[SSSD] Re: kinit on IPA server does not exclusively talk to local KDC

On Thu, Sep 21, 2017 at 01:15:00PM +0200, Lukas Slebodnik wrote: > On (12/09/17 15:45), Lukas Slebodnik wrote: > >ehlo, > > > >I realized that it might be better to discuss it here rather then in > >pull requests because it seems to be related to two different commits. > > > >I will describe a

[SSSD] Re: 1.13.5 release?

On Thu, Sep 21, 2017 at 01:04:04PM +0200, Lukas Slebodnik wrote: > On (19/09/17 20:50), Jakub Hrozek wrote: > >Hi, > > > >Timo mentioned last week on IRC that he would appreciate if we released > >1.13.5. > > > >Does anyone have some patches to merge in sss

[SSSD] 1.13.5 release?

Hi, Timo mentioned last week on IRC that he would appreciate if we released 1.13.5. Does anyone have some patches to merge in sssd-1-13 or can we release the tarball? I know there are some pending PRs with backports and some patches for RHEL-6 bugs were proposed in bugzilla.redhat.com, but

[SSSD] Re: about access control reporting with id_provider=ad

On Wed, Aug 23, 2017 at 04:13:07PM +0200, Michal Židek wrote: > On 08/23/2017 03:26 PM, Jakub Hrozek wrote: > > On Tue, Aug 22, 2017 at 03:21:14PM +0200, Michal Židek wrote: > > > On 08/22/2017 12:31 PM, Jakub Hrozek wrote: > > > > On Tue, Aug 22, 2017 at 11:40:

[SSSD] stuck with ticket #3465

Hi, I'm afraid I got a little stuck looking into upstream ticket https://pagure.io/SSSD/sssd/issue/3465 The reporter is seeing sssd memory usage increasing on RHEL-6 and RHEL-7. There is a valgrind log from RHEL-6 attached to the ticket which does show some leaks, the three biggest ones are:

[SSSD] Can someone review PR #225 (secrets quotas) ?

Hi, I've got a PR opened for some time that I would really like to merge for the next version: https://github.com/SSSD/sssd/pull/225 - SECRETS: Apply separate quotas for cn=secrets and cn=kcm It's been through several passes of a review already, so I think it would be easy to add the

[SSSD] Re: about access control reporting with id_provider=ad

On Tue, Aug 22, 2017 at 03:21:14PM +0200, Michal Židek wrote: > On 08/22/2017 12:31 PM, Jakub Hrozek wrote: > > On Tue, Aug 22, 2017 at 11:40:39AM +0200, Michal Židek wrote: > > > On 08/22/2017 11:21 AM, Michal Židek wrote: > > > > On 08/21/2017 02:27 PM, Jakub Hro

[SSSD] Re: about access control reporting with id_provider=ad

On Tue, Aug 22, 2017 at 11:40:39AM +0200, Michal Židek wrote: > On 08/22/2017 11:21 AM, Michal Židek wrote: > > On 08/21/2017 02:27 PM, Jakub Hrozek wrote: > > > Hi Michal and sssd-devel, > > > > > > one of the RFEs that keeps coming up for SSSD is to pro

[SSSD] Re: about access control reporting with id_provider=ad

On Tue, Aug 22, 2017 at 11:21:43AM +0200, Michal Židek wrote: > On 08/21/2017 02:27 PM, Jakub Hrozek wrote: > > Hi Michal and sssd-devel, > > > > one of the RFEs that keeps coming up for SSSD is to provide a sort of an > > 'attestation report' for SSSD. Mostly the re

[SSSD] Re: RFC: 1.15.4 cleanup

On Tue, Aug 22, 2017 at 09:19:54AM +0200, Lukas Slebodnik wrote: > On (21/08/17 21:04), Jakub Hrozek wrote: > >Hi, > > > >1.15.4 will be released by the end of this months in a time-based > >fashion. But obviously, the milestone is too big, so we need to decide >

[SSSD] about access control reporting with id_provider=ad

Hi Michal and sssd-devel, one of the RFEs that keeps coming up for SSSD is to provide a sort of an 'attestation report' for SSSD. Mostly the request is about printing who can access this client machine. I know that we fetch all the HBAC rules for a client with the IPA provider, but Michal, you

[SSSD] Re: Shall we freeze the development till #3463 is solved?

