[SSSD] [sssd PR#636][+Pushed] failover: tune up default timeouts
URL: https://github.com/SSSD/sssd/pull/636 Title: #636: failover: tune up default timeouts Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#636][closed] failover: tune up default timeouts
URL: https://github.com/SSSD/sssd/pull/636 Author: pbrezina Title: #636: failover: tune up default timeouts Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/636/head:pr636 git checkout pr636 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#636][comment] failover: tune up default timeouts
URL: https://github.com/SSSD/sssd/pull/636 Title: #636: failover: tune up default timeouts jhrozek commented: """ * master: * 049f3906b9ef2041b5e1df666bd570379ae60718 * e97ff0adb62c89cfc7e75858b7e592e0303720b0 * 99e2a107f01c625cb59cb88589db87294176d6c6 * 3807de1d97fc87cf7c25af264a8b1bbabdef54e2 * 7b4635c8428917ced63954f2c3c70491b45d7870 """ See the full comment at https://github.com/SSSD/sssd/pull/636#issuecomment-516998725 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#847][comment] systemd: add Restart=on-failure to sssd.service
URL: https://github.com/SSSD/sssd/pull/847 Title: #847: systemd: add Restart=on-failure to sssd.service jhrozek commented: """ * master: b1ea33eca64a0429513fcfe2ba7402ff56889b46 """ See the full comment at https://github.com/SSSD/sssd/pull/847#issuecomment-516996775 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#847][closed] systemd: add Restart=on-failure to sssd.service
URL: https://github.com/SSSD/sssd/pull/847 Author: pbrezina Title: #847: systemd: add Restart=on-failure to sssd.service Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/847/head:pr847 git checkout pr847 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#847][+Pushed] systemd: add Restart=on-failure to sssd.service
URL: https://github.com/SSSD/sssd/pull/847 Title: #847: systemd: add Restart=on-failure to sssd.service Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#853][+Pushed] DYNDNS: dyndns_update is not enough
URL: https://github.com/SSSD/sssd/pull/853 Title: #853: DYNDNS: dyndns_update is not enough Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#853][comment] DYNDNS: dyndns_update is not enough
URL: https://github.com/SSSD/sssd/pull/853 Title: #853: DYNDNS: dyndns_update is not enough jhrozek commented: """ * master: * f2c69a67ad0cd9d4db94aa66e46ede0cb0790480 * 1c7521898f1cb13607c536977029561f89573c7c * 5b235bbdbea355923e4f2aeb745c8e514b423984 """ See the full comment at https://github.com/SSSD/sssd/pull/853#issuecomment-516996063 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#853][closed] DYNDNS: dyndns_update is not enough
URL: https://github.com/SSSD/sssd/pull/853 Author: thalman Title: #853: DYNDNS: dyndns_update is not enough Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/853/head:pr853 git checkout pr853 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#855][+Pushed] nss: Fix command 'endservent' resetting wrong struct member
URL: https://github.com/SSSD/sssd/pull/855 Title: #855: nss: Fix command 'endservent' resetting wrong struct member Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#855][comment] nss: Fix command 'endservent' resetting wrong struct member
URL: https://github.com/SSSD/sssd/pull/855 Title: #855: nss: Fix command 'endservent' resetting wrong struct member jhrozek commented: """ * sssd-1-16: 9673ca8 * master: 06479a1 """ See the full comment at https://github.com/SSSD/sssd/pull/855#issuecomment-516995456 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#855][closed] nss: Fix command 'endservent' resetting wrong struct member
URL: https://github.com/SSSD/sssd/pull/855 Author: scabrero Title: #855: nss: Fix command 'endservent' resetting wrong struct member Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/855/head:pr855 git checkout pr855 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#636][+Accepted] failover: tune up default timeouts
URL: https://github.com/SSSD/sssd/pull/636 Title: #636: failover: tune up default timeouts Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#636][comment] failover: tune up default timeouts
URL: https://github.com/SSSD/sssd/pull/636 Title: #636: failover: tune up default timeouts jhrozek commented: """ F-30 failed CI and there are no logs. But I don't see anything OS-specific in the patches and at the same time all my concerns were addressed. Thank you. ACK. """ See the full comment at https://github.com/SSSD/sssd/pull/636#issuecomment-516866347 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#837][comment] p11_child: make OCSP digest configurable
