Simo Sorce wrote:
>>
>> Please update manpages for ldap_purge_cache timeout, as well as the
>> SSSDConfig API configuration files.
>
> Like for other timeouts I'd like to keep this undocumented for now.
> I added the option for the API configuration file.
What's the scope of this preference? Sh
Hi,
this patch adds a separate IPA authentication target which glues together
Kerberos and LDAP authentication to support IPA password migration.
To test this patch the following two uncommitted patches are needed on
the server side:
- "Allow adding entries with pre-hashed passwords, but don't ge
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 02:20 PM, Simo Sorce wrote:
> Ok, so far we have been sort of cheating as we never removed users once
> added.
>
> In the last few weeks, part of the work I did with various patches was
> in preparation to add this clean-up task in a way
On Mon, Nov 09, 2009 at 09:56:24AM -0500, Brian J. Murrell wrote:
> On Mon, 2009-11-09 at 15:47 +0100, Sumit Bose wrote:
> >
> > yes, can you send the log files for the gnome-screensaver case ?
>
> Sure. Nothing new in the krb5_child.log, however, sssd_pam.log:
Does this mean you are still see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 12:16 PM, Simo Sorce wrote:
> On Mon, 2009-11-09 at 12:14 -0500, Stephen Gallagher wrote:
>> The root cause was that preq->domain was set to NULL, because it
>> couldn't locate a corresponding domain for this user.
>>
>> I have reordered
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 12:16 PM, Stephen Gallagher wrote:
> On 11/09/2009 08:47 AM, Simo Sorce wrote:
>> On Mon, 2009-11-09 at 11:23 +0100, Sumit Bose wrote:
>>> On Sat, Nov 07, 2009 at 08:01:39PM -0500, Simo Sorce wrote:
On Sat, 2009-11-07 at 13:24 -0500,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 11:15 AM, Simo Sorce wrote:
> On Mon, 2009-11-09 at 14:00 +0100, Jakub Hrozek wrote:
>> Tracked as #255
>>
>> Assorted manpage fixes, found by David during his review of
>> documentation.
>>
>> * do not mention the sbus_timeout parameter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 11:14 AM, Simo Sorce wrote:
> On Mon, 2009-11-09 at 13:39 +0100, Jakub Hrozek wrote:
>> Fixes: #261
>
> ack
>
Pushed to master.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value
On Mon, 2009-11-09 at 10:06 -0500, Stephen Gallagher wrote:
>
> Please also attach sssd_KRB5.log. That is more likely to have the
> relevant information.
Not at all I'm afraid.
The last timestamp I have in that file is 1257770543 and the last
timestamp of the gnome-screensaver use that I sent p
On Mon, 2009-11-09 at 12:14 -0500, Stephen Gallagher wrote:
> The root cause was that preq->domain was set to NULL, because it
> couldn't locate a corresponding domain for this user.
>
> I have reordered this conditional such that we first test that we are
> in
> the PAM_SUCCESS case of an SSS_PAM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 08:47 AM, Simo Sorce wrote:
> On Mon, 2009-11-09 at 11:23 +0100, Sumit Bose wrote:
>> On Sat, Nov 07, 2009 at 08:01:39PM -0500, Simo Sorce wrote:
>>> On Sat, 2009-11-07 at 13:24 -0500, Simo Sorce wrote:
Except some rare cases out use
The root cause was that preq->domain was set to NULL, because it
couldn't locate a corresponding domain for this user.
I have reordered this conditional such that we first test that we are in
the PAM_SUCCESS case of an SSS_PAM_AUTHENTICATE call. In this situation,
preq->domain is guaranteed to be
On Mon, 2009-11-09 at 14:00 +0100, Jakub Hrozek wrote:
> Tracked as #255
>
> Assorted manpage fixes, found by David during his review of
> documentation.
