course, a unified libkrb5 API would be really nice.
My personal comments were going in this direction, however I do not
have a strong preference and if there is consistent investment that we
want to preserve I won't complain.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
_
On Fri, 2020-02-21 at 11:28 +0100, Sumit Bose wrote:
> On Thu, Feb 20, 2020 at 12:27:23PM -0500, Simo Sorce wrote:
> > On Thu, 2020-02-20 at 11:18 +0100, Pavel Březina wrote:
> > > Hi devs,
> > >
> > > I'm thinking about ways to implement SSSD KCM notificat
On Fri, 2020-02-21 at 11:22 +0100, Pavel Březina wrote:
> On 2/20/20 6:27 PM, Simo Sorce wrote:
> > On Thu, 2020-02-20 at 11:18 +0100, Pavel Březina wrote:
> > > Hi devs,
> > >
> > > I'm thinking about ways to implement SSSD KCM notification that
> >
int, I still dislike actively broadcasting around I
wonder if it is possible to just reconnect to the system bus and learn
who is listening and just target those listeners as appropriate.
Is the system bus stateful? Do clients have to reconnect whenever a
daemon restarts?
> Thanks,
>
LGTM,
great work guys.
Simo.
On Mon, 2018-08-13 at 15:20 +0200, Jakub Hrozek wrote:
> Hi,
>
> we’re about to release 2.0. Here are my draft release notes:
>
> SSSD 2.0.0
> ===
>
>
> Highlights
> --
> This release removes or deprecates functionality from SSSD, therefore the
On Mon, 2018-05-21 at 11:52 +0200, Pavel Březina wrote:
> On 05/18/2018 09:50 PM, Simo Sorce wrote:
> > On Fri, 2018-05-18 at 16:11 +0200, Sumit Bose wrote:
> > > On Fri, May 18, 2018 at 02:33:32PM +0200, Pavel Březina wrote:
> > > > Hi folks,
> > > > I
On Mon, 2018-05-21 at 10:38 +0200, Jakub Hrozek wrote:
> > On 18 May 2018, at 21:50, Simo Sorce <s...@redhat.com> wrote:
> >
> > Sorry Pavel,
> > but I need to ask, why a new bus instead of somthing like varlink ?
>
> Do you think there is an advantage with va
gt; > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> > https://lists.fedoraproject.org/archives/list/sssd-devel@lists.fedorahosted.org/message/Z7ZSIEX7QAAZAUGCVNLTYDAYEUHOQHY6/
>
> ___
Bus
> protocol, so the same trust limitations apply)
bus1 was also a kernel implementation, but that one also did not pan
out ...
Simo.
--
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc
___
sssd-devel mailing list -- sssd-devel@lists.f
On Tue, 2018-03-20 at 20:36 +0100, Jakub Hrozek wrote:
> > On 20 Mar 2018, at 13:51, Simo Sorce <s...@redhat.com> wrote:
> >
> > On Tue, 2018-03-20 at 12:54 +0100, Jakub Hrozek wrote:
> > > Let me bump this thread..see some ideas inline.
>
> Thank you fo
On Tue, 2018-03-20 at 12:54 +0100, Jakub Hrozek wrote:
> Let me bump this thread..see some ideas inline.
>
> > On 13 Mar 2018, at 14:07, Jakub Hrozek <jhro...@redhat.com> wrote:
> >
> >
> >
> > > On 13 Mar 2018, at 13:42, Simo Sorce <s...@re
at simple text based HTTP Requests and Replies.
It requires to dump or sniff the communication between kcm and secrets,
but I did not think it was too hard to do ?
If debuggability is the only issue have you thought about adding an
option to dump all requests and replies from both the kcm fron
er.
>
> Is there any other suggestion? Whatever comes out of this discussion will
> be used to update the feature's design page accordingly.
Change euid to that of the user during operations, leave the
permissions strict ?
Simo.