> On 8 Aug 2017, at 16:51, Fabiano Fidêncio wrote: > > People, > > There's a test, part of our internal CI, recurrently failing in the > past few weeks: > > === FAILURES > === > _

[SSSD] Re: debugging adcli info - short name not returned

On Tue, Aug 01, 2017 at 06:52:41PM -, smfre...@gmail.com wrote: > In one of our test domains, we noticed that the short name of the domain was > not being returned by "adcli info" (it is visible in the output of "net rpc > info" though and it is clearly configured in Windows and can be seen

[SSSD] Re: About https://pagure.io/SSSD/sssd/issue/1898

On Fri, Jul 21, 2017 at 04:39:59PM +0530, amit kumar wrote: > Dear Devels, > > The requirement I understand is to move files used by both > client(sss_client) & server to some special directory may be src/shared? > I believe these are common files used by both server & > client(sss_client) Hence

[SSSD] Re: RFC: 1.15.3 release notes

On Tue, Jul 25, 2017 at 12:50:20PM +0200, Lukas Slebodnik wrote: > On (25/07/17 12:30), Jakub Hrozek wrote: > >On Tue, Jul 25, 2017 at 12:02:06PM +0200, Lukas Slebodnik wrote: > >> On (25/07/17 11:10), Jakub Hrozek wrote: > >> >On Tue, Jul 25, 2017 at 08:39:59A

[SSSD] Re: RFC: 1.15.3 release notes

On Tue, Jul 25, 2017 at 12:02:06PM +0200, Lukas Slebodnik wrote: > On (25/07/17 11:10), Jakub Hrozek wrote: > >On Tue, Jul 25, 2017 at 08:39:59AM +0200, Lukas Slebodnik wrote: > >> On (24/07/17 18:34), Jakub Hrozek wrote: > >> >Hi, > >> > > >>

[SSSD] Re: RFC: 1.15.3 release notes

On Tue, Jul 25, 2017 at 08:39:59AM +0200, Lukas Slebodnik wrote: > On (24/07/17 18:34), Jakub Hrozek wrote: > >Hi, > > > >I would really like to release 1.15.3 soon (like, today, at worst > >tomorrow if we can't merge PR #328 and #331 today). The release notes > >a

[SSSD] RFC: 1.15.3 release notes

Hi, I would really like to release 1.15.3 soon (like, today, at worst tomorrow if we can't merge PR #328 and #331 today). The release notes are here: https://pagure.io/fork/jhrozek/SSSD/docs You can either clone the repo and run 'make html' or, for your convenience, I'm pasting the

[SSSD] Re: sssd crash on RHEL 7.3

On Fri, Jul 14, 2017 at 09:05:01PM +0300, Alexander Bokovoy wrote: > On pe, 14 heinä 2017, smfre...@gmail.com wrote: > > Noticed sssd service won't start on one of our RHEL 7.3 systems. Only > > obvious difference between working and failing systems (both joined > > same way to samba domain) was

[SSSD] Re: Evaluating HBAC rules for other hosts

at would allow viewing of all memberOf > attributes. > > > On ti, 27 kesä 2017, Jakub Hrozek wrote: > > > There were requests to implement authentication over the D-bus > > > interface > > > in the past and we were quite reluctant to them, but IIRC that was > > >

[SSSD] Re: Evaluating HBAC rules for other hosts

On Tue, Jun 27, 2017 at 11:40:37AM +0100, Howard Johnson wrote: > In Ipsilon, we recently (OK, about a year ago) added an authorisation stack. > This allows us to control, Ipsilon-side, which users are permitted to log > into which service providers. Our authorisation plugin functions are >

[SSSD] Re: Changes to default ccache in krb5.conf

On Wed, May 31, 2017 at 02:21:42PM +0200, Lukas Slebodnik wrote: > On (31/05/17 10:59), Jakub Hrozek wrote: > >We could do one thing that Simo proposed some time ago which is to not > >cache the KRB5CCNAME at all if it only contains 'predictable' > >components. > > &

[SSSD] Re: Changes to default ccache in krb5.conf

On Wed, May 31, 2017 at 10:31:38AM +0200, Lukas Slebodnik wrote: > ehlo, > > I had a discussion with QEs and realized that sssd need to be restarted > if default_ccache_name is changed in krb5 configuration files. > > The reason is that we cache the value but do not refresh it. >

[SSSD] Re: Merging sss_cache and sss_debuglevel into sssctl

On Wed, May 10, 2017 at 04:13:28PM -0400, Justin Stephenson wrote: > On 05/10/2017 04:12 AM, Jakub Hrozek wrote: > > On Tue, May 09, 2017 at 09:36:45AM -0400, Justin Stephenson wrote: > > > Hello, I wanted to check if anyone has objections or concerns with moving > > >

[SSSD] Re: Merging sss_cache and sss_debuglevel into sssctl

On Tue, May 09, 2017 at 09:36:45AM -0400, Justin Stephenson wrote: > Hello, I wanted to check if anyone has objections or concerns with moving > existing code for sss_cache and sss_debuglevel into sssctl for ticket #3057 > - Merge existing command line tools into sssctl. > > The deprecated tools

[SSSD] Re: AD Trust code question - s2n exop parsing of double-qualified name

On Tue, Apr 18, 2017 at 12:09:51PM -0400, Justin Stephenson wrote: > Hello, > > I was working on a fix for BZ # 1433835(IPA clients fails to retrieve groups > with @-sign in the group name in an IPA-AD trust setup) where the patch at > the end of this email seems to work well parsing a

[SSSD] Re: OK to just push converted docs from fedorahosted wiki to the pagure docs repo?

