On Wed, Feb 17, 2016 at 05:29:50PM +0100, Lukas Slebodnik wrote:
> ehlo,
>
> simple patch is attached.
>
> I can reproduce it only with clang.
> But it's typical off by one error.
>
> sh$ ./sss_idmap-tests
> Running suite(s): IDMAP
> Segmentation fault (core dumped)
>
> Running suite(s): IDMAP
ng of ldap_krb5_keytab (or
krb5_keytab) to the subdomains.
bye,
Sumit
From d323a89b692e481d9c47c47d35c15d19bf9d2089 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Wed, 17 Feb 2016 16:40:57 +0100
Subject: [PATCH] subdomains: inherit ldap_krb5_keytab
If a non-default keytab is configured for the parent domai
On Wed, Feb 17, 2016 at 05:37:51PM +0100, Sumit Bose wrote:
> On Wed, Feb 17, 2016 at 05:29:50PM +0100, Lukas Slebodnik wrote:
> > ehlo,
> >
> > simple patch is attached.
> >
> > I can reproduce it only with clang.
> > But it's typical off by one error
On Wed, Feb 17, 2016 at 11:45:36AM +0100, Jakub Hrozek wrote:
> Hi,
>
> I would like to get some opinions on where I'm heading with the
> performance enhancements for 1.14. Please note this is /not/ a complete
> design page. The goal is to just identify some blockers first before I
> spend more ti
On Mon, Feb 22, 2016 at 11:45:21AM +0100, Jakub Hrozek wrote:
> On Mon, Feb 22, 2016 at 11:26:34AM +0100, Sumit Bose wrote:
> > On Wed, Feb 17, 2016 at 11:45:36AM +0100, Jakub Hrozek wrote:
> > > Hi,
> > >
> > > I would like to get some opinions on where I&
and assign it to an IPA client. Without the patch the IPA
client will continue to show the default IPA user data and no override
value.
bye,
Sumit
From f6bc534c6b82445e5e29a1e80768657c06d0557b Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 18 Feb 2016 13:03:44 +0100
Subject: [PATCH 1/2] IPA
On Tue, Feb 23, 2016 at 10:41:37AM +0100, Jakub Hrozek wrote:
> On Wed, Feb 17, 2016 at 05:44:51PM +0100, Sumit Bose wrote:
> > Hi,
> >
> > if a different keytab than /etc/krb5.keytab is used e.g. with the AD
> > provider the subdomains still try to use keys from /etc
fix this.
bye,
Sumit
From 370dd812529ad7a2843127c89da5543633ab5c2a Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Fri, 22 Jan 2016 18:14:45 +0100
Subject: [PATCH] sdap: improve filtering of multiple results in GC lookups
The Global Catalog of AD contains some information about all users and
On Tue, Feb 23, 2016 at 01:24:30PM +0100, Pavel Březina wrote:
> https://fedorahosted.org/sssd/ticket/2934
> From 94ae3c5231dc7f1cd9f9d172d13a11a8afcacd16 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
> Date: Tue, 23 Feb 2016 11:02:42 +0100
> Subject: [PATCH] remove user certi
On Tue, Feb 23, 2016 at 09:37:57PM +0100, Jakub Hrozek wrote:
> On Mon, Feb 22, 2016 at 06:04:07PM +0100, Jakub Hrozek wrote:
> > Hi,
> >
> > the attached patches implement https://fedorahosted.org/sssd/ticket/2522
> >
> > Here is what I tested:
> > 1) topgr -> bottomgr -> extgr -> administra
On Wed, Feb 24, 2016 at 10:31:31AM +0100, Pavel Březina wrote:
> On 02/23/2016 02:09 PM, Sumit Bose wrote:
> >On Tue, Feb 23, 2016 at 01:24:30PM +0100, Pavel Březina wrote:
> >>https://fedorahosted.org/sssd/ticket/2934
> >
> >> From 94ae3c5231dc7f1cd9f9d172d13a11a8
On Wed, Feb 24, 2016 at 05:19:50PM -0500, Justin Stephenson wrote:
> First patch, see attached.
>
> This is for easy fix from ticket
> https://fedorahosted.org/sssd/ticket/2789
>
> I am going on the assumption that if the first 2 characters of ad_server are
> digits then it is likely an IP addres
On Thu, Feb 25, 2016 at 10:53:03AM +0100, Pavel Březina wrote:
> On 02/24/2016 02:34 PM, Sumit Bose wrote:
> >On Wed, Feb 24, 2016 at 10:31:31AM +0100, Pavel Březina wrote:
> >>On 02/23/2016 02:09 PM, Sumit Bose wrote:
> >>>On Tue, Feb 23, 2016 at 01:24:30PM +0100, Pa
On Thu, Feb 25, 2016 at 12:50:55PM +0100, Jakub Hrozek wrote:
> On Tue, Feb 23, 2016 at 12:53:25PM +0100, Sumit Bose wrote:
> > Hi,
> >
> > this patch fixes and issue during initgroups in AD forests. Please see
> > the commit message for details.