--
Simo Sorce
Sr. Principal Software Engineer
Red Hat, I
On Thu, 2017-11-02 at 14:53 +0200, Alexander Bokovoy wrote:
> On to, 02 marras 2017, Simo Sorce wrote:
> > On Thu, 2017-11-02 at 13:14 +0100, Sumit Bose wrote:
> > > On Fri, Oct 27, 2017 at 08:43:28AM -0400, Simo Sorce wrote:
> > > > On Thu, 2017-10-26 at
On Thu, 2017-11-02 at 13:14 +0100, Sumit Bose wrote:
> On Fri, Oct 27, 2017 at 08:43:28AM -0400, Simo Sorce wrote:
> > On Thu, 2017-10-26 at 22:14 +0200, Sumit Bose wrote:
> > > On Thu, Oct 26, 2017 at 02:43:29PM -0400, Simo Sorce wrote:
> > > > On Thu, 2017-10-2
On Thu, 2017-10-26 at 22:14 +0200, Sumit Bose wrote:
> On Thu, Oct 26, 2017 at 02:43:29PM -0400, Simo Sorce wrote:
> > On Thu, 2017-10-26 at 12:16 +0200, Jakub Hrozek wrote:
> > > On Wed, Oct 25, 2017 at 05:39:21PM +0200, Sumit Bose wrote:
> > > > Hi,
> > >
nd what is the point of nss_truste_users why a force
reload is a privileged operation ?
I guess DNLSGTM ?
Simo.
--
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
On Thu, 2017-09-21 at 17:56 +0200, Sumit Bose wrote:
> On Thu, Sep 21, 2017 at 11:23:20AM -0400, Simo Sorce wrote:
> > On Thu, 2017-09-21 at 16:52 +0200, Lukas Slebodnik wrote:
> > > Here you are.
> > > local master: kvm-02-guest11.testrelm.test
> > > rep
ubconf/krb5.include.d/
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_realm = TESTRELM.TEST
> dns_lookup_realm = false
> dns_lookup_kdc = true
This ^^^^
On Wed, 2017-05-31 at 10:59 +0200, Jakub Hrozek wrote:
> On Wed, May 31, 2017 at 10:31:38AM +0200, Lukas Slebodnik wrote:
> > ehlo,
> >
> > I had a discussion with QEs and realized that sssd need to be
> > restarted
> > if default_ccache_name is changed in krb5 configuration files.
> >
> > The
th the implementation.
It looks really nice with the docs formatting/font/style :-)
.. and the content LGTM too.
Simo.
--
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
On Mon, 2017-03-06 at 14:49 +0100, Jakub Hrozek wrote:
> [sssd]
> > domains = appdomain.test, posixdomain.test
> > services = ifp, pam, nss
> >
> > [pam]
> > application_services = sss_test
> >
> > [ifp]
> >
On Wed, 2017-03-08 at 11:39 +0100, Jakub Hrozek wrote:
> On Wed, Mar 08, 2017 at 10:45:32AM +0100, Pavel Březina wrote:
> > On 03/07/2017 03:11 PM, Jakub Hrozek wrote:
> > > On Tue, Mar 07, 2017 at 02:31:27PM +0100, Pavel Březina wrote:
> > > > On 03/07/2017 01:33 PM, Jakub Hrozek wrote:
> > > > >
> > Okay, we have to change it and here is where I need your help!
> >
> > The simplest solution would be to disable socket activation for NSS
> > responder. Socket activation is supposed to be used for responders that are
> > seldom used.
>
> I also wonder if this wa
On Thu, 2016-12-01 at 15:22 +0100, Pavel Březina wrote:
> On 12/01/2016 02:56 PM, Simo Sorce wrote:
> > On Thu, 2016-12-01 at 14:44 +0100, Pavel Březina wrote:
> >> On 11/24/2016 02:33 PM, Fabiano Fidêncio wrote:
> >>> The design page is done [0] and it's based on th
tly disable some responders if the don't want to used them.
>
> I have to double check a few things here but, AFAIU, just having the
> socket disabled (systemctl disable sssd-@responder@.socket) should be
> enough.
I guess I misunderstood what ou mean
com/SSSD/sssd/pull/84
>
> I think we should also provide 'disabled_services' option, to give
> admins a way to explicitly disable some responders if the don't want to
> used them.
How would this work ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
they have to run their own copy
> internal
> to the container? Would we bind-mount the /var/run/.heim_org.h5l.kcm-socket
> and
> then work some namespacing magic in the host?
Deployment specific, I can see either way as an option depending on what
you are doing.
