On Fri, Feb 18, 2011 at 09:45:13AM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/18/2011 09:40 AM, Stephen Gallagher wrote:
Previously, we were setting the client context PAM lookup timeout
after the first domain replied. However, if the user wasn't a
On Fri, Feb 18, 2011 at 04:28:13PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The IPA provider was not properly removing groups in the cache
that the user was no longer a member of.
Fixes https://fedorahosted.org/sssd/ticket/803
ACK
I've have also
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/21/2011 06:30 AM, Sumit Bose wrote:
On Fri, Feb 18, 2011 at 09:45:13AM -0500, Stephen Gallagher wrote:
On 02/18/2011 09:40 AM, Stephen Gallagher wrote:
Previously, we were setting the client context PAM lookup timeout
after the first domain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/21/2011 06:32 AM, Sumit Bose wrote:
On Fri, Feb 18, 2011 at 04:28:13PM -0500, Stephen Gallagher wrote:
The IPA provider was not properly removing groups in the cache
that the user was no longer a member of.
Fixes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It is possible to set up FreeIPA servers where the Kerberos realm
differs from the IPA domain name. We need to allow setting the
krb5_realm explicitly to handle this.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=679082
- --
Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/21/2011 11:34 AM, Stephen Gallagher wrote:
It is possible to set up FreeIPA servers where the Kerberos realm
differs from the IPA domain name. We need to allow setting the
krb5_realm explicitly to handle this.
Fixes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/21/2011 11:45 AM, Stephen Gallagher wrote:
On 02/21/2011 11:34 AM, Stephen Gallagher wrote:
It is possible to set up FreeIPA servers where the Kerberos realm
differs from the IPA domain name. We need to allow setting the
krb5_realm