URL: https://github.com/SSSD/sssd/pull/837 Title: #837: p11_child: make OCSP digest configurable jhrozek commented: """ OK, I tried also different values of the `ocsp_dgst` option and at least I see that the revoked cert is still revoked..and invalid value seems to fall back to the default which seems OK. So I only left two small nitpicks. Feel free to fix them or not if you feel like they are too nitpicky. """ See the full comment at https://github.com/SSSD/sssd/pull/837#issuecomment-516861998 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#837][comment] p11_child: make OCSP digest configurable
URL: https://github.com/SSSD/sssd/pull/837 Title: #837: p11_child: make OCSP digest configurable jhrozek commented: """ Sorry it took me almost four weeks to test the PR. I think OSCP in general works fine. With a valid certificate I was getting: ``` (Wed Jul 31 15:34:44 2019) [[sssd[p11_child[23202 [do_card] (0x4000): Found [tuser] in slot [Yubico YubiKey OTP+FIDO+CCID 00 00][0] of module [1][/usr/lib64/pkcs11/opensc-pkcs11.so]. (Wed Jul 31 15:34:44 2019) [[sssd[p11_child[23202 [do_card] (0x4000): Login required. (Wed Jul 31 15:34:44 2019) [[sssd[p11_child[23202 [read_certs] (0x4000): found cert[Certificate for PIV Authentication][/C=SE/ST=Sweden/O=SSSD Intermediate/CN=tuser/emailAddress=tu...@ipa.test] (Wed Jul 31 15:34:44 2019) [[sssd[p11_child[23202 [do_ocsp] (0x4000): Using OCSP URL [http://localhost:]. (Wed Jul 31 15:34:44 2019) [[sssd[p11_child[23202 [do_ocsp] (0x4000): Nonce in OCSP response is the same as the one used in the request. (Wed Jul 31 15:34:44 2019) [[sssd[p11_child[23202 [do_ocsp] (0x4000): OCSP check was successful. (Wed Jul 31 15:34:44 2019) [[sssd[p11_child[23202 [do_card] (0x4000): /usr/lib64/pkcs11/opensc-pkcs11.so /usr/lib64/pkcs11/opensc-pkcs11.so tuser tuser 01 01. ``` With a revoked certificate I get: ``` (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [do_card] (0x4000): Found [tuser] in slot [Yubico YubiKey OTP+FIDO+CCID 00 00][0] of module [1][/usr/lib64/pkcs11/opensc-pkcs11.so]. (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [do_card] (0x4000): Login NOT required. (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [read_certs] (0x4000): found cert[Certificate for PIV Authentication][/C=SE/ST=Sweden/O=SSSD Intermediate/CN=tuser/emailAddress=tu...@ipa.test] (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [do_ocsp] (0x4000): Using OCSP URL [http://localhost:]. (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [do_ocsp] (0x4000): Nonce in OCSP response is the same as the one used in the request. (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [do_ocsp] (0x0020): OCSP check failed with [1][revoked]. (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [do_ocsp] (0x0020): Certificate is revoked [-1][(UNKNOWN)]. (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [do_verification] (0x0040): do_ocsp failed. (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [read_certs] (0x0040): Certificate [Certificate for PIV Authentication][/C=SE/ST=Sweden/O=SSSD Intermediate/CN=tuser/emailAddress=tu...@ipa.test] not valid, skipping ``` This was with an openssl ocsp and: ``` certificate_verification=ocsp_default_responder=http://localhost: ``` """ See the full comment at https://github.com/SSSD/sssd/pull/837#issuecomment-516857056 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#856][comment] pam_sss: Add missing colon to the PIN prompt
URL: https://github.com/SSSD/sssd/pull/856 Title: #856: pam_sss: Add missing colon to the PIN prompt sumit-bose commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/856#issuecomment-516793690 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#856][opened] pam_sss: Add missing colon to the PIN prompt
