject: [PATCH] Add sysdb_attrs_replace_name to sysdb API.
---
server/db/sysdb.c | 32 +++
server/db/sysdb.h |3 ++
server/tests/sysdb
On Wed, Nov 04, 2009 at 12:53:22PM +0100, Sumit Bose wrote:
Hi,
this patch adds the sysdb_attrs_replace_name() call to replace the name
of an attribute with a new one. This is useful if you want to store the
results of an LDAP query in sysdb, but need to replace certain attribute
names, e.g
On Wed, Nov 04, 2009 at 09:25:29AM -0500, Simo Sorce wrote:
On Wed, 2009-11-04 at 15:05 +0100, Sumit Bose wrote:
+if (e != NULL) {
+dummy = talloc_strdup(talloc_parent(e-name), newname);
The parent should be attrs, I would use that and not talloc_parent(),
so even
, it fixes the includes, but
also add substitutions for missing API calls in older version of MIT
Kerberos.
bye,
Sumit
From 31f99c1177d8f18ef44874bcccbedfc6014274e1 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 13 Oct 2009 13:53:32 +0200
Subject: [PATCH] add replacements
On Wed, Nov 04, 2009 at 02:01:44PM -0500, Stephen Gallagher wrote:
We don't need to be allocating an output string here. This was
also causing a runtime bug when the output string contained
characters that would be interpreted by fprintf as specifiers.
--
Stephen Gallagher
RHCE
On Mon, Nov 09, 2009 at 07:52:43AM -0500, Brian J. Murrell wrote:
On Mon, 2009-11-09 at 07:33 -0500, Stephen Gallagher wrote:
Brian, can you open a bug at https://fedorahosted.org
I would but I can't make out the stupid captcha and there is no button
to generate a new one! I really hate
On Mon, Nov 09, 2009 at 08:48:19AM -0500, Brian J. Murrell wrote:
On Mon, 2009-11-09 at 14:34 +0100, Sumit Bose wrote:
Can you send krb5_child.log, too?
Nothing too exciting:
(1257770543) [[sssd[krb5_child[23777 [get_and_save_tgt] (1): 241:
[-1765328191][Credentials cache I/O
On Mon, Nov 09, 2009 at 09:56:24AM -0500, Brian J. Murrell wrote:
On Mon, 2009-11-09 at 15:47 +0100, Sumit Bose wrote:
yes, can you send the log files for the gnome-screensaver case ?
Sure. Nothing new in the krb5_child.log, however, sssd_pam.log:
Does this mean you are still seeing
Hi,
this patch simplifies then child handling of the kerberos provider to
reduce the number of missleading debug messages.
bye,
Sumit
From e40a3c9cf9b8b1b85d5668fa2491e2e6d48c439b Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 10 Nov 2009 11:31:29 +0100
Subject: [PATCH
Hi,
this patch adds a check to evaluate the acces time part of a HBAC rule
to the IPA access target.
bye,
Sumit
From 9a1f95d92fb71312d9709a7bf14787046368b40b Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 10 Nov 2009 13:38:20 +0100
Subject: [PATCH] Add check for access
in the design documents.
bye,
Sumit
From 961a4949a72b53a958d479b18168ca4c63c7eae6 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 10 Nov 2009 16:45:07 +0100
Subject: [PATCH] Add support for host, source host and user category
This patch add support for the host, source host
On Tue, Nov 10, 2009 at 11:36:45PM -0500, Brian J. Murrell wrote:
On Mon, 2009-11-09 at 21:19 +0100, Sumit Bose wrote:
Does this mean you are still seeing [Credentials cache I/O operation
failed XXX] in krb5_child.log?
No. I am seeing nothing new at all in the krb5_child.log when
Hi,
this patch make 'permit' the default for the access target. This means
that access_provider has to be set explicitly if a specific provider
should be used, e.g. access_provider=ipa.
bye,
Sumit
From ee3ff411494c7bae1158b7baef1adc24ebdbe342 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb
On Thu, Nov 12, 2009 at 01:46:39PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/12/2009 06:46 AM, Sumit Bose wrote:
Hi,
this patch add the possibility to validate the credentials obtained from
a Kerberos server with a local keytab. The boolean
: Sumit Bose sb...@redhat.com
Date: Fri, 13 Nov 2009 09:56:32 +0100
Subject: [PATCH] Enhance check for remote hosts
---
server/providers/ipa/ipa_access.c | 144 +++--
server/providers/ipa/ipa_access.h |8 ++
2 files changed, 97 insertions(+), 55 deletions(-)
diff
Hi,
this patch should fix #279 by ignoring the shadow attributes by
default.
bye,
Sumit
From 8bcd2646e948a1f05b279196a4e6f4350aa5d5a9 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 16 Nov 2009 13:56:57 +0100
Subject: [PATCH] Ignore shadow attributes
---
server/man/sssd
On Mon, Nov 16, 2009 at 09:23:17AM -0500, Simo Sorce wrote:
On Mon, 2009-11-16 at 14:06 +0100, Sumit Bose wrote:
Hi,
this patch should fix #279 by ignoring the shadow attributes by
default.
I was thinking about this and I think I don't want to go down this way.
While automatic
On Wed, Nov 18, 2009 at 07:23:09PM -0500, Simo Sorce wrote:
See the commit comment, but, long story short, this is much better
behavior then what we have now.
I would like to read the commit comment, but ...
Simo.
--
Simo Sorce * Red Hat, Inc * New York
On Thu, Nov 19, 2009 at 08:24:42AM -0500, Stephen Gallagher wrote:
Sumit caught a bug in my recent case-sensitivity patch. Here's the
one-line fix.
After completing an upgrade successfully, we were still falling
into the version not found case. We should be exiting the
function after
, because it would introduce a dependency to
other not-committed patches. I thought it might be easier this way.
- integration of the fail-over framework.
bye,
Sumit
From cee867db56fb09b28c33e855f4a853e75075a044 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 19 Nov 2009 17:53:38
On Thu, Nov 19, 2009 at 07:30:32PM -0500, Simo Sorce wrote:
See commit comment.
--
Simo Sorce * Red Hat, Inc * New York
From 49862816e3b7077bc7a002c980901d31aff06269 Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
Date: Thu, 19 Nov 2009 19:28:36 -0500
Subject: [PATCH]
On Tue, Nov 17, 2009 at 08:38:00PM -0500, Simo Sorce wrote:
I've been thinking about optimizing group enumerations for a while as
they were way too slow for my taste.
I did that by relying on the way we store users in the database and by
parsing the member attribute of the groups counting on
On Fri, Nov 20, 2009 at 10:40:29AM +0100, Sumit Bose wrote:
On Wed, Nov 18, 2009 at 12:09:58PM -0500, Simo Sorce wrote:
This way we check them once at storage time instead of checking again
and again at search time.
Applies only on top of the sysdb_enumgrent optimization patch.
Simo
On Mon, Nov 16, 2009 at 05:55:51PM -0500, Simo Sorce wrote:
This patch implements the use of the fail_over code under the control of
the data provider backend code. All providers share the same failover
structure and if they use the same service name, they also share the
same servers lists.
On Thu, Nov 19, 2009 at 02:31:36PM +0100, Sumit Bose wrote:
Hi,
this patch improves the handling of ccache files. It addresses two
issues already discussed on the list.
When randomized ccache file are used (or the client process id is used
in the name of the ccache file) each
1 - 100 of 3319 matches
Mail list logo