> >
> >
On Thu, Feb 25, 2016 at 11:36:43AM +0100, Pavel Březina wrote:
> On 02/25/2016 11:07 AM, Sumit Bose wrote:
> >On Thu, Feb 25, 2016 at 10:53:03AM +0100, Pavel Březina wrote:
> >>On 02/24/2016 02:34 PM, Sumit Bose wrote:
> >>>On Wed, Feb 24, 2016 at 10:31:31AM +0100, Pa
On Wed, Feb 17, 2016 at 10:47:26AM +0100, Pavel Reichl wrote:
> On 02/15/2016 06:19 PM, Sumit Bose wrote:
> >On Tue, Jan 26, 2016 at 05:35:06PM +0100, Pavel Reichl wrote:
> >>>Hello,
> >>>
> >>>please see simple patch attached.
> >Hi Pa
On Wed, Mar 02, 2016 at 01:43:03PM +0100, Petr Cech wrote:
> On 03/02/2016 01:10 PM, Lukas Slebodnik wrote:
> >On (02/03/16 13:02), Pavel Reichl wrote:
> >>On 03/02/2016 12:53 PM, Lukas Slebodnik wrote:
> >>>On (02/03/16 12:48), Pavel Březina wrote:
> On 03/01/2016 03:54 PM, Pavel Reichl wrote:
On Wed, Mar 02, 2016 at 05:13:40PM +0100, Jakub Hrozek wrote:
> On Mon, Feb 22, 2016 at 12:03:32PM +0100, Sumit Bose wrote:
> > On Mon, Feb 22, 2016 at 11:45:21AM +0100, Jakub Hrozek wrote:
> > > On Mon, Feb 22, 2016 at 11:26:34AM +0100, Sumit Bose wrote:
> > > > On W
On Mon, Mar 07, 2016 at 01:33:38PM +0100, Lukas Slebodnik wrote:
> On (07/03/16 12:12), Pavel Březina wrote:
> >On 03/07/2016 10:14 AM, Lukas Slebodnik wrote:
> >>ehlo,
> >>
> >>simple aptch is attached.
> >
> >When there, can you also talloc_free(attrs) on error? Thanks.
> See updated patch
>
> L
Hi,
This patch fixes a 2FA issues observed with sudo. See commit message for
details.
bye,
Sumit
From 2c38adad7b527aceb4f9cb41c7d7b4c66d4580c9 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Mon, 7 Mar 2016 17:07:16 +0100
Subject: [PATCH] pam_sss: reorder pam_message array
There are different
On Tue, Mar 01, 2016 at 01:05:48PM +0100, Pavel Březina wrote:
> On 02/26/2016 01:47 PM, Jakub Hrozek wrote:
> >On Wed, Feb 24, 2016 at 12:41:24PM +0100, Pavel Březina wrote:
> From f61d0192b8254247802167ea385b52f65d4e175d Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
On Thu, Mar 10, 2016 at 12:54:15PM +0100, Pavel Březina wrote:
> On 03/08/2016 05:55 PM, Sumit Bose wrote:
> >Hi,
> >
> >This patch fixes a 2FA issues observed with sudo. See commit message for
> >details.
> >
> >bye,
> >Sumit
> >
On Fri, Mar 11, 2016 at 01:36:52PM +0100, Pavel Březina wrote:
> On 03/11/2016 10:41 AM, Sumit Bose wrote:
> >On Thu, Mar 10, 2016 at 12:54:15PM +0100, Pavel Březina wrote:
> >>On 03/08/2016 05:55 PM, Sumit Bose wrote:
> >>>Hi,
> >>>
> >>>
On Tue, Mar 22, 2016 at 12:29:39PM +0100, Michal Židek wrote:
> Hi,
>
> I would like to write a patch that will
> allow SSSD to use the config file merging
> feature from libini. But first I would like
> to ask developers for their opinions on how
> this should be implemented.