>
> * do not mention the sbus_timeout parameter at all
> * document the config_file_version parameter
> * different wording for negative cache
On Mon, 2009-11-09 at 13:39 +0100, Jakub Hrozek wrote:
> Fixes: #261
ack
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 07:53 AM, Stephen Gallagher wrote:
> On 11/09/2009 07:36 AM, Stephen Gallagher wrote:
>> On 11/09/2009 05:11 AM, Sumit Bose wrote:
>>> On Sun, Nov 08, 2009 at 01:19:35AM -0500, Simo Sorce wrote:
Save all entries, not just the first o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 07:36 AM, Sumit Bose wrote:
> On Mon, Nov 09, 2009 at 01:20:28PM +0100, Jakub Hrozek wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On 11/09/2009 12:29 PM, Sumit Bose wrote:
> [PATCH 2/2] IPA time rules parsing routi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 07:23 AM, Martin Nagy wrote:
> On Sat, 2009-11-07 at 13:22 -0500, Simo Sorce wrote:
>> On Sat, 2009-11-07 at 09:47 +0100, Martin Nagy wrote:
>>> Simo Sorce wrote:
if (tevent_req_is_error(req, &tstate, &err)) {
-retu
On Mon, 2009-11-09 at 09:41 -0500, Brian J. Murrell wrote:
> On Mon, 2009-11-09 at 08:59 -0500, Simo Sorce wrote:
> >
> > If someone opens a bug for that, yes :-)
>
> Done. https://fedorahosted.org/sssd/ticket/266
>
> > However keep in mind that I don't care much for what pam_unix does in
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 09:56 AM, Brian J. Murrell wrote:
> On Mon, 2009-11-09 at 15:47 +0100, Sumit Bose wrote:
>>
>> yes, can you send the log files for the gnome-screensaver case ?
>
> Sure. Nothing new in the krb5_child.log, however, sssd_pam.log:
>
> (1
On Mon, 2009-11-09 at 15:47 +0100, Sumit Bose wrote:
>
> yes, can you send the log files for the gnome-screensaver case ?
Sure. Nothing new in the krb5_child.log, however, sssd_pam.log:
(1257778320) [sssd[pam]] [accept_fd_handler] (4): Client connected!
(1257778320) [sssd[pam]] [sss_cmd_get_ve
On Mon, Nov 09, 2009 at 09:29:44AM -0500, Brian J. Murrell wrote:
> On Mon, 2009-11-09 at 15:13 +0100, Sumit Bose wrote:
> >
> > This error indicates a short write.
>
> Ahhh. Now that is meaningful to me. :-)
>
> > Can you check if a ccache file is
> > create at all and if yes check the conte
On Mon, 2009-11-09 at 08:59 -0500, Simo Sorce wrote:
>
> If someone opens a bug for that, yes :-)
Done. https://fedorahosted.org/sssd/ticket/266
> However keep in mind that I don't care much for what pam_unix does in
> any pam target,
That's fair enough, but you have to respect what other pam
On Mon, 2009-11-09 at 15:13 +0100, Sumit Bose wrote:
>
> This error indicates a short write.
Ahhh. Now that is meaningful to me. :-)
> Can you check if a ccache file is
> create at all and if yes check the content with klist?
I didn't realize it was the ccache it was complaining about and I
On Mon, 2009-11-09 at 07:58 -0500, Stephen Gallagher wrote:
> Hmm, this looks incorrect here. Why are we getting "child status[0]"
> and
> then "no child with pid [23777]"
>
> Sumit, do you have any ideas here?
I think that we have concurrent functions using waitpid() for children.
one in sig_cld
On Mon, Nov 09, 2009 at 08:48:19AM -0500, Brian J. Murrell wrote:
> On Mon, 2009-11-09 at 14:34 +0100, Sumit Bose wrote:
> >
> > Can you send krb5_child.log, too?
>
> Nothing too exciting:
>
> (1257770543) [[sssd[krb5_child[23777 [get_and_save_tgt] (1): 241:
> [-1765328191][Credentials cac
On Mon, 2009-11-09 at 08:21 -0500, Brian J. Murrell wrote:
> On Mon, 2009-11-09 at 08:05 -0500, Stephen Gallagher wrote:
> >
> > Sorry Brian, we discussed this off-list in #freeipa the other day.
> > Transcript included here for posterity.
>
> OK...
