URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
lslebodn commented:
"""
master:
* b130adaa3934d0531aca0f32961ab8b4cc720820
* ee7e72a65d323636600ffda271d5b5c4ddbc78b1
* 32474fa2f0a6dc09386bab405fc3461cb3dd12ac
*
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
sumit-bose commented:
"""
jfyi, I opend https://pagure.io/SSSD/sssd/issue/3419 to track the issue with
the expired password.
"""
See the full comment at
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
fidencio commented:
"""
As I have not noticed any new warning on coverity and as CI passed successfully
(although I will not share the link due to issues with our internal CI) and
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
fidencio commented:
"""
@sumit-bose, you nailed it. That's exactly the issue you described.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/268#issuecomment-305433730
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
sumit-bose commented:
"""
Yes, I think this is unrelated. I assume you just set the password as admin but
did not use it as the user. In this case the password is expired and must be
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
fidencio commented:
"""
This version works as expected!
The way I tested the patches:
- promptusername: False
```
[root@client x86_64]# sssctl user-checks "" -a auth -s gdm-smartcard
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
fidencio commented:
"""
CI: http://sssd-ci.duckdns.org/logs/job/70/58/summary.html (passed)
"""
See the full comment at
https://github.com/SSSD/sssd/pull/268#issuecomment-304788184
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
fidencio commented:
"""
I still haven't tested the code, but gave it a quite good read.
There's basically a few comments made "inline" and the most part of those are
actually doubts
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
fidencio commented:
"""
@jhrozek: feel free to also do the review.
I'm setting up an environment now in order to test it right now, but one more
pair of eyes would be nice.
"""
See the
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
jhrozek commented:
"""
@fidencio not trying to be too pushy, but these patches should be applied to
downstream as well, could you review them? Or if you're busy, I can take a look
as
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
sumit-bose commented:
"""
Rebased to current master which made the last patch obsolete.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/268#issuecomment-304298269
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
jhrozek commented:
"""
Looks like this PR must be rebased, therefore I'm setting Changes Requested.
"""
See the full comment at
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
abbra commented:
"""
I opened RFE https://pagure.io/SSSD/sssd/issue/3396 to discuss details of this.
I believe "sending potentially bogus data to SSSD" is not an argument -- any
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
sumit-bose commented:
"""
> Still, why you cannot make that decision without an option's help? Sorry, I
> don't see a difference -- why by seeing a certificate pam_sss cannot defer
>
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
abbra commented:
"""
Still, why you cannot make that decision without an option's help? Sorry, I
don't see a difference -- why by seeing a certificate `pam_sss` cannot defer
decision
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
sumit-bose commented:
"""
>Is there a technical reason sssd cannot discover what to do without
>allow_missing_name option to pam_sss? I'd prefer to avoid modifying PAM config
>files...
16 matches
Mail list logo