>
> My idea was th
On Wed, Apr 06, 2016 at 12:59:32PM +0300, Nikolai Kondrashov wrote:
> On 03/18/2016 07:56 PM, Nikolai Kondrashov wrote:
> >The attached patch adds exporting of the original (non-overridden) user shell
> >to tlog-rec, during the PAM session opening. The shell is exported via adding
> >variable "TLOG
On Fri, Apr 08, 2016 at 07:31:59PM +0300, Nikolai Kondrashov wrote:
> On 04/06/2016 02:06 PM, Sumit Bose wrote:
> >On Wed, Apr 06, 2016 at 12:59:32PM +0300, Nikolai Kondrashov wrote:
> >>On 03/18/2016 07:56 PM, Nikolai Kondrashov wrote:
> >>>The attached patch adds
omain component
must be added.
bye,
Sumit
From 4065b421e725118f3832d6f8ae71808aa57887c5 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Mon, 11 Apr 2016 14:25:18 +0200
Subject: [PATCH 1/4] intg: local override for user with mixed case name
Test for users with fully-qualified and mixed-cased names are
On Tue, Apr 12, 2016 at 11:08:54AM +0200, Pavel Březina wrote:
> On 04/11/2016 05:58 PM, Lukas Slebodnik wrote:
> >On (11/04/16 15:01), Lukas Slebodnik wrote:
> >>ehlo,
> >>
> >>attached patch fix crash in #2980
> >>
> >>LS
> >
> >>From 422abe6e6263c3c907611a8611fa3f28d6e93ae0 Mon Sep 17 00:00:00 2
On Tue, Apr 12, 2016 at 12:46:00PM +0200, Lukas Slebodnik wrote:
> On (12/04/16 12:07), Sumit Bose wrote:
> >On Tue, Apr 12, 2016 at 11:08:54AM +0200, Pavel Březina wrote:
> >> On 04/11/2016 05:58 PM, Lukas Slebodnik wrote:
> >> >On (11/04/16 15:01), Luka
On Wed, Apr 13, 2016 at 10:39:44AM +0200, Lukas Slebodnik wrote:
> On (12/04/16 11:03), Sumit Bose wrote:
> >Hi,
> >
> >I'm working on adding certificates to overrides and came across some
> >issues with the local overrides. The main cause was that instead you
>
On Tue, Apr 12, 2016 at 02:36:19PM +0200, Lukas Slebodnik wrote:
> ehlo,
>
> the 1st patch fixes memory leak and the second one is change in unit test
> to prevent such leaks in be_ptask in feature.
good catch, http://sssd-ci.duckdns.org/logs/job/41/27/summary.html
ACK
bye,
Sumit
>
> LS
during the initialization.
bye,
Sumit
From b76cbbd2e9f426cbc10e67a7eefa776b3027a2cb Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 10 Mar 2016 17:50:13 +0100
Subject: [PATCH] AD: use krb5_keytab for subdomain initialization
During the initialization of AD subdomains parameters like the SASL a
On Thu, Apr 14, 2016 at 12:21:50PM +0200, Lukas Slebodnik wrote:
> On (14/04/16 10:39), Pavel Reichl wrote:
> >On 04/14/2016 10:28 AM, Lukas Slebodnik wrote:
> >>ehlo,
> >>
> >>@see commit message in attached trivial patch.
> >>
> >>LS
> >>
> >>
> >Hello,
> >
> >patch does not apply, code in patch
dations will fail with "Certificate [SSSD Test
Token:Server-Cert][CN=ipa-devel.ipa.devel,O=IPA.DEVEL] not valid [-8071],
skipping" because none of the OCSP responders are available but I think this
test is sufficient to see that the patch is working as expected.
bye,
Sumit
From c2eccab2c
Hi,
this patch removes a useless and irritation debug messages.
bye,
Sumit
From 156468b36f05966ae74df92309853ddf1f644199 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Fri, 15 Apr 2016 09:24:06 +0200
Subject: [PATCH] krb5_auth_store_creds: silence spurious debug message
During a pre
On Thu, Apr 14, 2016 at 04:30:24PM +0200, Lukas Slebodnik wrote:
...
>
> >From 62a3c79d7923dceb2c92c1b2d31388afd744a8ac Mon Sep 17 00:00:00 2001
> >From: Sumit Bose
> >Date: Wed, 10 Feb 2016 14:59:06 +0100
> >Subject: [PATCH 4/8] AD: process PAC during initgroups r
On Mon, Apr 18, 2016 at 03:06:05PM +0200, Lukas Slebodnik wrote:
> On (15/04/16 16:39), Sumit Bose wrote:
> >On Thu, Apr 14, 2016 at 04:30:24PM +0200, Lukas Slebodnik wrote:
> >
> >...