On Tue, Apr 18, 2017 at 06:35:53PM +0200, Lukas Slebodnik wrote: > On (30/03/17 21:22), Jakub Hrozek wrote: > >Hi, > > > >would anyone complain if I just push converted content from fedorahosted > >to the docs repo w/o review as long as there are no changes OR the >

[SSSD] pagure tickets for migrating wiki pages

Hi, as we're migrating the wiki pages from the old fedorahosted wiki to pagure, I would like to make sure two people are not working on the same wiki page. I'm thinking about just filing a bunch of issues over at https://pagure.io/SSSD/docs/issues for the most important pages. Anyone working on

[SSSD] Re: pam_sss auth vs access

On Fri, Apr 14, 2017 at 08:10:35PM -, zac...@temple.edu wrote: > Hi list, > > This is more of a feature request, and I don't know if this is the right > venue to ask. If not, kindly direct me to the proper place. > > The sssd configuration separates identity, authentication, and access >

[SSSD] Re: WIP design page: Subdomain configuration

On Fri, Apr 07, 2017 at 12:56:56PM +0200, Michal Židek wrote: > On 04/07/2017 08:51 AM, Jakub Hrozek wrote: > > On Mon, Jan 16, 2017 at 03:35:11PM +0100, Michal Židek wrote: > > > Hi, > > > > > > I started working on the design page for subdomain > > >

[SSSD] Re: [RFC] Matching and Mapping Certificates

On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote: > Hi, > > I've started to write a SSSD design page about enhancing the current > mapping of certificates to users and how to select/match a suitable > certificate if multiple certificates are on a Smartcard. > > My currently thoughts

[SSSD] Re: WIP design page: Subdomain configuration

On Mon, Jan 16, 2017 at 03:35:11PM +0100, Michal Židek wrote: > Hi, > > I started working on the design page for subdomain > configuration in server mode. It is located here: > https://fedorahosted.org/sssd/wiki/DesignDocs/SubdomConf > > The implementation details and how to debug sections will

[SSSD] Re: Design document - SSSD KCM server

On Tue, Nov 22, 2016 at 08:51:10AM +0100, Jakub Hrozek wrote: > Hi, > > I was working on a KCM server for SSSD for some time already in parallel > with the files provider and had some discussions with Simo as well. Of > course my intent wasn't to implement a feature secretly w

[SSSD] Re: Question about ipa_domain option

On Wed, Apr 05, 2017 at 02:19:20PM +0200, Michal Židek wrote: > Hello! > > When I create a [domain/IPADOMAIN] section and then use the ipa_domain > option to use ipadomain.test as a domain name (instead of IPADOMAIN) then > SSSD is not able to connect to the ipadomain.test properly. > > I wonder

[SSSD] Re: Design discussion: Support for non-POSIX users and groups

On Tue, Mar 28, 2017 at 04:18:24PM +0200, Jakub Hrozek wrote: > On Tue, Mar 14, 2017 at 06:25:39AM -0400, Simo Sorce wrote: > > On Mon, 2017-03-06 at 14:49 +0100, Jakub Hrozek wrote: > > >     [sssd] > > > >     domains = ap

[SSSD] Re: Remove https://github.com/SSSD/gh-mailinglist-notifications, add https://github.com/SSSD/docs

On Fri, Mar 31, 2017 at 03:43:23PM +0200, Lukas Slebodnik wrote: > And if somebody prepare POC with rendering htmls with PR on github > then we can mirror repo there. This is not a blocker to mirroring. ___ sssd-devel mailing list --

[SSSD] Re: Remove https://github.com/SSSD/gh-mailinglist-notifications, add https://github.com/SSSD/docs

On Fri, Mar 31, 2017 at 11:50:15AM +0200, Lukas Slebodnik wrote: > On (31/03/17 11:00), Pavel Březina wrote: > >On 03/31/2017 10:35 AM, Lukas Slebodnik wrote: > >> On (30/03/17 21:18), Jakub Hrozek wrote: > >> > Hi, > >> > > >> > I'd

[SSSD] Re: Remove https://github.com/SSSD/gh-mailinglist-notifications, add https://github.com/SSSD/docs