>
> > ===
On Mon, 2009-11-09 at 14:34 +0100, Sumit Bose wrote:
>
> Can you send krb5_child.log, too?
Nothing too exciting:
(1257770543) [[sssd[krb5_child[23777 [get_and_save_tgt] (1): 241:
[-1765328191][Credentials cache I/O operation failed XXX]
(1257770543) [[sssd[krb5_child[23777 [tgt_req_chi
On Mon, 2009-11-09 at 11:23 +0100, Sumit Bose wrote:
> On Sat, Nov 07, 2009 at 08:01:39PM -0500, Simo Sorce wrote:
> > On Sat, 2009-11-07 at 13:24 -0500, Simo Sorce wrote:
> > > Except some rare cases out use of tevent_req_is_error() was dangerous.
> > > Almost everywhere where we used it it was pr
The files tests are broken and don't compile, attached patch fixes that.
Martin
>From a37cbc89a167eaf0f8cd5d5e6845f5fe9e3109e3 Mon Sep 17 00:00:00 2001
From: Martin Nagy
Date: Fri, 6 Nov 2009 17:48:37 +0100
Subject: [PATCH] Add missing include file to files-tests.c
---
server/tests/files-tests.
On Thu, 2009-11-05 at 15:53 -0500, Simo Sorce wrote:
> On Wed, 2009-11-04 at 18:32 +0100, Martin Nagy wrote:
> > On Mon, 2009-11-02 at 16:02 -0500, Simo Sorce wrote:
> > > On Fri, 2009-10-30 at 14:07 +0100, Martin Nagy wrote:
> > > > Hi,
> > > > attached are patches needed for the fail over functio
On Fri, 2009-11-06 at 08:12 -0500, Simo Sorce wrote:
> On Fri, 2009-11-06 at 13:37 +0100, Martin Nagy wrote:
> > Simple one-liner.
>
> Nack, just remove the else free completely.
> It will be freed anyway as soon as you return from the function in 99%
> of the cases as the first thing after the _r
Simple one-liner.
Martin
>From ad04b74a8e9c60392cda5859e97b151eaeabbad6 Mon Sep 17 00:00:00 2001
From: Martin Nagy
Date: Wed, 4 Nov 2009 18:19:31 +0100
Subject: [PATCH] Fix a bad free in async_resolv.c
---
server/resolv/async_resolv.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
On Mon, Nov 09, 2009 at 07:52:43AM -0500, Brian J. Murrell wrote:
> On Mon, 2009-11-09 at 07:33 -0500, Stephen Gallagher wrote:
> > Brian, can you open a bug at https://fedorahosted.org
>
> I would but I can't make out the stupid captcha and there is no button
> to generate a new one! I really h
On Mon, 2009-11-09 at 07:58 -0500, Stephen Gallagher wrote:
>
> If you create an account at https://admin.fedoraproject.org/accounts you
> will not be required to validate the captcha.
That's what site (including the https) I am at. Anyway, I seem to have
found one I could actually read.
> Bri
On Mon, 2009-11-09 at 08:05 -0500, Stephen Gallagher wrote:
>
> Sorry Brian, we discussed this off-list in #freeipa the other day.
> Transcript included here for posterity.
OK...
> ==
> 07:51:45 AM) sgallagh: sbose: Unrelated:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 07:20 AM, Stephen Gallagher wrote:
> On 11/09/2009 03:33 AM, Ville Salmela wrote:
>> Hi,
>
>
>
>> I spoke in irc about building sssd on rhel5.
>
>
>
>> There is a different behavior in building the git and tar.gz release. In
>> git
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 07:55 AM, Brian J. Murrell wrote:
> On Thu, 2009-11-05 at 16:27 -0500, Brian J. Murrell wrote:
>>
>
> I didn't see any response to the following. As far as I can see and
> have explained this is still a problem. If you disagree, pleas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tracked as #255
Assorted manpage fixes, found by David during his review of documentation.