> >
> >>
> >> >From 62a3c79d7923dceb2c92c1b2d31388afd744a8ac
test build in
https://bugzilla.redhat.com/show_bug.cgi?id=1328108. See comment #12 for
details.
bye,
Sumit
From 1e052649e15f5830ffbc6ba0dc4a78c49a3a95ba Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Tue, 19 Apr 2016 15:07:18 +0200
Subject: [PATCH] IPA: terminate properly if view name lookup fails
On Fri, Apr 22, 2016 at 03:20:56PM +0200, Jakub Hrozek wrote:
> On Wed, Apr 13, 2016 at 03:45:22PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > this is a bit of a follow-up patch to "subdomains: inherit
> > ldap_krb5_keytab". It turned out that if the defaul
On Fri, Apr 22, 2016 at 05:17:29PM +0200, Jakub Hrozek wrote:
> On Fri, Apr 22, 2016 at 05:03:06PM +0200, Lukas Slebodnik wrote:
> > On (22/04/16 15:41), Jakub Hrozek wrote:
> > >On Tue, Apr 19, 2016 at 04:11:54PM +0200, Sumit Bose wrote:
> > >> Hi,
> > >
On Mon, Apr 25, 2016 at 09:16:22PM +0300, Nikolai Kondrashov wrote:
> On 04/11/2016 07:44 PM, Sumit Bose wrote:
> >On Fri, Apr 08, 2016 at 07:31:59PM +0300, Nikolai Kondrashov wrote:
> >>On 04/06/2016 02:06 PM, Sumit Bose wrote:
> >>>I wonder if it would makes sense
On Thu, Apr 28, 2016 at 11:26:19AM +0200, Lukas Slebodnik wrote:
> On (19/04/16 11:41), Michal Židek wrote:
> >On 04/13/2016 04:59 PM, Michal Židek wrote:
...
>
> >From e41fb64fb2a0f326095e9712c62b1b9f9ce4782e Mon Sep 17 00:00:00 2001
> >From: =?UTF-8?q?Michal=20=C5=BDidek?=
> >Date: Wed, 13 Apr
o debug this feature if something goes wrong. This section
might include examples of additional commands the user might run (such
as keytab or certificate sanity checks) or explain what message to look
for.
=== Authors ===
* Sumit Bose
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
On Fri, May 06, 2016 at 03:18:30PM +0200, Jakub Hrozek wrote:
> On Fri, Apr 29, 2016 at 03:38:46PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > please find a new design document at
> > https://fedorahosted.org/sssd/wiki/DesignDocs/LookupUsersByCertificatePart2.
> >
b16a64ccf236718a877ab83de1949ab1a8091187 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Tue, 19 Apr 2016 13:52:59 +0200
Subject: [PATCH] Add winbind idmap plugin
With this plugin winbind can use the same id-mapping as SSSD which makes
it possible to run both together in a consistent way.
---
Makefile.am
On Tue, May 10, 2016 at 04:42:17PM +0200, Jakub Hrozek wrote:
> On Thu, Apr 14, 2016 at 01:48:50PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > the following 3 patches are related to the Smartcard authentication
> > feature but imo can be tested even without having one.
&g
Hi,
this patch fixes a typo in the IPA AD related code, to look up the
Global Catalog via DNS the forest name should be used and not the name
of the currently domain.
bye,
Sumit
From 67beb22df5a9c382e763ccb6a239554beb3eb848 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Tue, 17 May 2016 11:54
On Thu, May 12, 2016 at 04:29:07PM +0300, Nikolai Kondrashov wrote:
> On 04/26/2016 11:32 AM, Sumit Bose wrote:
> > On Mon, Apr 25, 2016 at 09:16:22PM +0300, Nikolai Kondrashov wrote:
> > > On 04/11/2016 07:44 PM, Sumit Bose wrote:
> > > > On Fri, Apr 08, 201
On Fri, May 20, 2016 at 12:53:51PM +0300, Nikolai Kondrashov wrote:
> On 05/19/2016 02:41 PM, Sumit Bose wrote:
> > On Thu, May 12, 2016 at 04:29:07PM +0300, Nikolai Kondrashov wrote:
> > > On 04/26/2016 11:32 AM, Sumit Bose wrote:
> > > > On Mon, Apr 25, 201
On Fri, May 20, 2016 at 01:54:33PM +0300, Nikolai Kondrashov wrote:
> On 05/20/2016 01:39 PM, Sumit Bose wrote:
> > On Fri, May 20, 2016 at 12:53:51PM +0300, Nikolai Kondrashov wrote:
> > > On 05/19/2016 02:41 PM, Sumit Bose wrote:
> > > > On Thu, May 12, 201
w the extdom plugin to do lookups by
certificate. This means that SSSD on the IPA server must used the
attached patches as well.
bye,
Sumit
From cfe76f8d2e2df85be30ef75cd2e7117e163c264d Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Mon, 30 Nov 2015 12:14:16 +0100
Subject: [PATCH 01/12] sysdb: add sy
in nsssrv_cmd.c and I slipped into the wrong
function.
