forked from pool/sssd
Accepting request 34177 from network:ldap
Copy from network:ldap/sssd based on submit request 34177 from user rhafer OBS-URL: https://build.opensuse.org/request/show/34177 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=1
This commit is contained in:
parent
6492cfd9b5
commit
ec865ab044
@ -1,27 +0,0 @@
|
|||||||
From 303d096f920801f7b06a7ad406ea83b4cd0219da Mon Sep 17 00:00:00 2001
|
|
||||||
From: David Disseldorp <ddiss@samba.org>
|
|
||||||
Date: Tue, 6 May 2014 15:56:42 +0200
|
|
||||||
Subject: [PATCH] build: detect endianness at configure time
|
|
||||||
|
|
||||||
WORDS_BIGENDIAN, HAVE_BIG_ENDIAN and HAVE_LITTLE_ENDIAN are needed by
|
|
||||||
Samba. See Samba's byteorder.h header for an example.
|
|
||||||
|
|
||||||
Signed-off-by: David Disseldorp <ddiss@samba.org>
|
|
||||||
---
|
|
||||||
configure.ac | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
Index: sssd-1.13.3/configure.ac
|
|
||||||
===================================================================
|
|
||||||
--- sssd-1.13.3.orig/configure.ac
|
|
||||||
+++ sssd-1.13.3/configure.ac
|
|
||||||
@@ -428,6 +428,9 @@ AM_CONDITIONAL([HAVE_DEVSHM], [test -d /
|
|
||||||
ENABLE_POLKIT_RULES_PATH
|
|
||||||
AM_CONDITIONAL([HAVE_POLKIT_RULES_D], [test x$HAVE_POLKIT_RULES_D != x])
|
|
||||||
|
|
||||||
+AC_C_BIGENDIAN([AC_DEFINE(HAVE_BIG_ENDIAN, [1], [whether platform is big endian])],
|
|
||||||
+ [AC_DEFINE(HAVE_LITTLE_ENDIAN, [1], [whether platform is little endian])])
|
|
||||||
+
|
|
||||||
abs_build_dir=`pwd`
|
|
||||||
AC_DEFINE_UNQUOTED([ABS_BUILD_DIR], ["$abs_build_dir"], [Absolute path to the build directory])
|
|
||||||
AC_SUBST([abs_builddir], $abs_build_dir)
|
|
@ -1,4 +0,0 @@
|
|||||||
sssd
|
|
||||||
supplements "packageand(sssd:pam-<targettype>)"
|
|
||||||
supplements "packageand(sssd:glibc-<targettype>)"
|
|
||||||
-/usr/lib(64)?/*
|
|
3
sssd-1.0.5.tar.gz
Normal file
3
sssd-1.0.5.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:2f3a8dca78a14b03e1a273fa7cfe5598120b83aa7477ab4c467a7dcd655c9017
|
||||||
|
size 2688987
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:3fd8fe8e6ee9f50b33eecd1bcccfaa44791f30d4e5f3113ba91457ba5f411f85
|
|
||||||
size 4661143
|
|
@ -1,7 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
iEYEABECAAYFAlZwc5IACgkQHsardTLnvCXyOgCg20lBb2owmQRYRjPZClBcn9+y
|
|
||||||
GU4AnR/tg+KqvfA/djm5yoV4/Ys3LA2g
|
|
||||||
=zefD
|
|
||||||
-----END PGP SIGNATURE-----
|
|
847
sssd.changes
847
sssd.changes
@ -1,850 +1,3 @@
|
|||||||
-------------------------------------------------------------------
|
|
||||||
Wed Dec 16 14:08:01 UTC 2015 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new maintenance release 1.13.3
|
|
||||||
* A bug that prevented user lookups and logins after migration from
|
|
||||||
winsync to IPA-AD trusts was fixed.
|
|
||||||
* A bug that prevented the ignore_group_members option from working
|
|
||||||
correctly in AD provider setups that use a dedicated primary
|
|
||||||
group (as opposed to a user-private group) was fixed.
|
|
||||||
* Offline detection and offline login timeouts were improved for AD
|
|
||||||
users logging in from a domain trusted by an IPA server.
|
|
||||||
* The AD provider supports setting up autofs_provider=ad .
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Nov 20 10:39:56 UTC 2015 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.13.2
|
|
||||||
* Initial support for Smart Card authentication was added.
|
|
||||||
* The PAM prompting was enhanced so that when Two-Factor
|
|
||||||
Authentication is used, both factors (password and token) can be
|
|
||||||
entered separately on separate prompts.
|
|
||||||
* This release supports authenticating againt a KDC proxy.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Sep 30 11:44:21 UTC 2015 - michael@stroeder.com
|
|
||||||
|
|
||||||
- Update to new upstream release 1.13.1
|
|
||||||
* Initial support for Smart Card authentication was added. The
|
|
||||||
feature can be activated with the new pam_cert_auth option.
|
|
||||||
* The PAM prompting was enhanced so that when Two-Factor
|
|
||||||
Authentication is used, both factors (password and token) can
|
|
||||||
be entered separately on separate prompts. At the same time,
|
|
||||||
only the long-term password is cached, so offline access would
|
|
||||||
still work using the long term password.
|
|
||||||
* A new command line tool sss_override is present in this
|
|
||||||
release. The tools allows to override attributes on the SSSD
|
|
||||||
side. It's helpful in environment where e.g. some hosts need to
|
|
||||||
have a different view of POSIX attributes than others. Please
|
|
||||||
note that the overrides are stored in the cache as well, so
|
|
||||||
removing the cache will also remove the overrides.