On Thu, Mar 30, 2017 at 09:18:39PM +0200, Jakub Hrozek wrote: > Hi, > > I'd like to remove https://github.com/SSSD/gh-mailinglist-notifications > -- we're not currently using it, but we're rather using Martin Basti's > mail notifier. Deleted _

[SSSD] Re: Remove https://github.com/SSSD/gh-mailinglist-notifications, add https://github.com/SSSD/docs

On Fri, Mar 31, 2017 at 10:55:29AM +0200, Sumit Bose wrote: > On Fri, Mar 31, 2017 at 10:35:20AM +0200, Lukas Slebodnik wrote: > > On (30/03/17 21:18), Jakub Hrozek wrote: > > >Hi, > > > > > >I'd like to remove https://github.com/SSSD/gh-mailinglist-notificatio

[SSSD] Re: OK to just push converted docs from fedorahosted wiki to the pagure docs repo?

On Fri, Mar 31, 2017 at 10:53:03AM +0200, Lukas Slebodnik wrote: > On (30/03/17 21:22), Jakub Hrozek wrote: > >Hi, > > > >would anyone complain if I just push converted content from fedorahosted > >to the docs repo w/o review as long as there are no changes OR the >

[SSSD] OK to just push converted docs from fedorahosted wiki to the pagure docs repo?

Hi, would anyone complain if I just push converted content from fedorahosted to the docs repo w/o review as long as there are no changes OR the changes are just alingnment of 1.15 design documents with the actual implementation? As 1.15 is making its way to downstreams, there are people

[SSSD] Re: Data Provider is offline

On Wed, Mar 22, 2017 at 05:39:52PM +0100, Michaël Van de Borne wrote: > Hi all, > > So I have 2 Centos7 hosts, with same sssd and nsswitch configs. > One does find the users in IPA, and the other doesn't. > Looks like the Data Provider is offline. > I sent the SIGUSR2 signal to sssd which is

[SSSD] Remove https://github.com/SSSD/gh-mailinglist-notifications, add https://github.com/SSSD/docs

Hi, I'd like to remove https://github.com/SSSD/gh-mailinglist-notifications -- we're not currently using it, but we're rather using Martin Basti's mail notifier. At the same time, I'd like to add a mirror of https://pagure.io/SSSD/docs to github in order to follow the same process for both docs

[SSSD] Announcing SSSD 1.15.2

nto a new tevent request * CACHE_REQ: Check the caches first * NSS: Don't set SocketUser/SocketGroup as "sssd" in sssd-nss.socket * NSS: Ensure the NSS socket is started before any other services' sockets * NSS: Don't call chown on NSS service's ExecStartPre * Ig

[SSSD] Re: RFC: 1.15.2 release notes

On Wed, Mar 15, 2017 at 04:52:18PM +0100, Sumit Bose wrote: > > * The SSSD D-Bus interface gained two new methods: > >``FindByNameAndCertificate`` and ``ListByCertificate``. These methods > > will > >be used primarily by IPA to correctly match multple users who use the >

[SSSD] Re: RFC: 1.15.2 release notes

On Wed, Mar 15, 2017 at 04:27:26PM +0100, Fabiano Fidêncio wrote: > > * Several issues related to socket-activating the NSS service, especially > >if SSSD was configured to use a non-privileged user were fixed. The NSS > >service now starts as root to avoid triggering a name-service

[SSSD] RFC: 1.15.2 release notes

Hi, I prepared release notes for today's release. They are written in anticipation that PR#186 with the subdomain config will be merged. The RST I pushed to the sssd/docs repo is below: SSSD 1.15.2 === Highlights -- * It is now possible to configure certain parameters of a

[SSSD] Re: Design discussion: Support for non-POSIX users and groups

On Wed, Mar 08, 2017 at 10:45:32AM +0100, Pavel Březina wrote: > On 03/07/2017 03:11 PM, Jakub Hrozek wrote: > > On Tue, Mar 07, 2017 at 02:31:27PM +0100, Pavel Březina wrote: > > > On 03/07/2017 01:33 PM, Jakub Hrozek wrote: > > > > On Tue, Mar 07, 2017 at 01:18:3

[SSSD] Re: Design discussion: Support for non-POSIX users and groups

On Tue, Mar 07, 2017 at 02:31:27PM +0100, Pavel Březina wrote: > On 03/07/2017 01:33 PM, Jakub Hrozek wrote: > > On Tue, Mar 07, 2017 at 01:18:36PM +0100, Pavel Březina wrote: > > > On 03/07/2017 01:16 PM, Pavel Březina wrote: > > > > On 03/06/2017 02:49 PM, Ja

[SSSD] Re: Design discussion: Support for non-POSIX users and groups

On Tue, Mar 07, 2017 at 01:18:36PM +0100, Pavel Březina wrote: > On 03/07/2017 01:16 PM, Pavel Březina wrote: > > On 03/06/2017 02:49 PM, Jakub Hrozek wrote: > > > Hi, > > > > > > I prepared a design page for a new feature about fetching and > > > au

[SSSD] Re: Design discussion: Support for non-POSIX users and groups

On Tue, Mar 07, 2017 at 01:16:00PM +0100, Pavel Březina wrote: > On 03/06/2017 02:49 PM, Jakub Hrozek wrote: > > Hi, > > > > I prepared a design page for a new feature about fetching and > > authenticating non-POSIX users: > > https://docs.