> previously. Please see my further replies below.
>
> On 05/20/2016 02:50 PM, Sumit Bose wrote:
> > On Fri, May 20, 2016 at 01:54:33PM +0300, Nikolai Kondrashov wrote:
> > > On 05/20/2016 01:39 PM, Sumit Bose wrote
On Fri, May 27, 2016 at 02:00:12PM +0300, Nikolai Kondrashov wrote:
> On 05/26/2016 12:36 PM, Sumit Bose wrote:
> > On Mon, May 23, 2016 at 10:26:37PM +0300, Nikolai Kondrashov wrote:
> > > First of all, I assume you meant "shell" whenever you used "h
nit use the
-t option
{{{
$ kinit -c ./armor.ccache -k -t ./service.keytab
}}}
Now you can call
{{{
$ kinit -T ./armor.ccache test_user
Enter OTP Token Value:
}}}
If OTP is not enable for the user you should see the password prompt.
As usual, setting ''KRB5_TRACE=/dev/stdout'' before calling ''kinit'' or
''kvno'' will produce some extra output which might be useful.
=== Authors ===
* Sumit Bose
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
On Tue, May 10, 2016 at 06:10:15PM +0200, Sumit Bose wrote:
> On Tue, May 10, 2016 at 04:42:17PM +0200, Jakub Hrozek wrote:
> > On Thu, Apr 14, 2016 at 01:48:50PM +0200, Sumit Bose wrote:
> > > Hi,
> > >
> > > the following 3 patches are related to the Smartc
bye,
Sumit
From 31f0e621fa63764f9f89f8d6e01f94c49675216f Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 26 May 2016 13:20:59 +0200
Subject: [PATCH] PAM/KRB5: optional otp and password prompting
Depending on the available Kerberos pre-authentication methods pam_sss
will prompt the user for a password, 2 authentica
bye,
Sumit
From 0a58ab569a7746aab54ec8e38cebce4584f0b145 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Mon, 14 Mar 2016 17:27:01 +0100
Subject: [PATCH 1/2] PAM: add pam_sss option allow_missing_name
With this option SSSD can be used with the gdm Smartcard feature.
Resolves https://fedorahosted.org
On Fri, Jun 03, 2016 at 08:22:10AM +0200, Petr Cech wrote:
> bump
obvious ACK, just waiting for the CI to finish.
bye,
Sumit
>
> --
> Petr^4 Čech
> ___
> sssd-devel mailing list
> sssd-devel@lists.fedorahosted.org
> https://lists.fedorahosted.org/adm
On Fri, Jun 03, 2016 at 09:38:43AM +0200, Sumit Bose wrote:
> On Fri, Jun 03, 2016 at 08:22:10AM +0200, Petr Cech wrote:
> > bump
>
> obvious ACK, just waiting for the CI to finish.
There are 2 failures in
http://sssd-ci.duckdns.org/logs/job/44/38/summary.html but they look
lik
Even with completely random SIDs you should see a proper output:
$ wbinfo --sids-to-unix-ids=S-2-3-4,S-5-6-7
S-2-3-4 -> unmapped
S-5-6-7 -> unmapped
bye,
Sumit
From 52de39e45829ffd1bd18b3f83310066f97a38397 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 2 Jun 2016 21:
uthorizedkeys should return the ssh-key
again.
bye,
Sumit
From 540c69184a128bb840c7f41cabfb0cfe62f344a7 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 2 Jun 2016 18:22:03 +0200
Subject: [PATCH] ssh: skip invalid certificates
Current an invalid certificate cause the whole ssh key lookup req
On Fri, Jun 03, 2016 at 04:55:15PM +0200, Lukas Slebodnik wrote:
> On (03/06/16 14:38), Fabiano Fidêncio wrote:
> >On Fri, Jun 3, 2016 at 2:32 PM, Lukas Slebodnik wrote:
> >> On (03/06/16 09:38), Sumit Bose wrote:
> >>>On Fri, Jun 03, 2016 at 08:22:10AM +0200
On Fri, Jun 03, 2016 at 05:56:45PM +0200, Jakub Hrozek wrote:
> On Wed, Jun 01, 2016 at 06:31:29PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > that attached two patches would allow to use the Smartcard support in
> > gdm with SSSD. To use it you should replace pam_pkcs11
On Fri, Jun 03, 2016 at 02:56:08PM +0200, Jakub Hrozek wrote:
> On Fri, May 20, 2016 at 09:13:29PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > this set of patches should resolve
> > https://fedorahosted.org/sssd/ticket/2897 "Smart Cards: Certificate in
> > the
On Sun, Jun 05, 2016 at 10:36:51PM +0300, Alexander Bokovoy wrote:
> On Fri, 03 Jun 2016, Sumit Bose wrote:
> > Hi,
> >
> > this patch fixes an issue in SSSD's implementation of libwbclient.
