URL: https://github.com/SSSD/sssd/pull/268
Author: sumit-bose
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
Action: opened
PR body:
"""
This patchset got lost when I prepared the certificate mapping patch set.
Applications like gdm with enabled Smartcard support will try t
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
abbra commented:
"""
Is there a technical reason sssd cannot discover what to do without
`allow_missing_name` option to pam_sss? I'd prefer to avoid modifying PAM
config files...
"""
S
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
sumit-bose commented:
"""
>Is there a technical reason sssd cannot discover what to do without
>allow_missing_name option to pam_sss? I'd prefer to avoid modifying PAM config
>files...
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
abbra commented:
"""
Still, why you cannot make that decision without an option's help? Sorry, I
don't see a difference -- why by seeing a certificate `pam_sss` cannot defer
decision to
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
sumit-bose commented:
"""
> Still, why you cannot make that decision without an option's help? Sorry, I
> don't see a difference -- why by seeing a certificate pam_sss cannot defer
> de
URL: https://github.com/SSSD/sssd/pull/259
Title: #259: RESPONDER: Also populate cr_domains when initializing the
responders
sumit-bose commented:
"""
jfyi, I think my suggested patch is not the right solution either because it
will delay the startup time especially when the system is offline.
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
abbra commented:
"""
I opened RFE https://pagure.io/SSSD/sssd/issue/3396 to discuss details of this.
I believe "sending potentially bogus data to SSSD" is not an argument -- any
process
URL: https://github.com/SSSD/sssd/pull/259
Title: #259: RESPONDER: Also populate cr_domains when initializing the
responders
pbrezina commented:
"""
Open the sockets but postpone reading from them?
"""
See the full comment at
https://github.com/SSSD/sssd/pull/259#issuecomment-300757695
__
URL: https://github.com/SSSD/sssd/pull/269
Author: NWilson
Title: #269: Add support for ActiveDirectory's logonHours restrictions
Action: opened
PR body:
"""
This is a straightforward patch for denying access to a user when the user is
not permitted to access their account due to logonHours r
URL: https://github.com/SSSD/sssd/pull/269
Title: #269: Add support for ActiveDirectory's logonHours restrictions
centos-ci commented:
"""
Can one of the admins verify this patch?
"""
See the full comment at
https://github.com/SSSD/sssd/pull/269#issuecomment-300793133
_
URL: https://github.com/SSSD/sssd/pull/269
Title: #269: Add support for ActiveDirectory's logonHours restrictions
centos-ci commented:
"""
Can one of the admins verify this patch?
"""
See the full comment at
https://github.com/SSSD/sssd/pull/269#issuecomment-300793139
_
URL: https://github.com/SSSD/sssd/pull/269
Author: NWilson
Title: #269: Add support for ActiveDirectory's logonHours restrictions
Action: edited
Changed field: body
Original value:
"""
This is a straightforward patch for denying access to a user when the user is
not permitted to access their
URL: https://github.com/SSSD/sssd/pull/269
Title: #269: Add support for ActiveDirectory's logonHours restrictions
fidencio commented:
"""
ok to test
"""
See the full comment at
https://github.com/SSSD/sssd/pull/269#issuecomment-300797835
___
sssd-dev
URL: https://github.com/SSSD/sssd/pull/270
Author: mzidek-rh
Title: #270: Subdomains direct integration
Action: opened
PR body:
"""
Note: I know the commit message misses an issue number. I will add it tomorrow
when I clone the BZ. However this should not block the review.
"""
To pull the PR
URL: https://github.com/SSSD/sssd/pull/270
Title: #270: Subdomains direct integration
mzidek-rh commented:
"""
Btw, we fixed practically the same issue in IPA subdomains code (from users
perspective). The code for direct integration is completely different, but
maybe we could reuse the same is
15 matches
Mail list logo