> You call out in the introduction that this will help address container
> use-cases, but then don't describe that implementation. This seems like an
> important piece of the puzzle that should be added to the page (or made more
> clear, since if it's in there, I can't spot it).
What would you want to call out exactly ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
n dynamically) but do not alter the modifyTimestamp.
In general operational attributes can behave that way.
> I think the time would be better spend e.g. on
> https://fedorahosted.org/sssd/ticket/3211 "Refactor the
> sdap_async_groups.c module" and m
microsoft.com/en-us/library/bb905527.aspx
NOTE: Please look at the small paragraph named "Smart card logon across
forests", we definitely want to think about this problem as well from
the get-go and not try to retrofit something later on.
HTH,
Simo.
--
On Wed, 2016-10-12 at 10:52 +0200, Pavel Březina wrote:
> On 10/11/2016 03:26 PM, Simo Sorce wrote:
> > On Mon, 2016-10-10 at 14:04 +0200, Pavel Březina wrote:
> >> On 10/10/2016 10:09 AM, Fabiano Fidêncio wrote:
> >>> Victor,
> >>>
> >&
hange from
> > >> libnl messages or from resolv.conf being touched?
> >
> > I didn't dig much into it yet (I just checked tevent to confirm it uses
> > gettimeofday()), so I'll take this as my next step.
>
> btw the samba-technical mailing list is the b
This patch fix the issue only in watchdog which would result in
> terminating sssd otherwise. Fixing it across whole sssd would be
> difficult. The fix should go to tevent.
It also seem to fix the issue only if the time jumps backwards, not if
it jumps forward, in that ca
ceable. How feasible would it be to use a
> monotonic clock for this kind of timed events?
We should use a monotonic clock for most internal events.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
policy that actually controls how merging
is done.
CCing Günther who has worked around GPO processing a few years ago.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedora
ach user login.
What do you think ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
On Thu, 2016-08-25 at 14:24 +0300, Nikolai Kondrashov wrote:
> Hi Simo,
>
> Thanks for looking at the patches and for the feedback!
> I'm replying below.
>
> On 08/24/2016 11:24 PM, Simo Sorce wrote:
> > On Tue, 2016-08-23 at 17:24 +0300, Nikolai Kondrashov
should check if session
recording apply to this user and write an attribute in the user entry.
On getpwnam/uid/ent calls you would look for those calls and replace the
shell entry accordingly.
Unless there is some very good reason to do it always at query time this
is, I am afraid, a nack on
On Fri, 2016-08-19 at 17:23 +0200, Lukas Slebodnik wrote:
> On (19/08/16 09:38), Simo Sorce wrote:
> >On Fri, 2016-08-19 at 11:20 +0200, Lukas Slebodnik wrote:
> >> On (19/08/16 10:41), Jakub Hrozek wrote:
> >> >On Fri, Aug 19, 2016 at 10:39:27AM +0200, Lukas Slebodn
ld it be possible to sent patches in mail?
> >> samba does it. It would be a hint for me wheter it worth
> >> to review a patch in web interface.
> >
> >It's possible, but not implemented. I would like to send a separate mail
> >about the proposed workflow anyway.
> Th
On Mon, 2016-08-15 at 16:05 +0200, Jakub Hrozek wrote:
> On Mon, Aug 15, 2016 at 04:01:13PM +0200, Jakub Hrozek wrote:
> > Hi,
> >
> > attached are three small but important patches related to sssd-secrets.
> > The context is that I started to write tests and manpage for
> > sssd-secrets and
know the
> difference between the two, can we fallback to the non-strict?
If it not too hard to detect if strict is present I would try to use it
and fallback to not strict only of not available.
Strict *seems* a safer option.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
__
On Mon, 2016-06-20 at 11:04 +0200, Lukas Slebodnik wrote:
> On (19/06/16 15:27), Simo Sorce wrote:
> >As the commit message says, nothing more.
> >Isn't it right to wait for 6 seconds as the timeout says ?
> >Can you add debug to see what errno is returned (if any) ?
>
; (0x1000): Server resolution failed: [5]: Input/output error
> (Sat Jun 18 12:04:34 2016) [sssd[be[LDAP]]] [sdap_id_op_connect_done]
> (0x0020): Failed to connect, going offline (5 [Input/output error])
>
> If you did not have a special reason for this change then
> I would appreciate if we could change it back.