> > wbcSidsToUnixIds() translates a list of SID to POSIX IDs and it is
>
On Mon, Jun 06, 2016 at 04:24:35PM +0300, Nikolai Kondrashov wrote:
> Hi everyone,
>
> After a little discussion with Dmitri and Sumit we decided that we'll need
> options for controlling session recording in sssd.conf, after all.
>
> The options should be something like this:
>
> record_ses
On Tue, Jun 07, 2016 at 12:04:12PM +0200, Jakub Hrozek wrote:
> On Mon, Jun 06, 2016 at 11:06:06AM +0200, Sumit Bose wrote:
> > On Fri, Jun 03, 2016 at 02:56:08PM +0200, Jakub Hrozek wrote:
> > > On Fri, May 20, 2016 at 09:13:29PM +0200, Sumit Bose wrote:
> > > > Hi
On Tue, Jun 07, 2016 at 01:56:10PM +0200, Jakub Hrozek wrote:
> On Tue, Jun 07, 2016 at 12:28:22PM +0200, Sumit Bose wrote:
> > sure, here you are.
> >
> > bye,
> > Sumit
>
> Hmm, are these the correct patches?
>
> /home/remote/jhrozek/devel
On Tue, Jun 07, 2016 at 02:42:56PM +0200, Jakub Hrozek wrote:
> On Mon, May 30, 2016 at 04:32:20PM +0200, Sumit Bose wrote:
> > > oops, yes I guess this would be a good idea. I'll send a new patch.
> > >
> >
> > new version attached.
> >
> > by
On Tue, Jun 07, 2016 at 03:08:36PM +0200, Jakub Hrozek wrote:
> On Fri, Jun 03, 2016 at 08:17:01PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > currently the code which generates ssh key from the public keys in the
> > user certificates fails if one certificate cannot be v
On Wed, Jun 08, 2016 at 10:50:00AM +0200, Jakub Hrozek wrote:
> On Tue, May 10, 2016 at 11:10:05AM +0200, Sumit Bose wrote:
> > Hi,
> >
> > this patch adds a new plugin similar to the one for the cifs-utils which
> > allows winbind to use the same id-mapping as SSSD
On Tue, Jun 07, 2016 at 04:40:42PM +0200, Jakub Hrozek wrote:
> On Tue, Jun 07, 2016 at 02:55:40PM +0200, Sumit Bose wrote:
> > On Tue, Jun 07, 2016 at 01:56:10PM +0200, Jakub Hrozek wrote:
> > > On Tue, Jun 07, 2016 at 12:28:22PM +0200, Sumit Bose wrote:
> >
On Thu, Jun 09, 2016 at 11:20:14AM +0200, Lukas Slebodnik wrote:
> On (08/06/16 15:39), Sumit Bose wrote:
> >On Tue, Jun 07, 2016 at 04:40:42PM +0200, Jakub Hrozek wrote:
> >> On Tue, Jun 07, 2016 at 02:55:40PM +0200, Sumit Bose wrote:
> >> > On Tue, Jun 07, 2016 at
On Thu, Jun 09, 2016 at 11:27:54AM +0200, Lukas Slebodnik wrote:
> On (08/06/16 11:41), Jakub Hrozek wrote:
> >On Fri, Apr 22, 2016 at 04:29:36PM +0200, Sumit Bose wrote:
> >> On Fri, Apr 22, 2016 at 03:20:56PM +0200, Jakub Hrozek wrote:
> >> > On Wed, Apr 13, 2016 a
On Thu, Jun 09, 2016 at 12:09:49PM +0200, Lukas Slebodnik wrote:
> On (09/06/16 11:41), Sumit Bose wrote:
> >On Thu, Jun 09, 2016 at 11:20:14AM +0200, Lukas Slebodnik wrote:
> >> On (08/06/16 15:39), Sumit Bose wrote:
> >> >On Tue, Jun 07, 2016 at 04:40:42PM +0200,
On Thu, Jun 09, 2016 at 04:18:31PM +0200, Lukas Slebodnik wrote:
> On (09/06/16 12:47), Sumit Bose wrote:
> >On Thu, Jun 09, 2016 at 12:09:49PM +0200, Lukas Slebodnik wrote:
> >> On (09/06/16 11:41), Sumit Bose wrote:
> >> >On Thu, Jun 09, 2016 at 11:20:14A
On Fri, Jun 10, 2016 at 09:26:38AM +0200, Lukas Slebodnik wrote:
> ehlo,
>
> I took some time to find out why pam-srv-tests fails so often.
