[SSSD] [sssd PR#5284][closed] Remove leftover ccache from SSH credentials delegation
URL: https://github.com/SSSD/sssd/pull/5284 Author: justin-stephenson Title: #5284: Remove leftover ccache from SSH credentials delegation Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5284/head:pr5284 git checkout pr5284 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5284][comment] Remove leftover ccache from SSH credentials delegation
URL: https://github.com/SSSD/sssd/pull/5284 Title: #5284: Remove leftover ccache from SSH credentials delegation justin-stephenson commented: """ Sounds good to me, thanks again for the input - closing this one. """ See the full comment at https://github.com/SSSD/sssd/pull/5284#issuecomment-678425572 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5284][comment] Remove leftover ccache from SSH credentials delegation
URL: https://github.com/SSSD/sssd/pull/5284 Title: #5284: Remove leftover ccache from SSH credentials delegation simo5 commented: """ @justin-stephenson first of all I'd like to thank you for this PR as it raised very interesting questions and aspects that evidently had not been though through enough. At this poj tI think the only way to move forward is to first write down what is the behavior we need to employ exactly, from the pov of KCM, regardless of what client process is calling in. After that, as much as possible we should write tests that expect the agreed on behavior. And finally change code accordingly making sure test do not break. I feel like proceeding w/o these steps would be stumbling in the dark and creating a semantic quagmire that will require endless course correction. """ See the full comment at https://github.com/SSSD/sssd/pull/5284#issuecomment-678362457 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5178][comment] ldap: add new option ldap_library_debug_level
URL: https://github.com/SSSD/sssd/pull/5178 Title: #5178: ldap: add new option ldap_library_debug_level alexey-tikhonov commented: """ > as I said I'd prefer to use a separate option for this because in more or > less all cases this debug output is not needed and -1 is very verbose. So I > think `"yet another one knob only few developers will be aware of"` is > completely find here because it should be only used if there are strong > indications that something is wrong on the libldap level. Ok. """ See the full comment at https://github.com/SSSD/sssd/pull/5178#issuecomment-678344292 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5262][synchronized] DN with white spaces
URL: https://github.com/SSSD/sssd/pull/5262 Author: elkoniu Title: #5262: DN with white spaces Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5262/head:pr5262 git checkout pr5262 From 882307cdc1b596ba0cc346a0001f4fc014818d82 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Fri, 31 Jul 2020 11:12:02 +0200 Subject: [PATCH 1/5] UTIL: DN sanitization Some of the ldap servers returns DN in attributes such as isMemberOf with spaces like dc=example, dc=com. That should be fine and we should ignore them (cut them out) instead of escaping. Resolves: https://github.com/SSSD/sssd/issues/5261 --- src/tests/cmocka/test_utils.c | 70 +++ src/util/util.h | 20 ++ src/util/util_ext.c | 126 ++ 3 files changed, 216 insertions(+) diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c index c5eda4dd26..92ca783d9f 100644 --- a/src/tests/cmocka/test_utils.c +++ b/src/tests/cmocka/test_utils.c @@ -1955,6 +1955,73 @@ static void test_sss_get_domain_mappings_content(void **state) * capaths might not be as expected. */ } + +static void test_sss_filter_sanitize_dn(void **state) +{ +TALLOC_CTX *tmp_ctx; +char *trimmed; +int ret; +const char *DN = "cn=user,ou=people,dc=example,dc=com"; + +tmp_ctx = talloc_new(NULL); +assert_non_null(tmp_ctx); + +/* test that we remove spaces around '=' and ','*/ +ret = sss_filter_sanitize_dn(tmp_ctx, DN, &trimmed); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +ret = sss_filter_sanitize_dn(tmp_ctx, "cn=user,ou=people,dc=example,dc=com", &trimmed); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +ret = sss_filter_sanitize_dn(tmp_ctx, "cn= user,ou =people,dc = example,dc = com", &trimmed); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +ret = sss_filter_sanitize_dn(tmp_ctx, "cn=user, ou=people ,dc=example , dc=com", &trimmed); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +ret = sss_filter_sanitize_dn(tmp_ctx, "cn=user, ou=people ,dc=example , dc=com", &trimmed); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +ret = sss_filter_sanitize_dn(tmp_ctx, "cn= user, ou =people ,dc = example , dc = com", &trimmed); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +ret = sss_filter_sanitize_dn(tmp_ctx, " cn=user,ou=people,dc=example,dc=com ", &trimmed); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +ret = sss_filter_sanitize_dn(tmp_ctx, " cn=user, ou=people, dc=example, dc=com ", &trimmed); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +/* test that we keep spaces inside a value */ +ret = sss_filter_sanitize_dn(tmp_ctx, "cn = user one, ou=people branch, dc=example, dc=com", &trimmed); +assert_int_equal(ret, EOK); +assert_string_equal("cn=user\\20one,ou=people\\20\\20branch,dc=example,dc=com", trimmed); +talloc_free(trimmed); + +/* test that we keep escape special chars like () */ +ret = sss_filter_sanitize_dn(tmp_ctx, "cn = user one, ou=p(e)ople, dc=example, dc=com", &trimmed); +assert_int_equal(ret, EOK); +assert_string_equal("cn=user\\20one,ou=p\\28e\\29ople,dc=example,dc=com", trimmed); +talloc_free(trimmed); + +talloc_free(tmp_ctx); +} + int main(int argc, const char *argv[]) { poptContext pc; @@ -2064,6 +2131,9 @@ int main(int argc, const char *argv[]) cmocka_unit_test_setup_teardown(test_sss_ptr_hash_without_cb, setup_leak_tests, teardown_leak_tests), +cmocka_unit_test_setup_teardown(test_sss_filter_sanitize_dn, +setup_leak_tests, +teardown_leak_tests), }; /* Set debug level to invalid value so we can decide if -d 0 was used. */ diff --git a/src/util/util.h b/src/util/util.h index d538e0674d..aa9bf97d4c 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -478,6 +478,26 @@ errno_t sss_filter_sanitize_for_dom(TALLOC_CTX *mem_ctx, char **sanitized, char **lc_sanitized); +/* Sanitize an input string (e.g. a DN) for use in + * an LDAP/LDB filter + * + * It is basically the same as sss_filter_sanitize(_ex), + * just extra spaces inside DN around '=' and ',' are removed + * before sanitizing other characters . According the documentation + * spaces in DN are allowed and some ldap servers can return them + * in i
[SSSD] [sssd PR#5288][comment] KCM: Increase client idle timeout to 5 minutes
URL: https://github.com/SSSD/sssd/pull/5288 Title: #5288: KCM: Increase client idle timeout to 5 minutes justin-stephenson commented: """ Updated. I wasn't sure how to use a sssd.conf format similar to `Default: 7 (Kerberos), 0 (LDAP)` for this case so I used `Default: 60, KCM: 300`. I don't mind changing it if there is a better way however. """ See the full comment at https://github.com/SSSD/sssd/pull/5288#issuecomment-678310975 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5288][synchronized] KCM: Increase client idle timeout to 5 minutes
URL: https://github.com/SSSD/sssd/pull/5288 Author: justin-stephenson Title: #5288: KCM: Increase client idle timeout to 5 minutes Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5288/head:pr5288 git checkout pr5288 From b4ebfe10fc7e3f77f688c917017ebc4e44cdf1a9 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Thu, 20 Aug 2020 15:35:34 -0400 Subject: [PATCH] KCM: Increase client idle timeout to 5 minutes Increase the default timeout to allow time for user interaction on the command-line with kinit. Resolves: https://github.com/SSSD/sssd/issues/4829 --- src/man/sssd-kcm.8.xml | 4 src/man/sssd.conf.5.xml | 2 +- src/responder/kcm/kcm.c | 3 ++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml index 2f66e56a4a..022a74ba09 100644 --- a/src/man/sssd-kcm.8.xml +++ b/src/man/sssd-kcm.8.xml @@ -68,6 +68,10 @@ cache, yet share the credential cache between some or no containers by bind-mounting the socket. + +The KCM default client