[SSSD] Design discussion: Support for non-POSIX users and groups

ng the domain type must be added to the ``cache_req`` code. Then, the regular method of issuing a request and watching the logs should work. Expiring the cache and using the qualified names is recommeded. Authors --- * Sumit Bose * Jakub Hrozek * Simo Sorce ___

[SSSD] Re: Announcing SSSD 1.15.1

On Mon, Mar 06, 2017 at 10:34:45AM +0100, Pavel Březina wrote: > On 03/04/2017 07:50 PM, Jakub Hrozek wrote: > > SSSD 1.15.1 > > === > > > > The SSSD team is proud to announce the release of version 1.15.1 of the > > System Security Services Daemon. &

[SSSD] Announcing SSSD 1.15.1

m initgroups lookups * TESTS: Adapt pam-srv-tests to deal with cache_req related changes * Jakub Hrozek (42): * Updating the version to track the 1.15.1 release * AD: Use ad_domain to match forest root domain, not the configured domain from sssd.conf * SUDO: Only store lowercased

[SSSD] Re: RFC: 1.15.1 release notes

On Fri, Mar 03, 2017 at 05:33:10PM +0100, Lukas Slebodnik wrote: > On (03/03/17 14:21), Fabiano Fidêncio wrote: > >On Fri, Mar 3, 2017 at 1:07 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > >> Hi, > >> > >> I prepared the release notes for the upcom

[SSSD] Re: RFC: Migrating SSSD documentation to pagure.io

On Fri, Mar 03, 2017 at 12:50:11PM +0100, Fabiano Fidêncio wrote: > On Fri, Mar 3, 2017 at 9:57 AM, Jakub Hrozek <jhro...@redhat.com> wrote: > > Hi, > > > > I started on migrating the wiki content from fedorahosted to pagure. > > Because we are working hard o

[SSSD] RFC: 1.15.1 release notes

Hi, I prepared the release notes for the upcoming 1.15.1 release. You can view them in your browser: https://docs.pagure.org/jhrozek-doctest/users/releases/notes_1_15_1.html Or read the inline RST text. Comments welcome! SSSD 1.15.1 === Highlights -- * Several issues

[SSSD] Re: RFC: Migrating SSSD documentation to pagure.io

On Fri, Mar 03, 2017 at 10:14:41AM +0100, Pavel Březina wrote: > On 03/03/2017 09:57 AM, Jakub Hrozek wrote: > > Hi, > > > > I started on migrating the wiki content from fedorahosted to pagure. > > Because we are working hard on finishing the 1.15.1 and 1.15.2 releases,

[SSSD] RFC: Migrating SSSD documentation to pagure.io

Hi, I started on migrating the wiki content from fedorahosted to pagure. Because we are working hard on finishing the 1.15.1 and 1.15.2 releases, I want to only migrate the content that we need right now, which is the releases page (so that we can put the release notes somewhere) and design pages

[SSSD] The SSSD project has migrated from fedorahosted.org to pagure.io

Hi, because fedorahosted.org was sunset: https://lwn.net/Articles/711887/ we have migrated the SSSD project hosting to pagure.io: https://pagure.io/SSSD/sssd Currently we are in a bit of a flux in the sense that the git repo has been migrated: https://pagure.io/SSSD/sssd.git And the

[SSSD] Trac is now read only in preparation for migration to pagure.io

Hi, since fedorahosted.org is going down and we're migrating the sssd project to pagure.io, I've removed permissions in trac from anyone who wasn't TRAC_ADMIN previously. Lukas will send more details about the migration soon.. ___ sssd-devel mailing

[SSSD] Does anyone use id_provider=local ?

