On Mon, Nov 28, 2011 at 02:01:44PM -0500, Stephen Gallagher wrote:
> Fixes https://fedorahosted.org/sssd/ticket/1101
>
> Previously, we were only trying the next failover server if we got back
> ETIMEDOUT (which was a relic of using ldap_initialize()). Now that we're
> directly connecting to the s
On Fri, 2011-11-25 at 18:55 +0530, Nitesh Mehare wrote:
> Anyone help me out how can i move fwd from here...
I'm not really sure how to proceed from here. The two logs you sent are
mutually-exclusive. There's no way at all that the sssd_pam.log should
be showing no activity while the strace is de
Fixes https://fedorahosted.org/sssd/ticket/1101
Previously, we were only trying the next failover server if we got back
ETIMEDOUT (which was a relic of using ldap_initialize()). Now that we're
directly connecting to the socket manually, we need to ensure that we
handle all possible socket errors.
On Mon, 2011-11-28 at 11:31 -0500, Stephen Gallagher wrote:
> On Mon, 2011-11-28 at 16:33 +0100, Jan Zelený wrote:
> > Discovered by coverity, no ticket assigned
> >
> > Jan
>
> Ack.
Pushed to master.
signature.asc
Description: This is a digitally signed message part
__
On Mon, 2011-11-28 at 13:50 -0500, Stephen Gallagher wrote:
> There are several places in the code where we rely on type-punned
> pointers (such as with the sssm_*_id_init() functions).
>
> Most modern distros build with -fno-scrict-aliasing by default, so we're
> safe there. However some older di
On Mon, 2011-11-28 at 11:30 -0500, Stephen Gallagher wrote:
> On Mon, 2011-11-28 at 17:12 +0100, Jan Zelený wrote:
> > Detected by Coverity, no ticket yet
> >
> > Jan
>
> Ack
Pushed to master.
signature.asc
Description: This is a digitally signed message part
__
On Mon, 2011-11-28 at 10:41 -0500, Stephen Gallagher wrote:
> On Mon, 2011-11-28 at 16:22 +0100, Pavel Březina wrote:
> > ___
> > sssd-devel mailing list
> > sssd-devel@lists.fedorahosted.org
> > https://fedorahosted.org/mailman/listinfo/sssd-devel
>
> A
There are several places in the code where we rely on type-punned
pointers (such as with the sssm_*_id_init() functions).
Most modern distros build with -fno-scrict-aliasing by default, so we're
safe there. However some older distros (notably RHEL 5) do not have this
enabled by default. For safety
https://fedorahosted.org/sssd/ticket/960
From 5078bef5727419791a776c6892515fc58e588aa8 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Wed, 16 Nov 2011 04:24:53 -0500
Subject: [PATCH 1/3] Multiple search bases helper function
---
src/util/sss_ldap.c | 137 ++
On Mon, 28 Nov 2011, Ondrej Valousek wrote:
> I do not think so - see my post earlier today. I think it actually makes a
> sense in terms of improved security. You can tell your KDC which TGS tickets
> can be issued for a specified machine.
> I good article is here:
> http://technet.microsoft.com/
Might it be that one?
http://technet.microsoft.com/en-us/library/cc772815%28WS.10%29.aspx
-Ursprüngliche Nachricht-
Von: sssd-devel-boun...@lists.fedorahosted.org
[mailto:sssd-devel-boun...@lists.fedorahosted.org] Im Auftrag von Simo Sorce
Gesendet: Montag, 28. November 2011 17:36
An: Dev
It's an artificial distinction that holds ground only in MS-land.
If you find the Technet article can you send the link to this list ?
It would be nice to have a reference in the archives.
Simo.
I do not think so - see my post earlier today. I think it actually makes a sense in terms of impr
On Mon, 2011-11-28 at 10:13 +0100, Ondrej Valousek wrote:
> On 11/28/2011 09:46 AM, John Hodrien wrote:
> > On Sun, 27 Nov 2011, Josh Geisser wrote:
> >
> > > Yes, totally confused :)
> > >
> > > Thanks to you guy's I got it working now. But what I don't get is how
> > > Kerberos keys are handle
On Mon, 2011-11-28 at 16:33 +0100, Jan Zelený wrote:
> Discovered by coverity, no ticket assigned
>
> Jan
Ack.