idle timeout is 5 minutes, this allows +more time for user interaction with command line tools such as kinit. + diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 874a09c494..a86d95a72d 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -756,7 +756,7 @@ will be adjusted to 10 seconds. -Default: 60 +Default: 60, KCM: 300 diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c index 4371affef4..35c6091ada 100644 --- a/src/responder/kcm/kcm.c +++ b/src/responder/kcm/kcm.c @@ -31,6 +31,7 @@ #include "util/sss_krb5.h" #define DEFAULT_KCM_FD_LIMIT 2048 +#define DEFAULT_KCM_CLI_IDLE_TIMEOUT 300 #ifndef SSS_KCM_SOCKET_NAME #define SSS_KCM_SOCKET_NAME DEFAULT_KCM_SOCKET_PATH @@ -101,7 +102,7 @@ static int kcm_get_config(struct kcm_ctx *kctx) ret = confdb_get_int(kctx->rctx->cdb, kctx->rctx->confdb_service_path, CONFDB_RESPONDER_CLI_IDLE_TIMEOUT, - CONFDB_RESPONDER_CLI_IDLE_DEFAULT_TIMEOUT, + DEFAULT_KCM_CLI_IDLE_TIMEOUT, &kctx->rctx->client_idle_timeout); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5288][synchronized] KCM: Increase client idle timeout to 5 minutes
URL: https://github.com/SSSD/sssd/pull/5288 Author: justin-stephenson Title: #5288: KCM: Increase client idle timeout to 5 minutes Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5288/head:pr5288 git checkout pr5288 From 68096f25c8c48e89198a825dfa3a9a57e7b5a1c7 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Thu, 20 Aug 2020 15:35:34 -0400 Subject: [PATCH] KCM: Increase client idle timeout to 5 minutes Increase the default timeout to allow time for user interaction on the command-line with kinit. --- src/man/sssd-kcm.8.xml | 4 src/man/sssd.conf.5.xml | 2 +- src/responder/kcm/kcm.c | 3 ++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml index 2f66e56a4a..022a74ba09 100644 --- a/src/man/sssd-kcm.8.xml +++ b/src/man/sssd-kcm.8.xml @@ -68,6 +68,10 @@ cache, yet share the credential cache between some or no containers by bind-mounting the socket. + +The KCM default client idle timeout is 5 minutes, this allows +more time for user interaction with command line tools such as kinit. + diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 874a09c494..a86d95a72d 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -756,7 +756,7 @@ will be adjusted to 10 seconds. -Default: 60 +Default: 60, KCM: 300 diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c index 4371affef4..35c6091ada 100644 --- a/src/responder/kcm/kcm.c +++ b/src/responder/kcm/kcm.c @@ -31,6 +31,7 @@ #include "util/sss_krb5.h" #define DEFAULT_KCM_FD_LIMIT 2048 +#define DEFAULT_KCM_CLI_IDLE_TIMEOUT 300 #ifndef SSS_KCM_SOCKET_NAME #define SSS_KCM_SOCKET_NAME DEFAULT_KCM_SOCKET_PATH @@ -101,7 +102,7 @@ static int kcm_get_config(struct kcm_ctx *kctx) ret = confdb_get_int(kctx->rctx->cdb, kctx->rctx->confdb_service_path, CONFDB_RESPONDER_CLI_IDLE_TIMEOUT, - CONFDB_RESPONDER_CLI_IDLE_DEFAULT_TIMEOUT, + DEFAULT_KCM_CLI_IDLE_TIMEOUT, &kctx->rctx->client_idle_timeout); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5241][comment] GPO: respect ad_gpo_implicit_deny when evaluation rules
URL: https://github.com/SSSD/sssd/pull/5241 Title: #5241: GPO: respect ad_gpo_implicit_deny when evaluation rules sumit-bose commented: """ > I can't reproduce this. I have two users 1) Administrator, 2) vagrant. I > allow access to the Administrator. Administrator is allowed to login as > expected, vagrant is not able to login either way regardless on the option > settings because an applicable gpo is found and the user is not explicitly > allowed. Hi, the issue happens when there is no allow rule, i.e. RemoteInteractiveLogonRight is empty. bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/5241#issuecomment-678307489 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5288][comment] KCM: Increase client idle timeout to 5 minutes
