On Mon, 2011-04-25 at 16:41 -0400, Stephen Gallagher wrote:
> On Mon, 2011-04-25 at 16:21 -0400, Stephen Gallagher wrote:
> > On Mon, 2011-04-25 at 15:33 -0400, Stephen Gallagher wrote:
> > > On Mon, 2011-04-25 at 14:26 -0400, Stephen Gallagher wrote:
> > > > Patch 0001: Added a debug message to se
On Mon, 2011-04-25 at 16:21 -0400, Stephen Gallagher wrote:
> On Mon, 2011-04-25 at 15:33 -0400, Stephen Gallagher wrote:
> > On Mon, 2011-04-25 at 14:26 -0400, Stephen Gallagher wrote:
> > > Patch 0001: Added a debug message to see which record type we're
> > > processing on each loop through sdap
On Mon, 2011-04-25 at 15:33 -0400, Stephen Gallagher wrote:
> On Mon, 2011-04-25 at 14:26 -0400, Stephen Gallagher wrote:
> > Patch 0001: Added a debug message to see which record type we're
> > processing on each loop through sdap_process_message(). This is purely
> > informational.
> >
> > Patch
On Mon, 2011-04-25 at 15:35 -0400, Stephen Gallagher wrote:
> If the user's primary GID was not provided by the SSSD domain, we
> would
> throw an error and fail the access check.
>
> This is not a security vulnerability, as it would never allow an
> unauthorized user access, it would only deny ac
On Mon, Apr 25, 2011 at 12:35 PM, Stephen Gallagher
wrote:
> If the user's primary GID was not provided by the SSSD domain, we would
> throw an error and fail the access check.
>
> This is not a security vulnerability, as it would never allow an
> unauthorized user access, it would only deny acces
If the user's primary GID was not provided by the SSSD domain, we would
throw an error and fail the access check.
This is not a security vulnerability, as it would never allow an
unauthorized user access, it would only deny access to valid users.
>From 27151ee3254a645f9f8f35fe668d366938163f17 Mon
On Mon, 2011-04-25 at 14:26 -0400, Stephen Gallagher wrote:
> Patch 0001: Added a debug message to see which record type we're
> processing on each loop through sdap_process_message(). This is purely
> informational.
>
> Patch 0002: Add support for paged LDAP results.
> I changed the internals of
Patch 0001: Added a debug message to see which record type we're
processing on each loop through sdap_process_message(). This is purely
informational.
Patch 0002: Add support for paged LDAP results.
I changed the internals of sdap_get_generic_send() somewhat here and
added a new sdap_get_generic_i
On Wed, 2011-04-20 at 11:20 -0400, Stephen Gallagher wrote:
> On Wed, 2011-04-13 at 22:34 +0200, Jakub Hrozek wrote:
> > On Wed, Apr 13, 2011 at 06:36:40PM +0200, Jan Zelený wrote:
> > > Sorry, I originally missed that we need to do the update code as well.
> > > Sending
> > > the complete patch.
On Thu, 2011-04-21 at 07:51 -0400, Stephen Gallagher wrote:
> On Thu, 2011-04-21 at 12:40 +0200, Jan Zelený wrote:
> > > Please rebase atop current master (auto-merge did NOT get it right). The
> > > content of the patch otherwise would be an ack.
> >
> > Done
>
>
> Ack
Pushed to master
signa
On Mon, 2011-04-25 at 08:04 -0400, Stephen Gallagher wrote:
> On Thu, 2011-04-21 at 14:13 +0200, Jan Zelený wrote:
> > > On Thu, 2011-04-21 at 12:30 +0200, Jan Zelený wrote:
> > > > > Nack.
> > > > >
> > > > > You still have unchecked talloc_strdup() calls in this patch in
> > > > > select_princip
On Mon, 2011-04-25 at 07:53 -0400, Stephen Gallagher wrote:
> On Thu, 2011-04-21 at 11:23 +0200, Jan Zelený wrote:
> > >
> > > Nack.
> > >
> > > As we discussed on IRC, the 'services' option in [sssd] must be left as
> > > mandatory.
> > >
> > > Similarly, do not make krb5_realm optional. It mus
On Thu, 2011-04-21 at 07:39 -0400, Stephen Gallagher wrote:
> On Thu, 2011-04-21 at 11:32 +0200, Jan Zelený wrote:
> > > On Fri, 2011-04-01 at 09:31 +0200, Jan Zelený wrote:
> > > > In responder a negative cache is used to indicate that the record has
> > > > not been found by previous lookup. This
On Wed, 2011-04-20 at 10:44 -0400, Stephen Gallagher wrote:
> On Wed, 2011-03-30 at 16:13 +0200, Jan Zelený wrote:
> > Stephen Gallagher wrote:
> > > On 03/30/2011 08:44 AM, Stephen Gallagher wrote:
> > > > On 03/29/2011 09:23 AM, Jan Zelený wrote:
> > > >> Stephen Gallagher wrote:
> > > >>> On 0
On Wed, 2011-04-20 at 10:25 -0400, Stephen Gallagher wrote:
> On Tue, 2011-03-29 at 15:20 +0200, Jan Zelený wrote:
> > Stephen Gallagher wrote:
> > > Nack.
> > >
> > > In match_principal(), use
> > > krb5_unparse_name_flags(ctx, principal,
> > > KRB5_PRINCIPAL_UNPARSE_NO_R
On Thu, 2011-04-21 at 14:13 +0200, Jan Zelený wrote:
> > On Thu, 2011-04-21 at 12:30 +0200, Jan Zelený wrote:
> > > > Nack.
> > > >
> > > > You still have unchecked talloc_strdup() calls in this patch in
> > > > select_principal_from_keytab().
> > >
> > > I don't think so, all talloc_strdup() cal
On Thu, 2011-04-21 at 11:23 +0200, Jan Zelený wrote:
> >
> > Nack.
> >
> > As we discussed on IRC, the 'services' option in [sssd] must be left as
> > mandatory.
> >
> > Similarly, do not make krb5_realm optional. It must exist if using the
> > kerberos provider.
> >krb5_realm (string)
>
17 matches
Mail list logo