Hi, are there any SSSD users who actively use a configuration with: id_provider=local ? If so, what is your use-case? We're considering deprecating and eventually removing this provider upstream. The replacemant for id_provider=local would be id_provider=files:

[SSSD] Re: Watchdog, time shifts and scheduled events

On Thu, Feb 09, 2017 at 09:50:18PM +0100, Victor Tapia wrote: > >> I've been testing a scenario with a time shift of an hour to the past, > >> and even though the watchdog detects the shift and restarts, the > >> scheduled events are still stuck until the time passes. > > > >What kind of scheduled

[SSSD] Re: Watchdog, time shifts and scheduled events

On Thu, Feb 09, 2017 at 05:55:57PM +0100, Victor Tapia wrote: > Hi list, > > I've been testing a scenario with a time shift of an hour to the past, > and even though the watchdog detects the shift and restarts, the > scheduled events are still stuck until the time passes. What kind of scheduled

[SSSD] Re: sssd-1.14.3 milestone cleanup

On Thu, Feb 02, 2017 at 01:43:55PM +0100, Lukas Slebodnik wrote: > On (02/02/17 11:36), Jakub Hrozek wrote: > >On Wed, Jan 11, 2017 at 06:52:32PM +0100, Lukas Slebodnik wrote: > >> On (11/01/17 16:31), Jakub Hrozek wrote: > >> >* https://fedorahosted.org/sssd/tick

[SSSD] Re: sssd-1.14.3 milestone cleanup

On Thu, Feb 02, 2017 at 12:30:16PM +0100, Michal Židek wrote: > > > >* https://fedorahosted.org/sssd/ticket/3208 - Need detailed > > > > information > > > >about config-check option > > > > - what is this ticket about? Do we need it? I suggest we just close > > > > it > > > > > > >

[SSSD] Re: sssd-1.14.3 milestone cleanup

On Thu, Jan 12, 2017 at 05:02:26PM +0100, Lukas Slebodnik wrote: > On (12/01/17 15:29), Petr Cech wrote: > >On 01/12/2017 02:02 PM, Pavel Březina wrote: > >> > > > >> > > * https://fedorahosted.org/sssd/ticket/3113 - Please move > >> > > sudo_timed option to sssd-sudo man page > >> > > -

[SSSD] Re: sssd-1.14.3 milestone cleanup

On Wed, Jan 11, 2017 at 06:52:32PM +0100, Lukas Slebodnik wrote: > On (11/01/17 16:31), Jakub Hrozek wrote: > >Hi, > > > >despite new development happening in the sssd-1-15 branch (aka master), > >there are still too many tickets in the 1.14.3 milestone. The tic

[SSSD] Re: [RFC] Discussion about enabling socket-activate services to refresh configuration

Thank you for writing up and sending the notes to the list so that everyone can follow! On Mon, Jan 30, 2017 at 03:31:32PM +0100, Fabiano Fidêncio wrote: > Last Thursday we had a face to face discussion about how > socket-activate services could refresh the confdb before starting. I'm a bit

[SSSD] Announcing SSSD 1.15.0

ward Guo (1): * sss_client: Defer thread cancellation until completion of nss/pam operations Jakub Hrozek (16): * Updating the version for the 1.14.3 development * Updating the version to track sssd-1-15 development * SYSDB: Split sysdb_try_to_find_expected_dn()

[SSSD] Re: RFC: 1.15.0 release notes

On Wed, Jan 25, 2017 at 10:32:46AM +0100, Pavel Březina wrote: > On 01/24/2017 11:48 PM, Jakub Hrozek wrote: > > Hi, > > > > It would be beneficial to release an upstream tarball in order to get > > the latest upstream code to Debian testing. I wrote up the release no

[SSSD] RFC: 1.15.0 release notes

Hi, It would be beneficial to release an upstream tarball in order to get the latest upstream code to Debian testing. I wrote up the release notes page: https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0 and unless there is no push-back, I will tag and release the tarball tomorrow (Wed

[SSSD] Re: WIP design page: Subdomain configuration

On Mon, Jan 16, 2017 at 03:35:11PM +0100, Michal Židek wrote: > Hi, > > I started working on the design page for subdomain > configuration in server mode. It is located here: > https://fedorahosted.org/sssd/wiki/DesignDocs/SubdomConf > > The implementation details and how to debug sections will

[SSSD] sssd-1.14.3 milestone cleanup

Hi, despite new development happening in the sssd-1-15 branch (aka master), there are still too many tickets in the 1.14.3 milestone. The tickets should be moved out to current milestones unless someone is really working on them. These are: * https://fedorahosted.org/sssd/ticket/3063 - add

[SSSD] Handling of offline requests in sssd-1-13 and older

Hi, there was a customer complaining about fail over not reconnecting as fast with sssd-1-13 as it did with sssd-1-14. The issue they were seeing was that if sssd was offline, but the server came back up, it still took sssd the full offline timeout cycle to attempt to reconnect, even though we

[SSSD] Re: Group renaming issue when "id_provider = ldap" is set.