URL: https://github.com/SSSD/sssd/pull/5288 Title: #5288: KCM: Increase client idle timeout to 5 minutes pbrezina commented: """ Ok, can you add the url to the end of commit message: ``` Resolves: https://github.com/SSSD/sssd/issues/4829 ``` And can you also update the description of client_idle_timeout for the kcm default? """ See the full comment at https://github.com/SSSD/sssd/pull/5288#issuecomment-678297794 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5178][comment] ldap: add new option ldap_library_debug_level
URL: https://github.com/SSSD/sssd/pull/5178 Title: #5178: ldap: add new option ldap_library_debug_level sumit-bose commented: """ Hi, as I said I'd prefer to use a separate option for this because in more or less all cases this debug output is not needed and -1 is very verbose. So I think `"yet another one knob only few developers will be aware of"` is completely find here because it should be only used if there are strong indications that something is wrong on the libldap level. bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/5178#issuecomment-678295717 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5241][comment] GPO: respect ad_gpo_implicit_deny when evaluation rules
URL: https://github.com/SSSD/sssd/pull/5241 Title: #5241: GPO: respect ad_gpo_implicit_deny when evaluation rules pbrezina commented: """ I can't reproduce this. I have two users 1) Administrator, 2) vagrant. I allow access to the Administrator. Administrator is allowed to login as expected, vagrant is not able to login either way regardless on the option settings because an applicable gpo is found and the user is not explicitly allowed. ``` (2020-08-21 15:36:40): [be[ad.vm]] [sysdb_gpo_store_gpo_result_setting] (0x0400): Storing setting: key [SeRemoteInteractiveLogonRight] value [*S-1-5-21-433998187-2822908608-1404606238-500] (2020-08-21 15:36:40): [be[ad.vm]] [sysdb_gpo_get_gpo_result_setting] (0x0400): key [SeRemoteInteractiveLogonRight] value [*S-1-5-21-433998187-2822908608-1404606238-500] (2020-08-21 15:36:40): [be[ad.vm]] [sysdb_gpo_get_gpo_result_setting] (0x0400): key [SeDenyRemoteInteractiveLogonRight] value [(null)] (2020-08-21 15:36:40): [be[ad.vm]] [parse_policy_setting_value] (0x0400): No value for key [SeDenyRemoteInteractiveLogonRight] found in gpo result (2020-08-21 15:36:40): [be[ad.vm]] [ad_gpo_access_check] (0x0400): RESULTANT POLICY: (2020-08-21 15:36:40): [be[ad.vm]] [ad_gpo_access_check] (0x0400): gpo_map_type: Remote Interactive (2020-08-21 15:36:40): [be[ad.vm]] [ad_gpo_access_check] (0x0400): allowed_size = 1 (2020-08-21 15:36:40): [be[ad.vm]] [ad_gpo_access_check] (0x0400): allowed_sids[0] = S-1-5-21-433998187-2822908608-1404606238-500 (2020-08-21 15:36:40): [be[ad.vm]] [ad_gpo_access_check] (0x0400): denied_size = 0 (2020-08-21 15:36:40): [be[ad.vm]] [ad_gpo_access_check] (0x0400): CURRENT USER: (2020-08-21 15:36:40): [be[ad.vm]] [ad_gpo_access_check] (0x0400): user_sid = S-1-5-21-433998187-2822908608-1404606238-1000 (2020-08-21 15:36:40): [be[ad.vm]] [ad_gpo_access_check] (0x0400): group_sids[0] = S-1-5-21-433998187-2822908608-1404606238-513 (2020-08-21 15:36:40): [be[ad.vm]] [ad_gpo_access_check] (0x0400): group_sids[1] = S-1-5-11 (2020-08-21 15:36:40): [be[ad.vm]] [ad_gpo_access_check] (0x0400): POLICY DECISION: (2020-08-21 15:36:40): [be[ad.vm]] [ad_gpo_access_check] (0x0400): access_granted = 0 (2020-08-21 15:36:40): [be[ad.vm]] [ad_gpo_access_check] (0x0400): access_denied = 0 (2020-08-21 15:36:40): [be[ad.vm]] [ad_gpo_perform_hbac_processing] (0x0040): GPO access check failed: [1432158236](Host Access Denied) ``` The patch does not change the behavior. """ See the full comment at https://github.com/SSSD/sssd/pull/5241#issuecomment-678295162 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5288][comment] KCM: Increase client idle timeout to 5 minutes
URL: https://github.com/SSSD/sssd/pull/5288 Title: #5288: KCM: Increase client idle timeout to 5 minutes justin-stephenson commented: """ Thanks, updated. This is for https://github.com/SSSD/sssd/issues/4829 """ See the full comment at https://github.com/SSSD/sssd/pull/5288#issuecomment-678294183 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5288][synchronized] KCM: Increase client idle timeout to 5 minutes