URL: https://github.com/SSSD/sssd/pull/856 Author: Jakuje Title: #856: pam_sss: Add missing colon to the PIN prompt Action: opened PR body: """ This can be noticed in the sudo prompt, when the system is configured to authenticate users using smart cards. Resolves: Pagure#4049 [1] [1] https://pagure.io/SSSD/sssd/issue/4049 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/856/head:pr856 git checkout pr856 From 69888fa407e57a7ea0962bf6a5800a216503bd61 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 31 Jul 2019 12:20:42 +0200 Subject: [PATCH] pam_sss: Add missing colon to the PIN prompt This can be noticed in the sudo prompt, when the system is configured to authenticate users using smart cards. Resolves: Pagure#4049 Signed-off-by: Jakub Jelen --- src/sss_client/pam_sss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 6bcda23da5..cfd3e3731d 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -1609,7 +1609,7 @@ static int prompt_2fa_single(pam_handle_t *pamh, struct pam_items *pi, return PAM_SUCCESS; } -#define SC_PROMPT_FMT "PIN for %s" +#define SC_PROMPT_FMT "PIN for %s: " #ifndef discard_const #define discard_const(ptr) ((void *)((uintptr_t)(ptr))) ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#856][comment] pam_sss: Add missing colon to the PIN prompt
URL: https://github.com/SSSD/sssd/pull/856 Title: #856: pam_sss: Add missing colon to the PIN prompt centos-ci commented: """ Can one of the admins verify this patch? """ See the full comment at https://github.com/SSSD/sssd/pull/856#issuecomment-516791345 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][comment] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in jhrozek commented: """ I don't know if it's easy or possible but wouldn't it be better to amend the config API to internally synthetize the provider values, but does not write them to the config file? Otherwise I'm sure we will forget when another provider is added.. """ See the full comment at https://github.com/SSSD/sssd/pull/851#issuecomment-516767396 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#841][+Changes requested] DEBUG: Add debug to display ldapsearch requests
URL: https://github.com/SSSD/sssd/pull/841 Title: #841: DEBUG: Add debug to display ldapsearch requests Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#841][comment] DEBUG: Add debug to display ldapsearch requests
URL: https://github.com/SSSD/sssd/pull/841 Title: #841: DEBUG: Add debug to display ldapsearch requests jhrozek commented: """ The code looks OK. I haven't tried it, but looks simple enough. But most importantly, it is not enough to resolve the issue, I think. What the original reporter asked for was a way to filter only these messages. And we can either add a special debug level, but wouldn't it be even better to add systemtap messages? See commits like d46d59e78600aa72176df7217c94743b7e71881a 1182dd93a5a6bb18943284273f7fd59b83468843 and f199c749197532fd3380fa6f5d9f7a579879c21a to see how we added some generic instrumentation to the DP.. """ See the full comment at https://github.com/SSSD/sssd/pull/841#issuecomment-516766392 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#847][comment] systemd: add Restart=on-failure to sssd.service
URL: https://github.com/SSSD/sssd/pull/847 Title: #847: systemd: add Restart=on-failure to sssd.service jhrozek commented: """ ACK, tested by sending SIGV to the main sssd process, systemd spawned another one. """ See the full comment at https://github.com/SSSD/sssd/pull/847#issuecomment-516762769 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#636][-Changes requested] failover: tune up default timeouts
URL: https://github.com/SSSD/sssd/pull/636 Title: #636: failover: tune up default timeouts Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#636][comment] failover: tune up default timeouts
URL: https://github.com/SSSD/sssd/pull/636 Title: #636: failover: tune up default timeouts pbrezina commented: """ It should be fixed now. """ See the full comment at https://github.com/SSSD/sssd/pull/636#issuecomment-516762783 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#847][+Accepted] systemd: add Restart=on-failure to sssd.service
URL: https://github.com/SSSD/sssd/pull/847 Title: #847: systemd: add Restart=on-failure to sssd.service Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#636][synchronized] failover: tune up default timeouts