On Tue, Jan 10, 2017 at 10:12:37PM +0100, Fabiano Fidêncio wrote: > On Mon, Jan 9, 2017 at 11:51 AM, Jakub Hrozek <jhro...@redhat.com> wrote: > > On Sun, Jan 08, 2017 at 09:58:22PM +0100, Fabiano Fidêncio wrote: > >> I've been working on rhbz#1401241 > >> (https:/

[SSSD] Re: RFC: Socket-activation, some changes in the architecture.

On Mon, Jan 09, 2017 at 01:25:48PM +0100, Pavel Březina wrote: > On 01/08/2017 09:44 PM, Fabiano Fidêncio wrote: > > People, > > > > Recently I've faced some issues when testing the socket-activation > > working running as sssd-user, which will force me to take a different > > path for a few

[SSSD] Re: Group renaming issue when "id_provider = ldap" is set.

On Sun, Jan 08, 2017 at 09:58:22PM +0100, Fabiano Fidêncio wrote: > I've been working on rhbz#1401241 > (https://bugzilla.redhat.com/show_bug.cgi?id=1401241) and I'd like to > clarify some doubts that showed up. > > So, let's consider that there's a group called "foo" and user "user" > is part of

[SSSD] Re: [sssd PR#109][comment] SSSCTL: fix netgroup-show parsing

This patch is OK, but only for sssd-1-14. In master, we already fall back to parsing the name string as short name if parsing the qualified name fails. I’m not thrilled about that, because it can conceal legitimate errors, but it’s needed atm to use cache_req everywhere. So yeah, ack to this

[SSSD] Re: RFC: Configuration of trusted domain (a.k.a. subdomain) in sssd.conf

On Tue, Jan 03, 2017 at 04:46:25PM +0100, Michal Židek wrote: > Hi, > > for IPA provider, we plan to add the ability to configure > trusted domains (currently AD domains) in a similar way the > main domain is configured in sssd.conf. > > If ipadomain.test is the main IPA domain and addomain.test

[SSSD] releasing 1.15 (alpha?)

Hi, the NSS responder refactoring was merged, the socket activation patches are going to be merged soon, so here's a question: - is it OK to release a tarball when the socket activation patches are merged? Or do we want to merge something else? - should we call the release 1.15

[SSSD] Re: trac cleanup of the 1.14 backlog milestone

On Tue, Dec 06, 2016 at 12:19:00PM +0100, Michal Židek wrote: > On 12/06/2016 11:56 AM, Jakub Hrozek wrote: > > Hi, > > > > I checked the 1.14 backlog milestone. I think most of the tickets can be > > just moved to "Future releases" except for a couple where

[SSSD] Re: [PATCH] BUILD: Find a host-prefixed krb5-config when cross-compiling

On Thu, Dec 15, 2016 at 09:56:33AM +0100, Jakub Hrozek wrote: > On Wed, Dec 14, 2016 at 03:20:16PM -0800, David Michael wrote: > > --- > > > > Hi, > > > > I've encountered build failures when compiling with a different --host > > triplet. The krb5-config

[SSSD] Re: [PATCH] BUILD: Find a host-prefixed krb5-config when cross-compiling

On Wed, Dec 14, 2016 at 03:20:16PM -0800, David Michael wrote: > --- > > Hi, > > I've encountered build failures when compiling with a different --host > triplet. The krb5-config command would use /usr/bin/krb5-config instead > of the host-prefixed version for that target. Using AC_PATH_TOOL

[SSSD] trac cleanup of the 1.14 backlog milestone

Hi, I checked the 1.14 backlog milestone. I think most of the tickets can be just moved to "Future releases" except for a couple where I was quite confident the ticket can be just closed (and I just closed them), except for these: https://fedorahosted.org/sssd/ticket/1400 - [RFE] In memory

[SSSD] Re: Design document - Socket-activatable responders

On Thu, Dec 01, 2016 at 03:59:37PM +0100, Fabiano Fidêncio wrote: > On Thu, Dec 1, 2016 at 3:46 PM, Simo Sorce wrote: > > On Thu, 2016-12-01 at 15:22 +0100, Pavel Březina wrote: > >> On 12/01/2016 02:56 PM, Simo Sorce wrote: > >> > On Thu, 2016-12-01 at 14:44 +0100, Pavel Březina

[SSSD] Re: Design document - SSSD KCM server

On Tue, Nov 22, 2016 at 09:49:52AM -0500, Stephen Gallagher wrote: > On 11/22/2016 09:38 AM, Simo Sorce wrote: > > On Tue, 2016-11-22 at 09:23 -0500, Stephen Gallagher wrote: > > >> OK, so the service is only semi-socket-activated? If we're keeping tevent > >> timers > >> around for renewals and

[SSSD] Re: Design document - Socket-activatable responders

;lsleb...@redhat.com> > >> wrote: > >>> On (28/11/16 11:27), Jakub Hrozek wrote: > >>>>On Mon, Nov 28, 2016 at 10:57:44AM +0100, Pavel Březina wrote: > >>>>> On 11/28/2016 10:47 AM, Jakub Hrozek wrote: > >>>>> > On Thu, N