>
> Two patches attached.
>
> LS
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
On Wed, 2016-04-20 at 09:59 +0200, Jakub Hrozek wrote:
> On Tue, Apr 05, 2016 at 02:54:10PM -0400, Simo Sorce wrote:
> > On Tue, 2016-04-05 at 12:57 -0400, Simo Sorce wrote:
> > > Thanks, IIRC the int-instead of enum use is intentional, I will look
> > > at the others.
On Wed, 2016-04-20 at 19:58 +0200, Lukas Slebodnik wrote:
> On (20/04/16 17:21), Jakub Hrozek wrote:
> >On Wed, Apr 20, 2016 at 09:59:19AM -0400, Simo Sorce wrote:
> >> On Wed, 2016-04-20 at 14:16 +0200, Jakub Hrozek wrote:
> >> > On Tue, Apr 05, 2016 at 02:5
On Wed, 2016-04-20 at 17:18 +0200, Jakub Hrozek wrote:
> On Wed, Apr 20, 2016 at 09:43:05AM -0400, Simo Sorce wrote:
> > On Wed, 2016-04-20 at 11:12 +0200, Jakub Hrozek wrote:
> > > On Wed, Apr 20, 2016 at 10:32:59AM +0200, Jakub Hrozek wrote
On Wed, 2016-04-20 at 14:16 +0200, Jakub Hrozek wrote:
> On Tue, Apr 05, 2016 at 02:54:10PM -0400, Simo Sorce wrote:
> > On Tue, 2016-04-05 at 12:57 -0400, Simo Sorce wrote:
> > > Thanks, IIRC the int-instead of enum use is intentional, I will look
> > > at the others.
On Wed, 2016-04-20 at 11:55 +0200, Jakub Hrozek wrote:
> On Tue, Apr 05, 2016 at 02:54:10PM -0400, Simo Sorce wrote:
> > On Tue, 2016-04-05 at 12:57 -0400, Simo Sorce wrote:
> > > Thanks, IIRC the int-instead of enum use is intentional, I will look
> > > at the others.
On Wed, 2016-04-20 at 11:12 +0200, Jakub Hrozek wrote:
> On Wed, Apr 20, 2016 at 10:32:59AM +0200, Jakub Hrozek wrote:
> > > > From 0dff46755af6063ed4b0339020ae5bb686692de1 Mon Sep 17 00:00:00 2001
> > > > From: Simo Sorce <s...@redhat.com>
> > &g
On Tue, 2016-04-05 at 14:54 -0400, Simo Sorce wrote:
> On Tue, 2016-04-05 at 12:57 -0400, Simo Sorce wrote:
> > Thanks, IIRC the int-instead of enum use is intentional, I will look
> > at the others.
>
> The last coverity/clang thing is a false positive, but I initialized
&
On Fri, 2016-04-01 at 13:05 +0200, Lukas Slebodnik wrote:
> On (30/03/16 12:31), Simo Sorce wrote:
> >This patchset implements a new responder like service in SSSD called
> >secrets. It uses the Custodia project API to offer a service where
> >applications/users can s
and harmonized into one.
If not a comment should be put in the code explaining why we have 2
(potentially) different pid file names.
Hints, on which way is right ?
Should we open a ticket on this ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel
;
> Good question. I was not thinking about this. We
> could change the config API to actually write to its
> own snippet that will be always applied last.
>
> OTOH some admins may want to really override whatever
> other applications may set up using python config API.
>
> If we
rrent behaviour
> > in sssd.conf.
>
> So should we rely on alphabetical order? I personally
> think it will add a little chaos to the configuration
> but maybe not.
>
> If we decide to rely on alphabetical order it may
> be nice to have a tool that will print the actual
n does this problem happen ?
> > c) Is it enough to do it only for initgroups?
>
> Hmm, not sure, by convention initgroups is the most frequent example
> (maybe there will be some users of the new libc merge feature), but at
> the same time special-casing initgroups doesn't gain much..
>
>
On Thu, 2016-03-10 at 21:04 -0500, Simo Sorce wrote:
> The attached patch fixes #2973,
> it's pretty straightforward.
