Re: [SSSD] How to handle kdcinfo when offline

2010-05-11 Thread Eugene Indenbom
On 05/12/2010 12:19 AM, Stephen Gallagher wrote: > Simo and I had a long discussion on IRC today regarding how to handle > the kdcinfo and kpasswdinfo files for the Kerberos locator plugin. > > The basic problem is this: our recent changes made it so that when we > shut down the SSSD, we remove the

Re: [SSSD] Configuring SSSD

2010-05-11 Thread Stjepan Gros
On Thu, 2010-05-06 at 08:11 -0400, Stephen Gallagher wrote: > On 05/06/2010 05:29 AM, Stjepan Gros wrote: > Ok, we really need to document how to set up an IPA client better. The > IPA backend was really designed to be used when talking to FreeIPA v2. > It makes certain assumptions that are ava

[SSSD] What is "a configuration error"?

2010-05-11 Thread David O'Brien
From the sssd-simple man page: "Please note that it is an configuration error if both, simple_allow_users and simple_deny_users, are defined." Does this mean it (and what is "it", exactly?) will throw an error of some sort, and what error? Or, is it just bad practice and will cost you brownie

[SSSD] How to handle kdcinfo when offline

2010-05-11 Thread Stephen Gallagher
Simo and I had a long discussion on IRC today regarding how to handle the kdcinfo and kpasswdinfo files for the Kerberos locator plugin. The basic problem is this: our recent changes made it so that when we shut down the SSSD, we remove the kdcinfo files. When we start back up, we write a new k

[SSSD] [PATCH] SSSDConfigAPI fixes

2010-05-11 Thread Jakub Hrozek
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Applies on top of Sumit's ldap_krb5_ticket_lifetime patch -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvpgUwACgkQHsardTLnvCXFPgCgyHZCA0AxE9byVrHzckDfwm3B

[SSSD] [PATCH] Add ldap_krb5_ticket_lifetime option

2010-05-11 Thread Sumit Bose
Hi, this patch makes the lifetime of the TGT for the SASL LDAP connection configurable and should fix #467. bye, Sumit From cbd8f27e83d92de46e0c43cb9bdc316d282db7f3 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 11 May 2010 17:51:02 +0200 Subject: [PATCH] Add ldap_krb5_ticket_lifetime opti

[SSSD] [PATCH] Improve offline detection in locator plugin

2010-05-11 Thread Sumit Bose
Hi, with this patch we avoid to send an illegal address back to libkrb5 and return KRB5_KDC_UNREACH instead. bye, Sumit From eb2aac56ac4ef14c90521a27fb58c8b292f7eb0e Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 11 May 2010 14:17:47 +0200 Subject: [PATCH] Improve offline detection in loca