[SSSD] Re: Design document - Socket-activatable responders

On Tue, Nov 29, 2016 at 11:48:31AM +0100, Lukas Slebodnik wrote: > On (29/11/16 11:03), Jakub Hrozek wrote: > >On Tue, Nov 29, 2016 at 10:50:31AM +0100, Lukas Slebodnik wrote: > >> On (29/11/16 10:27), Jakub Hrozek wrote: > >> >On Tue, Nov 29, 2016 at 10:01:58A

[SSSD] Re: Design document - Socket-activatable responders

On Tue, Nov 29, 2016 at 10:50:31AM +0100, Lukas Slebodnik wrote: > On (29/11/16 10:27), Jakub Hrozek wrote: > >On Tue, Nov 29, 2016 at 10:01:58AM +0100, Lukas Slebodnik wrote: > >> On (28/11/16 11:27), Jakub Hrozek wrote: > >> >On Mon, Nov 28, 2016 at 10:57:4

[SSSD] Re: Design document - Socket-activatable responders

On Tue, Nov 29, 2016 at 10:24:03AM +0100, Fabiano Fidêncio wrote: > On Tue, Nov 29, 2016 at 10:01 AM, Lukas Slebodnik <lsleb...@redhat.com> wrote: > > On (28/11/16 11:27), Jakub Hrozek wrote: > >>On Mon, Nov 28, 2016 at 10:57:44AM +0100, Pavel Březina wrote: > >&g

[SSSD] Re: Design document - Socket-activatable responders

On Tue, Nov 29, 2016 at 10:01:58AM +0100, Lukas Slebodnik wrote: > On (28/11/16 11:27), Jakub Hrozek wrote: > >On Mon, Nov 28, 2016 at 10:57:44AM +0100, Pavel Březina wrote: > >> On 11/28/2016 10:47 AM, Jakub Hrozek wrote: > >> > On Thu, Nov 24, 2016 at 02:33:04PM

[SSSD] Re: Design document - Socket-activatable responders

On Mon, Nov 28, 2016 at 10:57:44AM +0100, Pavel Březina wrote: > On 11/28/2016 10:47 AM, Jakub Hrozek wrote: > > On Thu, Nov 24, 2016 at 02:33:04PM +0100, Fabiano Fidêncio wrote: > > > The design page is done [0] and it's based on this discussion [1] we > > > had on

[SSSD] Re: Design document - Socket-activatable responders

On Thu, Nov 24, 2016 at 02:33:04PM +0100, Fabiano Fidêncio wrote: > The design page is done [0] and it's based on this discussion [1] we > had on this very same mailing list. A pull-request with the > implementation is already opened [2]. > > [0]:

[SSSD] trac cleanup of the future releases milestone

Hi, I closed quite a few invalid tickets in the patches welcome milestone today. I also walked through the 'future releases' milestone and created two new reports, one for tickets I would like to move to 'patches welcome': https://fedorahosted.org/sssd/report/36 and one for tickets which I

[SSSD] Re: trac cleanup of the patches welcome milestone

On Thu, Nov 17, 2016 at 12:23:24PM +0100, Jakub Hrozek wrote: > Hi, > > as we're planning what exactly are we going to work on in the next release > and also preparing to move away from fedorahosted, I think it makes sense > to clean up our Trac. The intent is to make our trac be

[SSSD] Re: Design document - SSSD KCM server

On Tue, Nov 22, 2016 at 09:23:22AM -0500, Stephen Gallagher wrote: > Some thoughts inline: > > On 11/22/2016 02:51 AM, Jakub Hrozek wrote: > > ... > > > === Implementation details === > > A new SSSD responder will be added. Since accessing the Kerberos credenti

[SSSD] Design document - SSSD KCM server

debugging the setup, the admin might also inspect the SSSD secrets database (if permissable by SELinux policy) to see what credential caches have been stored by the SSSD. === Authors === * Jakub Hrozek <jhro...@redhat.com> * Simo Sorce <s...@redhat.com> _

[SSSD] Design document - SSSD's files provider

er of NSS modules back to read `files sss`. === Authors === * Stephen Gallagher <sgall...@redhat.com> * Jakub Hrozek <jhro...@redhat.com> ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: [TESTS] test_secrets.py are failing on rawhide

On Mon, Nov 21, 2016 at 03:34:49PM +0100, Lukas Slebodnik wrote: > ehlo, > > FYI: There are failing integration tests on rawhide > > test_secrets.py::test_containers FAILED > > >

<    1   2   3   4   5   6   7   8   9   10   >