Re: [SSSD] krb5 ticket renewal via gnome-screensaver not working

On Tue, Nov 10, 2009 at 11:36:45PM -0500, Brian J. Murrell wrote: > On Mon, 2009-11-09 at 21:19 +0100, Sumit Bose wrote: > > > > Does this mean you are still seeing [Credentials cache I/O operation > > failed XXX] in krb5_child.log? > > No. I am seeing nothing new at all in the krb5_child.log w

Re: [SSSD] Re integration of SSSD config into authconfig

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/11/2009 01:23 AM, David O'Brien wrote: > Stephen, > > Re Ticket #46: Integrate SSSD configuration into authconfig > > How can I check this out (in the "have a look" sense, not the "check out > of repository" sense)? I remember reading something

Re: [SSSD] wildcard chars for sssd.conf?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/11/2009 01:26 AM, David O'Brien wrote: > from IRC when everyone was sleeping ;-) > > davido [Mon 18:28] is there such a thing as a wildcard character that > works in /etc/sssd/sssd.conf ? > davido [Mon 18:29] I tried filter_groups = * to see i

Re: [SSSD] krb5 ticket renewal via gnome-screensaver not working

On Wed, 2009-11-11 at 09:35 +0100, Sumit Bose wrote: > On Tue, Nov 10, 2009 at 11:36:45PM -0500, Brian J. Murrell wrote: > > On Mon, 2009-11-09 at 21:19 +0100, Sumit Bose wrote: > > > > > > Does this mean you are still seeing [Credentials cache I/O operation > > > failed XXX] in krb5_child.log? >

Re: [SSSD] [PATCH] Fix inconsistent use of krb5_ccname_template

On Wed, 2009-11-11 at 08:45 +0100, Sumit Bose wrote: > Hi, > > this patch should fix #270, krb5_ccname_template vs krb5_ccname_tmpl. ack Simo. -- Simo Sorce * Red Hat, Inc * New York ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org http

[SSSD] [PATCH] Fixes for proxy provider

Hi, this patch fixes a bug in the procy provider and makes proxy_pam_target a mandatory option, because we do not ship a matching pam configuration for the old default. bye, Sumit >From d5e97eca44bca580189f9bfd5371937c22d397a3 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 11 Nov 2009 15:1

Re: [SSSD] [PATCH] Fixes for proxy provider

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/11/2009 09:22 AM, Sumit Bose wrote: > Hi, > > this patch fixes a bug in the procy provider and makes > proxy_pam_target a mandatory option, because we do not ship a matching > pam configuration for the old default. > > bye, > Sumit > > > > _

[SSSD] [PATCH] found a double free while testing rawhide

abrtd in rawhide is quite handy, it catches segfaulted apps and dumps the core and other accessory info in a directory for the admin to see. Here it is a fix for a segfault I found on one of my test systems. Simo. -- Simo Sorce * Red Hat, Inc * New York >From 092766d510cff6a242bfe7d1202e14c35d1

Re: [SSSD] [PATCH] found a double free while testing rawhide

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/11/2009 10:07 AM, Simo Sorce wrote: > abrtd in rawhide is quite handy, it catches segfaulted apps and dumps > the core and other accessory info in a directory for the admin to see. > > Here it is a fix for a segfault I found on one of my test sy

Re: [SSSD] [PATCH] Fixes for proxy provider

On Wed, Nov 11, 2009 at 09:55:25AM -0500, Stephen Gallagher wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 11/11/2009 09:22 AM, Sumit Bose wrote: > > Hi, > > > > this patch fixes a bug in the procy provider and makes > > proxy_pam_target a mandatory option, because we do not ship

Re: [SSSD] [PATCH] Fixes for proxy provider

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/11/2009 09:22 AM, Sumit Bose wrote: > Hi, > > this patch fixes a bug in the procy provider and makes > proxy_pam_target a mandatory option, because we do not ship a matching > pam configuration for the old default. > > bye, > Sumit > > > > _

[SSSD] [PATCH] rework check_cache()

Today I stumbled on check_cache while working on the initgroups caching. It took a long discussion on IRC with Steven to find out exactly how it behaved, and we found a bug in it. Given the complexity I decide to refactor it so that hopefully it will be clearer and will not require arguing over it

Re: [SSSD] wildcard chars for sssd.conf?