> https://fedorahosted.org/sssd/ticket/2994
>
> It is caused by slow execution of function sysdb_cache_password_ex.
>
> (Thu Jun 9 22:13:36:771048 2016) [s
On Fri, Jun 10, 2016 at 11:09:49AM +0200, Lukas Slebodnik wrote:
> On (10/06/16 09:54), Sumit Bose wrote:
> >On Fri, Jun 10, 2016 at 09:26:38AM +0200, Lukas Slebodnik wrote:
> >> ehlo,
> >>
> >> I took some time to find out why pam-srv-tests fails so often
On Fri, Jun 10, 2016 at 02:28:16PM +0200, Lukas Slebodnik wrote:
> On (30/05/16 17:07), Sumit Bose wrote:
> >Hi,
> >
> >this patch is the SSSD part of the Authentication Indicator related
> >changes in FreeIPA. The basic part is that now it is possible to
> >
and now with patch ...
On Mon, Jun 13, 2016 at 02:00:37PM +0200, Sumit Bose wrote:
> On Fri, Jun 10, 2016 at 02:28:16PM +0200, Lukas Slebodnik wrote:
> > On (30/05/16 17:07), Sumit Bose wrote:
> > >Hi,
> > >
> > >this patch is the SSSD part of the Authenticati
On Wed, Jun 08, 2016 at 07:24:02PM +0200, Lukas Slebodnik wrote:
> On (08/06/16 13:39), Sumit Bose wrote:
> >On Wed, Jun 08, 2016 at 10:50:00AM +0200, Jakub Hrozek wrote:
> >> On Tue, May 10, 2016 at 11:10:05AM +0200, Sumit Bose wrote:
> >> > Hi,
> >> >
&
the old scheme fails with some certificates.
bye,
Sumit
From 30dc3f904918a4a5b8e1245222881d97f1737fdf Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Fri, 17 Jun 2016 13:50:55 +0200
Subject: [PATCH 1/2] SSH-CERT: always initialize cert_verify_opts
Currently cert_verify_opts is only initialized
On Mon, Jun 20, 2016 at 11:15:20AM +0200, Lukas Slebodnik wrote:
> On (13/06/16 15:44), Sumit Bose wrote:
> >On Wed, Jun 08, 2016 at 07:24:02PM +0200, Lukas Slebodnik wrote:
> >> On (08/06/16 13:39), Sumit Bose wrote:
> >> >On Wed, Jun 08, 2016 at 10:50:00AM +0200,
On Thu, Jun 23, 2016 at 09:52:46AM +0200, Jakub Hrozek wrote:
> On Tue, Jun 21, 2016 at 10:28:52PM +0200, Lukas Slebodnik wrote:
> > On (21/06/16 22:08), Jakub Hrozek wrote:
> > >On Tue, Jun 21, 2016 at 11:46:51AM +0200, Jakub Hrozek wrote:
> > >> On Mon, Jun 20, 2016 at 06:57:55PM +0200, Jakub Hro
On Tue, Jun 21, 2016 at 09:01:05AM -0400, Stephen Gallagher wrote:
> On 06/20/2016 05:48 AM, Sumit Bose wrote:
> > On Mon, Jun 20, 2016 at 11:15:20AM +0200, Lukas Slebodnik wrote:
> >> BTW we can add Requires/Recommends into pacakge sssd-ad for this
> >> sub-pacakge.
&
On Wed, Jun 29, 2016 at 12:05:42PM +0200, Lukas Slebodnik wrote:
> On (29/06/16 11:54), Pavel Březina wrote:
> >On 06/28/2016 06:24 PM, Jakub Hrozek wrote:
> >> Hi,
> >>
> >> here is my branch that implements using the fully qualified names in sysdb
> >> for users and groups:
> >> https://git
On Wed, Jun 29, 2016 at 11:23:55PM +0200, Jakub Hrozek wrote:
> Hi,
> I pushed the attached patch under the one-liner rule (which I'm not a
> big fan of, but it's late and I've been wanting to do this release for
> almost a week..)