signature.asc
Description: This is a digitally signed message part
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fed
On Mon, 2011-11-28 at 17:12 +0100, Jan Zelený wrote:
> Detected by Coverity, no ticket yet
>
> Jan
Ack
signature.asc
Description: This is a digitally signed message part
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahoste
Detected by Coverity, no ticket yet
Jan
From b142f6262cca1009ad27defdf81e6a98e9065aef Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Mon, 28 Nov 2011 10:36:58 -0500
Subject: [PATCH] Fixed logically dead code in netgroup processing
---
src/providers/ipa/ipa_netgroups.c |2 +-
1 files change
On Mon, Nov 28, 2011 at 04:22:53PM +0100, Pavel Březina wrote:
Ack
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
On Mon, 2011-11-28 at 16:22 +0100, Pavel Březina wrote:
> ___
> sssd-devel mailing list
> sssd-devel@lists.fedorahosted.org
> https://fedorahosted.org/mailman/listinfo/sssd-devel
Ack.
signature.asc
Description: This is a digitally signed message part
_
Discovered by coverity, no ticket assigned
Jan
From f0b3cd77194f69d723d86659160974114d4fdf6d Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Mon, 28 Nov 2011 10:14:53 -0500
Subject: [PATCH] Fixed uninitialized pointer read in netgroups processing
---
src/providers/ipa/ipa_netgroups.c |6 +++
From 504d4c3aa96aede6c90ea56638d507c891f5d950 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
Date: Mon, 28 Nov 2011 16:17:16 +0100
Subject: [PATCH] sss_cli.h - fix: function declaration after the header guard
---
src/sss_client/sss_cli.h |4 ++--
1 files changed, 2 insertio
On Fri, Nov 18, 2011 at 12:17:42PM -0500, Stephen Gallagher wrote:
> This patch addresses a number of code-maintenance issues and one
> hard-to-spot bug that has been hiding in the responder code for a long
> time.
>
> The code has been changed so that we will now follow the tevent_req
> style for
On Thu, 2011-11-24 at 13:18 +0100, Jakub Hrozek wrote:
> Noticed this while working on the dereference support in IPA initgroups
Ack, although the second blob is essentially no change (NULL is a
#define for ((void *)0))
signature.asc
Description: This is a digitally signed message part
_
Pushed under the one-liner rule
Jan
From 8f525c7c87647f8f9312b4ffa1b5c2461d390cd4 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Mon, 28 Nov 2011 13:25:41 +0100
Subject: [PATCH] Fixed a typo in sysdb_upgrade_07() declaration
---
src/db/sysdb_private.h |2 +-
1 files changed, 1 insertions(+
On 11/28/2011 10:49 AM, Marko Myllynen wrote:
MIT KDC provides related functionality but as the documentation suggests
it is probably something most people do not want to use.
5.3.3 Adding or Modifying Principals
{-|+}allow_svr
The “-allow_svr” flag prohibits the issuance of service ticket
Hi,
>>> Yes and it is no wonder because UPN and SPN serve a different task. I
>>> recommend searching MS technet for this. They have a nice explanation
>>> for this.
>> In simple terms it's service for a receiver and user for initiator.
>> Unfortunately this can sometimes get a little blury. NFS
On 11/28/2011 10:16 AM, John Hodrien wrote:
On Mon, 28 Nov 2011, Ondrej Valousek wrote:
Yes. My understanding is the only difference between a service principal and
a user principal is that the KDC will not issue a ticket granting ticket to a
service principal.
jh
Yes and it is no wonder b
On Mon, 28 Nov 2011, Ondrej Valousek wrote:
> Yes. My understanding is the only difference between a service principal and
> a user principal is that the KDC will not issue a ticket granting ticket to a
> service principal.
>
> jh
>
>
> Yes and it is no wonder because UPN and SPN serve a differe
On 11/28/2011 09:46 AM, John Hodrien wrote:
On Sun, 27 Nov 2011, Josh Geisser wrote:
Yes, totally confused :)
Thanks to you guy's I got it working now. But what I don't get is how
Kerberos keys are handled in general. The /etc/krb5.keytab is a container,
can I take both, UPN and SPN?
Yes. My
On Sat, Nov 26, 2011 at 08:16:11PM +0100, Sascha Frey wrote:
> Hi list,
>
> I'm trying to get sssd 1.6.1 working on FreeBSD 9.0 RC2 for some time
> now.
>
> /var/log/sssd/sssd_LDAP.log shows that the connection to the LDAP server
> fails:
>
> (Sat Nov 26 18:54:52 2011) [sssd[be[LDAP]]]
> [sdap_l
On Sun, 27 Nov 2011, Josh Geisser wrote:
> Yes, totally confused :)
>
> Thanks to you guy's I got it working now. But what I don't get is how
> Kerberos keys are handled in general. The /etc/krb5.keytab is a container,
> can I take both, UPN and SPN?
Yes. My understanding is the only difference
30 matches
Mail list logo