Stephen Gallagher wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 11/11/2009 01:26 AM, David O'Brien wrote: >> from IRC when everyone was sleeping ;-) >> >> davido [Mon 18:28] is there such a thing as a wildcard character that >> works in /etc/sssd/sssd.conf ? >> davido [Mon 18:2

[SSSD] [PATCH] Make 'permit' the default for the access target

Hi, this patch make 'permit' the default for the access target. This means that access_provider has to be set explicitly if a specific provider should be used, e.g. access_provider=ipa. bye, Sumit >From ee3ff411494c7bae1158b7baef1adc24ebdbe342 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed,

Re: [SSSD] krb5 ticket renewal via gnome-screensaver not working

On Wed, 2009-11-11 at 09:35 +0100, Sumit Bose wrote: > > ah, sorry, I misinterpreted your original post. I thought a ccache file > wasn't created at all when using gnome-screensaver. No, you didn't mis-interpret I don't think. Here's what happened: 1. Logged into gnome, got a ccache file

Re: [SSSD] krb5 ticket renewal via gnome-screensaver not working

On Wed, 2009-11-11 at 17:27 -0500, Brian J. Murrell wrote: > > If > > you want to renew the TGT with every authentication you have to use > a > > per-user unique ccache file, e.g. FILE:%d/krb5cc_%U. > > I don't think so. I think even a per-login-session ccache file that > will be created by a gno

Re: [SSSD] [PATCH] rework check_cache()

On Wed, 2009-11-11 at 13:55 -0500, Simo Sorce wrote: > Today I stumbled on check_cache while working on the initgroups caching. > It took a long discussion on IRC with Steven to find out exactly how it > behaved, and we found a bug in it. > > Given the complexity I decide to refactor it so that ho

[SSSD] Where do groups get created?

Demonstrating ignorance again... I have a very simple sssd implementation, only one local domain. I have nsswitch.conf configured with passwd sss group sss I can do sss_useradd, sss_groupadd, etc., and all works fine. I can do getent -s sss group|passwd and see what's going on. What happens

Re: [SSSD] Where do groups get created?

On Thu, 2009-11-12 at 11:28 +1000, David O'Brien wrote: > Demonstrating ignorance again... > > I have a very simple sssd implementation, only one local domain. > > I have nsswitch.conf configured with > passwd sss > group sss > > I can do sss_useradd, sss_groupadd, etc., and all works fine.

[SSSD] [PATCH] better var name

Comment in patch says all. Simo. -- Simo Sorce * Red Hat, Inc * New York >From cf01eae6e4518c1abdd75c37b0796d468e76eaa5 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 11 Nov 2009 20:44:23 -0500 Subject: [PATCH] Change var name to make its use more clear. Change memctx to make clear it sh

[SSSD] [PATCH] Cache initgroup calls and use them in pam responder

These patches improve the initgroups call. Previously any call to initgroups would go on the wire, now we cache initgroups calls the same way we do for other "queries". 0001 Adds initgroups caching (depends on check_cache patch sent earlier) This patch also simplifies the initgroups call. All back

Re: [SSSD] Where do groups get created?

Simo Sorce wrote: > On Thu, 2009-11-12 at 11:28 +1000, David O'Brien wrote: >> Demonstrating ignorance again... >> >> I have a very simple sssd implementation, only one local domain. >> >> I have nsswitch.conf configured with >> passwd sss >> group sss >> >> I can do sss_useradd, sss_groupadd,