URL: https://github.com/SSSD/sssd/pull/636 Author: pbrezina Title: #636: failover: tune up default timeouts Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/636/head:pr636 git checkout pr636 From 77236ad720a8ce4208fe284f7756789f79d06e90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 11 Jun 2019 13:49:13 +0200 Subject: [PATCH 1/5] man: fix description of dns_resolver_op_timeout --- src/man/include/failover.xml | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/man/include/failover.xml b/src/man/include/failover.xml index cd6fd4d798..11ff86a388 100644 --- a/src/man/include/failover.xml +++ b/src/man/include/failover.xml @@ -77,7 +77,13 @@ -How long would SSSD talk to a single DNS server. +Time in seconds to tell how long would SSSD try +to resolve single DNS query (e.g. resolution of a +hostname or an SRV record) before trying the next +hostname or discovery domain. + + +Default: 6 From c6b7ac5fd855a655f0363d4a27ad877de9d1e9ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 11 Jun 2019 13:49:33 +0200 Subject: [PATCH 2/5] man: fix description of dns_resolver_timeout --- src/man/include/failover.xml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/man/include/failover.xml b/src/man/include/failover.xml index 11ff86a388..7b451d8315 100644 --- a/src/man/include/failover.xml +++ b/src/man/include/failover.xml @@ -98,6 +98,9 @@ include several steps, such as resolving DNS SRV queries or locating the site. + +Default: 6 + From d2626347e7674356fc8500cf2c5ef421f096c133 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 11 Jun 2019 13:37:23 +0200 Subject: [PATCH 3/5] failover: add dns_resolver_server_timeout option --- src/config/SSSDConfig/__init__.py.in | 1 + src/config/SSSDConfigTest.py | 2 ++ src/config/cfg_rules.ini | 1 + src/config/etc/sssd.api.conf | 1 + src/man/include/failover.xml | 17 - src/providers/data_provider.h| 1 + src/providers/data_provider_fo.c | 3 +++ src/resolv/async_resolv.c| 10 ++ src/resolv/async_resolv.h| 2 +- src/tests/cmocka/test_fo_srv.c | 4 ++-- src/tests/cmocka/test_resolv_fake.c | 2 +- src/tests/fail_over-tests.c | 2 +- src/tests/resolv-tests.c | 2 +- 13 files changed, 37 insertions(+), 11 deletions(-) diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 9642fe6baf..2d1214e16b 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -171,6 +171,7 @@ option_strings = { 'entry_cache_timeout' : _('Entry cache timeout length (seconds)'), 'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'), 'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'), +'dns_resolver_server_timeout' : _('How long should SSSD talk to single DNS server before trying next server (miliseconds)'), 'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'), 'dns_discovery_domain' : _('The domain part of service discovery DNS query'), 'override_gid' : _('Override GID value from the identity provider with this value'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 727df71abf..82b1a97008 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -606,6 +606,7 @@ def testListOptions(self): 'refresh_expired_interval', 'lookup_family_order', 'account_cache_expiration', +'dns_resolver_server_timeout', 'dns_resolver_timeout', 'dns_discovery_domain', 'dyndns_update', @@ -976,6 +977,7 @@ def testRemoveProvider(self): 'refresh_expired_interval', 'account_cache_expiration', 'lookup_family_order', +'dns_resolver_server_timeout', 'dns_resolver_timeout', 'dns_discovery_domain', 'dyndns_update', diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 929e6149a7..a2efb3a677 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini
[SSSD] [sssd PR#853][comment] DYNDNS: dyndns_update is not enough
URL: https://github.com/SSSD/sssd/pull/853 Title: #853: DYNDNS: dyndns_update is not enough pbrezina commented: """ Ack. """ See the full comment at https://github.com/SSSD/sssd/pull/853#issuecomment-516754770 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#853][+Accepted] DYNDNS: dyndns_update is not enough
URL: https://github.com/SSSD/sssd/pull/853 Title: #853: DYNDNS: dyndns_update is not enough Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#705][comment] KCM: Add configurable quotas
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas jhrozek commented: """ Now some pep8 errors found by CI were fixed. """ See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-516752179 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#705][synchronized] KCM: Add configurable quotas
URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705 From 7584b16dd738a982595519354d24417a66a86810 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 5 Oct 2018 13:17:14 +0200 Subject: [PATCH 1/7] MAN: Get rid of sssd-secrets reference Related: https://pagure.io/SSSD/sssd/issue/3685 There were some stray references to the secrets responder in the sssd-kcm manual page. --- src/man/sssd-kcm.8.xml | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml index fff8b0a16d..90b9ad09c2 100644 --- a/src/man/sssd-kcm.8.xml +++ b/src/man/sssd-kcm.8.xml @@ -58,11 +58,9 @@ -the SSSD implementation stores the ccaches in the SSSD - -sssd-secrets5 - -secrets store, allowing the ccaches to survive KCM server restarts or machine reboots. +the SSSD implementation stores the ccaches in a database, +typically located at /var/lib/sss/secrets +allowing the ccaches to survive KCM server restarts or machine reboots. From db7863552729e39fe180304783f5750473b9f565 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 30 Nov 2018 13:15:58 +0100 Subject: [PATCH 2/7] MAN: Document that it is enough to systemctl restart sssd-kcm.service lately Related: https://pagure.io/SSSD/sssd/issue/3862 We forgot to amend the man page after implementing the sssd-kcm service reload. --- src/man/sssd-kcm.8.xml | 17 +++-- 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml index 90b9ad09c2..4e4aaa38ea 100644 --- a/src/man/sssd-kcm.8.xml +++ b/src/man/sssd-kcm.8.xml @@ -162,12 +162,17 @@ systemctl restart sssd-kcm.service CONFIGURATION OPTIONS The KCM service is configured in the kcm -section of the sssd.conf file. Please note that currently, -is it not sufficient to restart the sssd-kcm service, because -the sssd configuration is only parsed and read to an internal -configuration database by the sssd service. Therefore you -must restart the sssd service if you change anything in the -kcm section of sssd.conf. +section of the sssd.conf file. Please note that because +the KCM service is typically socket-activated, it is +enough to just restart the sssd-kcm service +after changing options in the kcm section +of sssd.conf: + +systemctl restart sssd-kcm.service + + + +The KCM service is configured in the kcm For a detailed syntax reference, refer to the FILE FORMAT section of the sssd.conf From c08eeb1e1320b197532a777042a3917825f99b40 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 26 Nov 2018 13:44:08 +0100 Subject: [PATCH 3/7] SECRETS: Use different option names from secrets and KCM for quota options Related: https://pagure.io/SSSD/sssd/issue/3386 With the separate secrets responder, the quotas for the /secrets and /kcm hives were configurable in a sub-section of the [secrets] sssd.conf section using the same option -- the /secrets vs. /kcm distinction was made using the subsection name. With the standalone KCM responder writing directly to the database, it makes sense to have options with more descriptive names better suitable for the KCM usage. For that we need the options for secrets quotas and kcm quotas to be named differently. For now, the patch only passes the option name to sss_sec_get_quota() and sss_sec_get_hive_config() together with the default value in an instance of a new structure sss_sec_quota_opt. The secrets responder still uses the same option names for backwards compatibility. --- src/responder/secrets/secsrv.c | 70 ++ src/util/secrets/config.c | 40 +-- src/util/secrets/secrets.h | 21 ++ 3 files changed, 88 insertions(+), 43 deletions(-) diff --git a/src/responder/secrets/secsrv.c b/src/responder/secrets/secsrv.c index 2de93dedc5..e783e231d3 100644 --- a/src/responder/secrets/secsrv.c +++ b/src/responder/secrets/secsrv.c @@ -47,6 +47,39 @@ static void adjust_global_quota(struct sec_ctx *sctx, static int sec_get_config(struct sec_ctx *sctx) { int ret; +struct sss_sec_quota_opt dfl_sec_nest_level = { +.opt_name = CONFDB_SEC_CONTAINERS_NEST_LEVEL, +.default_value = DEFAULT_SEC_CONTAINERS_NEST_LEVEL, +}; +st
[SSSD] [sssd PR#855][+Accepted] nss: Fix command 'endservent' resetting wrong struct member
URL: https://github.com/SSSD/sssd/pull/855 Title: #855: nss: Fix command 'endservent' resetting wrong struct member Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][comment] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in pbrezina commented: """ When we are touching the code, I believe also `subdomains_provider` is missing. Also most of the providers defaults to `id_provider`, few have other defaults so I think it should be handled here as well. Please, see `man sssd.conf` for `*_provider` options and add what is missing. """ See the full comment at https://github.com/SSSD/sssd/pull/851#issuecomment-516750056 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org