>
> I hope it's OK with everybody. I added a silly RB to satisfy o
On Fri, Jul 01, 2016 at 08:28:05AM +0200, Lukas Slebodnik wrote:
> ehlo,
>
> Older versions of gcc does not like initialisation of struct sigevent
> because the first member of structure is union (sigval_t).
>
> Simple patch is attached.
>
> LS
The warning is gone, just waiting for CI to finish
On Fri, Jul 01, 2016 at 08:29:34AM +0200, Lukas Slebodnik wrote:
> ehlo,
>
> attached patch wix warning on 32 bit platforms.
>
> LS
The warning is gone, just waiting for CI to finish
bye,
Sumit
___
sssd-devel mailing list
sssd-devel@lists.fedorah
On Fri, Jul 01, 2016 at 09:32:57AM +0200, Sumit Bose wrote:
> On Fri, Jul 01, 2016 at 08:28:05AM +0200, Lukas Slebodnik wrote:
> > ehlo,
> >
> > Older versions of gcc does not like initialisation of struct sigevent
> > because the first member of structure is union
On Fri, Jul 01, 2016 at 09:33:21AM +0200, Sumit Bose wrote:
> On Fri, Jul 01, 2016 at 08:29:34AM +0200, Lukas Slebodnik wrote:
> > ehlo,
> >
> > attached patch wix warning on 32 bit platforms.
> >
> > LS
>
> The warning is gone, just waiting for CI to
:00 2001
From: Sumit Bose
Date: Thu, 23 Jun 2016 11:58:30 +0200
Subject: [PATCH 1/6] IPA: read ipaNTAdditionalSuffixes for master and trusted
domains
---
src/providers/ipa/ipa_subdomains.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/providers/ipa
new krb5 config snippet
krb5_libdefaults which will set 'canonicalize = true' if the related
SSSD option is true as well, which is currently by default the case for
the IPA provider.
bye,
Sumit
From af04d03096c670b8470aa677c4234c4ee1f6dde6 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Mon,
On Tue, Jul 05, 2016 at 07:15:03PM +0200, Jakub Hrozek wrote:
> On Tue, Jul 05, 2016 at 12:37:22PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > this patch set should solve https://fedorahosted.org/sssd/ticket/3018
> > by looking up the additional UPN suffixes on the IPA ser
On Mon, Jul 04, 2016 at 03:33:08PM +0200, Lukas Slebodnik wrote:
> ehlo,
>
> Attached patches fix failures in test on big endian
> http://s390.koji.fedoraproject.org/kojifiles/work/tasks/4511/2274511/build.log
>
> It is not just bug in test becuase the same bug is in
> sysdb_enumpwent_filter and
On Wed, Jul 06, 2016 at 12:23:08PM +0200, Sumit Bose wrote:
> On Mon, Jul 04, 2016 at 03:33:08PM +0200, Lukas Slebodnik wrote:
> > ehlo,
> >
> > Attached patches fix failures in test on big endian
> > http://s390.koji.fedoraproject.org/kojifiles/work/tasks/4511/22745
password in the 'Password' prompt as he was used to before.
And second I wasn't sure if users are aware that the first factor is
typically their long term password. Iirc the first factor with RSA
tokens are typically referred to as PIN and asking for a password might
confuse the users.
016 at 11:01:53PM +0200, Jakub Hrozek wrote:
> > > >> On Fri, Jul 01, 2016 at 03:24:39PM +0200, Jakub Hrozek wrote:
> > > >> > On Wed, Jun 29, 2016 at 07:00:13PM +0200, Jakub Hrozek wrote:
> > > >> > > On Wed, Jun 29, 2016 at 04:36:23PM +02
On Wed, Jul 06, 2016 at 10:24:26PM +0200, Sumit Bose wrote:
> On Wed, Jul 06, 2016 at 09:02:05PM +0200, Jakub Hrozek wrote:
> > On Wed, Jul 06, 2016 at 06:34:32PM +0200, Jakub Hrozek wrote:
> > > On Wed, Jul 06, 2016 at 11:13:02AM +0200, Lukas Slebodnik wrote:
> > > &
resend
- Forwarded message from Sumit Bose -
Date: Wed, 6 Jul 2016 11:13:48 +0200
From: Sumit Bose
To: sssd-devel@lists.fedorahosted.org
Subject: Re: [SSSD] [PATCH] LDAP: Lookup services by all protocols unless a
protocol is specified
Message-ID: <20160706091348.GD29
1 - 100 of 3711 matches
Mail list logo