Same patch but fixed the typos in the commit message.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 93a636ca1283ca9b2bfbda55684eec43afff5c06 Mon Sep 17 00:00:00 200
The attached patch fixes #2973,
it's pretty straightforward.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 8cfba566ecddfc59e9c07236d28c5cdc62a316cd Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Thu, 10 Mar 2016 20:52:43 -0500
Subject: [PATCH] Responders: Fix
On Tue, 2016-03-08 at 17:48 +0100, Jakub Hrozek wrote:
> On Tue, Mar 08, 2016 at 10:18:46AM -0500, Simo Sorce wrote:
> > Fixing everything else commented before.
> >
> > On Sat, 2016-03-05 at 15:31 +0100, Jakub Hrozek wrote:
> > > And this is the question. The new
d patches attacched.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 9b8fd65b6eb242936a5d0734eb05e3c09d3268a5 Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Wed, 2 Mar 2016 14:33:38 -0500
Subject: [PATCH 1/3] Util: Move socket setup in a common utility file
Other comp
On Mon, 2016-03-07 at 18:40 +0100, Lukas Slebodnik wrote:
> On (07/03/16 11:29), Simo Sorce wrote:
> >On Mon, 2016-03-07 at 16:58 +0100, Lukas Slebodnik wrote:
> >> On (04/03/16 16:42), Simo Sorce wrote:
> >> >On Fri, 2016-03-04 at 21:27 +0100, Lukas Slebodnik wro
On Mon, 2016-03-07 at 16:58 +0100, Lukas Slebodnik wrote:
> On (04/03/16 16:42), Simo Sorce wrote:
> >On Fri, 2016-03-04 at 21:27 +0100, Lukas Slebodnik wrote:
> >> On (02/03/16 10:02), Simo Sorce wrote:
> >> >On Wed, 2016-03-02 at 15:34 +0100, Lukas Slebodnik wro
On Fri, 2016-03-04 at 21:27 +0100, Lukas Slebodnik wrote:
> On (02/03/16 10:02), Simo Sorce wrote:
> >On Wed, 2016-03-02 at 15:34 +0100, Lukas Slebodnik wrote:
> >> On (01/03/16 18:28), Simo Sorce wrote:
> >> >On Tue, 2016-03-01 at 18:22 -0500, Simo Sorce wrote:
>
See ticket #2968.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From dcaae5431617312b69d175274c8b29c430ec6b04 Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Wed, 2 Mar 2016 14:33:38 -0500
Subject: [PATCH 1/3] Util: Move socket setup in a common utility file
Other comp
On Wed, 2016-03-02 at 15:34 +0100, Lukas Slebodnik wrote:
> On (01/03/16 18:28), Simo Sorce wrote:
> >On Tue, 2016-03-01 at 18:22 -0500, Simo Sorce wrote:
> >> On Tue, 2016-03-01 at 22:34 +0100, Lukas Slebodnik wrote:
> >> > On (01/03/16 12:05), Simo Sorce wrote:
&g
On Tue, 2016-03-01 at 18:22 -0500, Simo Sorce wrote:
> On Tue, 2016-03-01 at 22:34 +0100, Lukas Slebodnik wrote:
> > On (01/03/16 12:05), Simo Sorce wrote:
> > >On Tue, 2016-03-01 at 17:51 +0100, Lukas Slebodnik wrote:
> > >> On (01/03/16 17:45), Lukas Slebodnik wro
On Tue, 2016-03-01 at 22:34 +0100, Lukas Slebodnik wrote:
> On (01/03/16 12:05), Simo Sorce wrote:
> >On Tue, 2016-03-01 at 17:51 +0100, Lukas Slebodnik wrote:
> >> On (01/03/16 17:45), Lukas Slebodnik wrote:
> >> >On (31/01/16 11:53), Simo Sorce wro
On Tue, 2016-03-01 at 17:51 +0100, Lukas Slebodnik wrote:
> On (01/03/16 17:45), Lukas Slebodnik wrote:
> >On (31/01/16 11:53), Simo Sorce wrote:
> >>Expired != Disabled
> >>this change is intentional.