* do not mention the sbus_timeout parameter at all
* document the config_file_version parameter
* different wording for negative cache
Jakub
-BEGI
On Thu, 2009-11-05 at 16:27 -0500, Brian J. Murrell wrote:
>
I didn't see any response to the following. As far as I can see and
have explained this is still a problem. If you disagree, please present
your argument so that I can take it back to the pam_unix folks for their
consideration. But
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 07:52 AM, Brian J. Murrell wrote:
> On Mon, 2009-11-09 at 07:33 -0500, Stephen Gallagher wrote:
>> Brian, can you open a bug at https://fedorahosted.org
>
> I would but I can't make out the stupid captcha and there is no button
> to gen
On Mon, 2009-11-09 at 07:33 -0500, Stephen Gallagher wrote:
> Brian, can you open a bug at https://fedorahosted.org
I would but I can't make out the stupid captcha and there is no button
to generate a new one! I really hate captchas you know. They are
getting to the point where nobody can read
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 07:36 AM, Stephen Gallagher wrote:
> On 11/09/2009 05:11 AM, Sumit Bose wrote:
>> On Sun, Nov 08, 2009 at 01:19:35AM -0500, Simo Sorce wrote:
>>> Save all entries, not just the first one.
>>>
>>> Simo.
>>>
>
>> ACK
>
>> bye,
>> Sumit
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Fixes: #261
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkr4DYkACgkQHsardTLnvCXsowCfT+Y397TDtbHi/URDiQ9QGTJp
YFMAnjM94R+flCjOxwmjJAw4snG7U4FO
=inC1
-END
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 05:11 AM, Sumit Bose wrote:
> On Sun, Nov 08, 2009 at 01:19:35AM -0500, Simo Sorce wrote:
>> Save all entries, not just the first one.
>>
>> Simo.
>>
>
> ACK
>
> bye,
> Sumit
> ___
> sssd-deve
On Mon, Nov 09, 2009 at 01:20:28PM +0100, Jakub Hrozek wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 11/09/2009 12:29 PM, Sumit Bose wrote:
> >>> [PATCH 2/2] IPA time rules parsing routines
> >>> > > Adds an interface for parsing the time rules used in HBAC and
> >>> > > associa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 01:30 AM, David O'Brien wrote:
> David O'Brien wrote:
>> I've been playing around with having domains and services configured and
>> not, just to see how sssd behaves. What does this mean? Is it indicative
>> of something specific that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/08/2009 09:31 PM, Brian J. Murrell wrote:
> On Sat, 2009-11-07 at 20:02 -0500, Simo Sorce wrote:
>>
>> It should work, any chance you can check if this fails to work with
>> master as well ?
>
> Master fails in a completely different way:
>
>
On Sat, 2009-11-07 at 13:22 -0500, Simo Sorce wrote:
> On Sat, 2009-11-07 at 09:47 +0100, Martin Nagy wrote:
> > Simo Sorce wrote:
> > > if (tevent_req_is_error(req, &tstate, &err)) {
> > > -return -1;
> > > +if (err) return err;
> > > +return EIO;
> > > }
> >
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2009 03:33 AM, Ville Salmela wrote:
> Hi,
>
>
>
> I spoke in irc about building sssd on rhel5.
>
>
>
> There is a different behavior in building the git and tar.gz release. In
> git I can do autoreconf and in tar.gz I cannot. So buildi
On Mon, Nov 09, 2009 at 11:32:20AM +0100, Jakub Hrozek wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 11/04/2009 02:12 PM, Jakub Hrozek wrote:
> >
> > [PATCH 1/2] Add missing include
> > When compiling the IPA time rules with just minimal _SOURCES (see
> > Makefile.am changes in
On Sat, Nov 07, 2009 at 08:01:39PM -0500, Simo Sorce wrote:
> On Sat, 2009-11-07 at 13:24 -0500, Simo Sorce wrote:
> > Except some rare cases out use of tevent_req_is_error() was dangerous.
> > Almost everywhere where we used it it was probably ok, but given the
> > semantics of that function I thi
On Sun, Nov 08, 2009 at 01:19:35AM -0500, Simo Sorce wrote:
> Save all entries, not just the first one.
>
> Simo.
>
ACK
bye,
Sumit
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
52 matches
Mail list logo