URL: https://github.com/SSSD/sssd/pull/5288 Author: justin-stephenson Title: #5288: KCM: Increase client idle timeout to 5 minutes Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5288/head:pr5288 git checkout pr5288 From d00c677072e76a48689800c4a0455f577275d100 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Thu, 20 Aug 2020 15:35:34 -0400 Subject: [PATCH] KCM: Increase client idle timeout to 5 minutes Increase the default timeout to allow time for user interaction on the command-line with kinit. --- src/man/sssd-kcm.8.xml | 4 src/responder/kcm/kcm.c | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml index 2f66e56a4a..19d984ddc7 100644 --- a/src/man/sssd-kcm.8.xml +++ b/src/man/sssd-kcm.8.xml @@ -68,6 +68,10 @@ cache, yet share the credential cache between some or no containers by bind-mounting the socket. + +The KCM default client idle timeout is 5 minutes, allowing more +time for user interaction the command line. + diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c index 4371affef4..35c6091ada 100644 --- a/src/responder/kcm/kcm.c +++ b/src/responder/kcm/kcm.c @@ -31,6 +31,7 @@ #include "util/sss_krb5.h" #define DEFAULT_KCM_FD_LIMIT 2048 +#define DEFAULT_KCM_CLI_IDLE_TIMEOUT 300 #ifndef SSS_KCM_SOCKET_NAME #define SSS_KCM_SOCKET_NAME DEFAULT_KCM_SOCKET_PATH @@ -101,7 +102,7 @@ static int kcm_get_config(struct kcm_ctx *kctx) ret = confdb_get_int(kctx->rctx->cdb, kctx->rctx->confdb_service_path, CONFDB_RESPONDER_CLI_IDLE_TIMEOUT, - CONFDB_RESPONDER_CLI_IDLE_DEFAULT_TIMEOUT, + DEFAULT_KCM_CLI_IDLE_TIMEOUT, &kctx->rctx->client_idle_timeout); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5289][opened] build: Don't use AC_CHECK_FILE when building manpages
URL: https://github.com/SSSD/sssd/pull/5289 Author: jonte Title: #5289: build: Don't use AC_CHECK_FILE when building manpages Action: opened PR body: """ AC_CHECK_FILE does not support cross-compilation, and will only check the host rootfs. Replace AC_CHECK_FILE with a 'test -f ' instead, to allow building manpages when cross-compiling. Signed-off-by: Jonatan Pålsson """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5289/head:pr5289 git checkout pr5289 From d54aa109600bcd02bf72cfe64c01935890a102a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonatan=20P=C3=A5lsson?= Date: Fri, 21 Aug 2020 14:45:10 +0200 Subject: [PATCH] build: Don't use AC_CHECK_FILE when building manpages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit AC_CHECK_FILE does not support cross-compilation, and will only check the host rootfs. Replace AC_CHECK_FILE with a 'test -f ' instead, to allow building manpages when cross-compiling. Signed-off-by: Jonatan Pålsson --- src/external/docbook.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/external/docbook.m4 b/src/external/docbook.m4 index deb8632fad..acdc89a683 100644 --- a/src/external/docbook.m4 +++ b/src/external/docbook.m4 @@ -18,7 +18,7 @@ dnl Checks if the XML catalog given by FILE exists and dnl if a particular URI appears in the XML catalog AC_DEFUN([CHECK_STYLESHEET], [ - AC_CHECK_FILE($1, [], [AC_MSG_ERROR([could not find XML catalog])]) + AS_IF([test -f "$1"], [], [AC_MSG_ERROR([could not find XML catalog])]) AC_MSG_CHECKING([for ifelse([$3],,[$2],[$3]) in XML catalog]) if AC_RUN_LOG([$XSLTPROC --catalogs --nonet --noout "$2" >&2]); then ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5178][comment] ldap: add new option ldap_library_debug_level
URL: https://github.com/SSSD/sssd/pull/5178 Title: #5178: ldap: add new option ldap_library_debug_level pbrezina commented: """ I just used this patch to debug something and it works as expected. The SSSD debug level is a bitmask and the idea behind it is that you can enable or disable specific messages. So we can certainly add SSSDDBG_EXTERNAL_LDAP or something and enable -1 ldap level if this is set. But I'm fine with the option as well, especially if you think that something else then -1 (enable all) is helpful. """ See the full comment at https://github.com/SSSD/sssd/pull/5178#issuecomment-678257102 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][comment] RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction pbrezina commented: """ Does SSSD even work if the hostname or domain name is not qualified? If not then what change of behavior do you refer to? """ See the full comment at https://github.com/SSSD/sssd/pull/5245#issuecomment-678255476 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5234][+Changes requested] pam: use requested_domains to restrict cache_req searches