> >>
> >Yes, but explain it to Active directory :-
On Thu, 2016-01-28 at 11:24 +0100, Lukas Slebodnik wrote:
> On (27/01/16 16:30), Nikolai Kondrashov wrote:
> > On 01/27/2016 04:17 PM, Lukas Slebodnik wrote:
> > > You mention many options which could be possibly passed to tlog.
> > > e.g.
> > > TLOG_REC_CONF='{
> > > "shell":
Expired != Disabled
this change is intentional.
Simo.
- Original Message -
> From: "Lukas Slebodnik" <lsleb...@redhat.com>
> To: "Development of the System Security Services Daemon"
> <sssd-devel@lists.fedorahosted.org>
> Cc: "Simo So
On Wed, 2016-01-20 at 16:38 +0100, Lukas Slebodnik wrote:
> On (19/01/16 15:38), Simo Sorce wrote:
> >On Tue, 2016-01-19 at 10:34 -0500, Simo Sorce wrote:
> >> On Tue, 2016-01-19 at 11:23 +0100, Lukas Slebodnik wrote:
> >> [...]
> >> > >+#endif /* __SSSD_U
On Sat, 2016-01-16 at 12:33 +0100, Lukas Slebodnik wrote:
> On (15/01/16 16:09), Simo Sorce wrote:
> >On Fri, 2016-01-15 at 12:44 +0100, Lukas Slebodnik wrote:
> >> On (15/01/16 12:03), Pavel Březina wrote:
> >> >On 01/12/2016 10:15 AM, Lukas Slebodnik wrote:
> &
On Tue, 2016-01-19 at 10:34 -0500, Simo Sorce wrote:
> On Tue, 2016-01-19 at 11:23 +0100, Lukas Slebodnik wrote:
> [...]
> > >+#endif /* __SSSD_UTIL_SELINUX_H__ */
> > BTW will we need this header file if we make
> > struct cli_creds opaque?
>
> Replying
On Tue, 2016-01-19 at 20:20 +0100, Lukas Slebodnik wrote:
> On (19/01/16 11:30), Simo Sorce wrote:
> >On Tue, 2016-01-19 at 17:06 +0100, Lukas Slebodnik wrote:
> >> On (19/01/16 16:47), Michal Židek wrote:
> >> >On 01/19/2016 04:28 PM, Simo Sorce wrote:
> >&
On Tue, 2016-01-19 at 09:46 +0100, Lukas Slebodnik wrote:
> On (18/01/16 18:03), Simo Sorce wrote:
> >Found this while working on another patch.
> >
> >It is not evident by this patch alone but ... "trust me" :-)
> >(I'll send the other patch next, try to apply
cating it, I guess I can do that, the headers file would still be
needed in order to avoid huge ifdefs around the functions that implement
handling SELinux stuff. It makes the code a lot more readable and
searchable.
Simo.
--
Simo Sorce * Red Hat, In
Found this while working on another patch.
It is not evident by this patch alone but ... "trust me" :-)
(I'll send the other patch next, try to apply just that one and see what
I mean if you want)
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 64c71d6fdd57527af607a61f32c7e1eb7f
.
--
Simo Sorce * Red Hat, Inc * New York
From 7cc82eff48dabc4b15e119146f36597f4cd75827 Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Mon, 18 Jan 2016 15:21:57 -0500
Subject: [PATCH] Util: Improve code to get connection credentials
Adds support to get SELINUX context an
:0:
> >/home/pbrezina/workspace/sssd/src/util/util.h:62:0: note: this is the
> >location of the previous definition
> > #define SSS_ATTRIBUTE_PRINTF(a1, a2) __attribute__ ((format (printf, a1,
> >a2)))
> >
> I might add another #ifdef guard but I decided to rename macro
> SSS_A
On Thu, 2016-01-14 at 12:41 +0100, Jakub Hrozek wrote:
> On Wed, Jan 13, 2016 at 02:56:25PM -0500, Simo Sorce wrote:
> > subj says it all,
> > bug: https://fedorahosted.org/sssd/ticket/2924
> >
> > I have compiled and run make check|intgcheck but "not" activ
On Thu, 2016-01-14 at 17:30 +0100, Jakub Hrozek wrote:
> On Thu, Jan 14, 2016 at 11:03:51AM -0500, Simo Sorce wrote:
> > On Thu, 2016-01-14 at 12:41 +0100, Jakub Hrozek wrote:
> > > On Wed, Jan 13, 2016 at 02:56:25PM -0500, Simo Sorce wrote:
> > > > subj s
subj says it all,
bug: https://fedorahosted.org/sssd/ticket/2924
I have compiled and run make check|intgcheck but "not" actively tested
this patch.