URL: https://github.com/SSSD/sssd/pull/5234 Title: #5234: pam: use requested_domains to restrict cache_req searches Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5246][+Changes requested] Drop support of libnss as a crypto backend
URL: https://github.com/SSSD/sssd/pull/5246 Title: #5246: Drop support of libnss as a crypto backend Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5246][-Waiting for review] Drop support of libnss as a crypto backend
URL: https://github.com/SSSD/sssd/pull/5246 Title: #5246: Drop support of libnss as a crypto backend Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5246][comment] Drop support of libnss as a crypto backend
URL: https://github.com/SSSD/sssd/pull/5246 Title: #5246: Drop support of libnss as a crypto backend pbrezina commented: """ Works as expected. There is just a left over call to `WITH_CRYPTO` macro on configure.ac. Since you removed the macro this should be removed as well. """ See the full comment at https://github.com/SSSD/sssd/pull/5246#issuecomment-678251761 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5251][comment] [wip] subdomains: allow to inherit case_sensitive=Preserving
URL: https://github.com/SSSD/sssd/pull/5251 Title: #5251: [wip] subdomains: allow to inherit case_sensitive=Preserving pbrezina commented: """ @sumit-bose bump """ See the full comment at https://github.com/SSSD/sssd/pull/5251#issuecomment-678202940 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5264][comment] Utils: White space replace with another character
URL: https://github.com/SSSD/sssd/pull/5264 Title: #5264: Utils: White space replace with another character pbrezina commented: """ I think this is not a correct solution since having the override character in name is in fact a real problem in the environment. It will either make the user unresolvable or even worse it will return different user if you have both names "user_1" and "user 1" in LDAP. I think the root cause is that this option is set globally for the whole SSSD and ssh_keys is a local user. If it is a local user then we should probably figure out if we can somehow avoid using this override for files provider. If it is an LDAP user then they need to fix it on their side. """ See the full comment at https://github.com/SSSD/sssd/pull/5264#issuecomment-678200050 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5270][comment] CONFDB: fixed compilation warning
URL: https://github.com/SSSD/sssd/pull/5270 Title: #5270: CONFDB: fixed compilation warning pbrezina commented: """ Maybe also remove initialization of ret to EINVAL? """ See the full comment at https://github.com/SSSD/sssd/pull/5270#issuecomment-678179875 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5287][comment] Got rid of ".tx" and "zanata.xml" due to migration to Weblate (1.16)
URL: https://github.com/SSSD/sssd/pull/5287 Title: #5287: Got rid of ".tx" and "zanata.xml" due to migration to Weblate (1.16) pbrezina commented: """ Thank you. Ack. """ See the full comment at https://github.com/SSSD/sssd/pull/5287#issuecomment-678156779 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5287][+Accepted] Got rid of ".tx" and "zanata.xml" due to migration to Weblate (1.16)
URL: https://github.com/SSSD/sssd/pull/5287 Title: #5287: Got rid of ".tx" and "zanata.xml" due to migration to Weblate (1.16) Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5287][+Ready to push] Got rid of ".tx" and "zanata.xml" due to migration to Weblate (1.16)
URL: https://github.com/SSSD/sssd/pull/5287 Title: #5287: Got rid of ".tx" and "zanata.xml" due to migration to Weblate (1.16) Label: +Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5288][comment] KCM: Increase client idle timeout to 5 minutes