HTH,
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 73bc4d73e84c298de94dd269039310a87305fe5c Mon Sep 17 00:00:00 2001
From: Sim
://fedorahosted.org/sssd/ticket/2921
--
Simo Sorce * Red Hat, Inc * New York
From 8820926905b9bfb188b6be6766e932be49aa3e0b Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Wed, 13 Jan 2016 11:51:09 -0500
Subject: [PATCH 3/3] Monitor: Remove ping infrastructure
Now thast se
On Tue, 2016-01-12 at 14:04 +0100, Jakub Hrozek wrote:
> On Mon, Jan 11, 2016 at 01:39:33PM -0500, Simo Sorce wrote:
> > The following 2 patches change the connection setup code to be more
> > flexible.
> >
> > They are the groundwork to add a new secrets[1] respond
> [*] github has gained enough traction already, so they don't care about
> this functionality anymore..
They start to become hostile to "competition" I guess... not a good
sign, oh well.
--
Simo Sorce * Red Hat, Inc * New York
_
with the main binaries.
I do not think it would serve any useful purpose to make internal
interfaces public, or commit to ABI stability for them, they are
supposed to be easy to change to adapt to new needs and other internal
changes.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
breaks in the middle.
Simo.
P.S: please do not use HTML emails, see how butchered your email comes
out in the txt version.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https
On Wed, 2015-08-26 at 16:10 +0300, Nikolai Kondrashov wrote:
On 08/25/2015 10:19 PM, Simo Sorce wrote:
On Tue, 2015-08-25 at 21:26 +0300, Nikolai Kondrashov wrote:
On 08/25/2015 08:48 PM, Simo Sorce wrote:
On Tue, 2015-08-25 at 16:14 +0300, Nikolai Kondrashov wrote:
* automatic
#Equality_operators
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd
someone uses the standard name in
generic LDAP, they should not be forced to change SSSD configuration
because of it.
+1
Simo
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https
going
to use Lua (ideally with a list of primitives we'd still need to
provide, to understand how much code Lua replaces for real.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https
On Mon, 2015-07-06 at 11:46 +0200, Sumit Bose wrote:
On Fri, Jul 03, 2015 at 05:01:13PM -0400, Simo Sorce wrote:
On Fri, 2015-07-03 at 21:34 +0200, Sumit Bose wrote:
On Fri, Jul 03, 2015 at 02:12:34PM -0400, Simo Sorce wrote:
On Fri, 2015-07-03 at 11:59 +0200, Jakub Hrozek wrote
the same ccache for different users ?)
or use memory ccaches and copy them with locking, but fully serializing
all authentications is not really a solution, when a full auth may
require multiple network roundtrips.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
On Fri, 2015-07-03 at 21:34 +0200, Sumit Bose wrote:
On Fri, Jul 03, 2015 at 02:12:34PM -0400, Simo Sorce wrote:
On Fri, 2015-07-03 at 11:59 +0200, Jakub Hrozek wrote:
On Fri, Jul 03, 2015 at 11:54:46AM +0200, Jakub Hrozek wrote:
Hi,
the attached patches fix https
On Fri, 2015-07-03 at 20:33 +0200, Jakub Hrozek wrote:
On Fri, Jul 03, 2015 at 02:12:34PM -0400, Simo Sorce wrote:
On Fri, 2015-07-03 at 11:59 +0200, Jakub Hrozek wrote:
On Fri, Jul 03, 2015 at 11:54:46AM +0200, Jakub Hrozek wrote:
Hi,
the attached patches fix https
interface itself, right? Do we have a
choice?
HTH,
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
developer
starting soon and these might be nice tasks to start with AND they're
also needed.
+1
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman
/df243b8f6182a6093af432f1d23a21e4fb1456/1743/summary.html
LGTM
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
to follow) and we
should direct people to trac for real bug reporting.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
allow admin to
explicitly map to a specific realm.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
1 - 100 of 1474 matches
Mail list logo