URL: https://github.com/SSSD/sssd/pull/5288 Title: #5288: KCM: Increase client idle timeout to 5 minutes pbrezina commented: """ Thank you. I think this makes sense. Can you also update man pages? Is there any ticket for this or did you just stumble upon it? """ See the full comment at https://github.com/SSSD/sssd/pull/5288#issuecomment-678155976 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5288][+Changes requested] KCM: Increase client idle timeout to 5 minutes
URL: https://github.com/SSSD/sssd/pull/5288 Title: #5288: KCM: Increase client idle timeout to 5 minutes Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5248][+Ready to push] Enable exclude functionality in sssd session recording configuration
URL: https://github.com/SSSD/sssd/pull/5248 Title: #5248: Enable exclude functionality in sssd session recording configuration Label: +Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5248][+Accepted] Enable exclude functionality in sssd session recording configuration
URL: https://github.com/SSSD/sssd/pull/5248 Title: #5248: Enable exclude functionality in sssd session recording configuration Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5248][comment] Enable exclude functionality in sssd session recording configuration
URL: https://github.com/SSSD/sssd/pull/5248 Title: #5248: Enable exclude functionality in sssd session recording configuration pbrezina commented: """ Ack. Thank you. """ See the full comment at https://github.com/SSSD/sssd/pull/5248#issuecomment-678148956 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5280][comment] p11_child: switch default ocsp_dgst to sha1
URL: https://github.com/SSSD/sssd/pull/5280 Title: #5280: p11_child: switch default ocsp_dgst to sha1 pbrezina commented: """ Pushed PR: https://github.com/SSSD/sssd/pull/5280 * `master` * 10366b4ee8c01ea20d908102e92d52fdeda168c3 - p11_child: switch default ocsp_dgst to sha1 """ See the full comment at https://github.com/SSSD/sssd/pull/5280#issuecomment-678123991 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5280][-Accepted] p11_child: switch default ocsp_dgst to sha1
URL: https://github.com/SSSD/sssd/pull/5280 Title: #5280: p11_child: switch default ocsp_dgst to sha1 Label: -Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5280][-Ready to push] p11_child: switch default ocsp_dgst to sha1
URL: https://github.com/SSSD/sssd/pull/5280 Title: #5280: p11_child: switch default ocsp_dgst to sha1 Label: -Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5280][+Pushed] p11_child: switch default ocsp_dgst to sha1
URL: https://github.com/SSSD/sssd/pull/5280 Title: #5280: p11_child: switch default ocsp_dgst to sha1 Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5280][closed] p11_child: switch default ocsp_dgst to sha1
URL: https://github.com/SSSD/sssd/pull/5280 Author: alexey-tikhonov Title: #5280: p11_child: switch default ocsp_dgst to sha1 Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5280/head:pr5280 git checkout pr5280 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5280][+Ready to push] p11_child: switch default ocsp_dgst to sha1
URL: https://github.com/SSSD/sssd/pull/5280 Title: #5280: p11_child: switch default ocsp_dgst to sha1 Label: +Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5284][comment] Remove leftover ccache from SSH credentials delegation
URL: https://github.com/SSSD/sssd/pull/5284 Title: #5284: Remove leftover ccache from SSH credentials delegation alexey-tikhonov commented: """ > A question also occurred to me, is there any concurrency issue with this > process? > What happens if two ssh connections are initiated simultaneously by the same > user ? > Could they end up trying to delete each other ccaches once both sshd workers > end up concurrently calling into sssd-kcm ? Not KCM, but somewhat relevant case: https://bugzilla.redhat.com/show_bug.cgi?id=1828270 """ See the full comment at https://github.com/SSSD/sssd/pull/5284#issuecomment-678102952 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org