|
|
||||||
* Several enhancements to the dynamic DNS update code. Notably,
|
|
||||||
clients that update multiple interfaces work better with this
|
|
||||||
release.
|
|
||||||
* This release supports authenticating againt a KDC proxy
|
|
||||||
* The fail over code was enhanced so that if a trusted domain is
|
|
||||||
not reachable, only that domain will be marked as inactive but
|
|
||||||
the backed would stay in online mode.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Aug 20 08:34:44 UTC 2015 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.13
|
|
||||||
* Support for separate prompts when using two-factor authentication
|
|
||||||
* Added support for one-way trusts between an IPA and Active
|
|
||||||
Directory environment. (Depends on IPA 4.2)
|
|
||||||
* The fast memory cache now also supports the initgroups operation.
|
|
||||||
* The PAM responder is now capable of caching authentication for
|
|
||||||
configurable period, which might reduce server load in cases
|
|
||||||
where accounts authenticate very frequently.
|
|
||||||
Refer to the "cached_auth_timeout" option in sssd.conf(5).
|
|
||||||
* The Active Directory provider has changed the default value of
|
|
||||||
the "ad_gpo_access_control" option from permissive to enforcing.
|
|
||||||
As a consequence, the GPO access control now affects all clients
|
|
||||||
that set access_provider to ad. In order to restore the previous
|
|
||||||
behaviour, set ad_gpo_access_control to permissive or use a
|
|
||||||
different access_provider type.
|
|
||||||
* Group Policy objects defined in a different AD domain that the
|
|
||||||
computer object is defined in are now supported.
|
|
||||||
* Credential caching and Offline authentication are also available
|
|
||||||
when using two-factor authentication
|
|
||||||
* The Python bindings are now built for both Python2 and Python3.
|
|
||||||
* The LDAP bind timeout, StartTLS timeout and password change
|
|
||||||
timeout are now configurable using the ldap_opt_timeout option.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Aug 12 18:20:25 UTC 2015 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Kill unused libsss_sudo-devel solvable.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Aug 11 07:41:07 UTC 2015 - hguo@suse.com
|
|
||||||
|
|
||||||
- Obsolete/provide libsss_sudo in sssd main package.
|
|
||||||
Sudo capability is an integral feature in SSSD and the library
|
|
||||||
is not supposed to be used separately.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Jun 25 16:44:49 UTC 2015 - crrodriguez@opensuse.org
|
|
||||||
|
|
||||||
- sssd.service: add Before= and Wants=nss-user-lookup.target
|
|
||||||
correct fix for bsc#926961
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Sun Jun 14 17:44:20 UTC 2015 - michael@stroeder.com
|
|
||||||
|
|
||||||
- Update to new upstream release 1.12.5
|
|
||||||
* The background refresh tasks now supports refreshing users and
|
|
||||||
groups as well. See the "refresh_expired_interval" parameter in
|
|
||||||
the sssd.conf manpage.
|
|
||||||
* A new option subdomain_inherit was added.
|
|
||||||
* When an expired account attempts to log in, a configurable
|
|
||||||
error message can be displayed with sufficient pam_verbosity
|
|
||||||
setting. See the "pam_account_expired_message" option.
|
|
||||||
* OpenLDAP ppolicy can be honored even when an alternate login
|
|
||||||
method (such as SSH key) is used. See the "ldap_access_order"
|
|
||||||
option.
|
|
||||||
* A new option :krb5_map_user" was added, allowing the admin to
|
|
||||||
map UNIX usernames to Kerberos principals.
|
|
||||||
* BUG FIXES:
|
|
||||||
* Fixed AD-specific bugs that resulted in the incorrect set of
|
|
||||||
groups being displayed after the initgroups operation.
|
|
||||||
* Fixes related to the IPA ID views feature. Setups using this
|
|
||||||
should update sssd on both IPA servers and clients.
|
|
||||||
* The AD provider now handles binary GUIDs correctly.
|
|
||||||
* A bug that prevented the `ignore_group_members` parameter to be
|
|
||||||
used with the AD provider was fixed.
|
|
||||||
* The failover code now reads and honors TTL value for SRV
|
|
||||||
queries as well.
|
|
||||||
* Race condition between setting the timeout in the back ends and
|
|
||||||
reading it in the front end during initgroup operation was
|
|
||||||
fixed. This bug affected applications that perform the
|
|
||||||
initgroups(3) operation in multiple processes simultaneously.
|
|
||||||
* Setups that only want to use the domain SSSD is connected to,
|
|
||||||
but not the autodiscovered trusted domains by setting
|
|
||||||
`subdomains_provider=none` now work correctly as long as the
|
|
||||||
domain SID is set manually in the config file.
|
|
||||||
* In case only "allow" rules are used, the simple access provider
|
|
||||||
is now able to skip unresolvable groups.
|
|
||||||
* The GPO access control code now handles situations where user
|
|
||||||
and computer objects were in different domains.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Feb 19 10:51:22 UTC 2015 - hguo@suse.com
|
|
||||||
|
|
||||||
- Update to new upstream release 1.12.4 (Changelog highlights following)
|
|
||||||
* This is mostly a bug fixing release with only minor enhancements
|
|
||||||
visible to the end user.
|
|
||||||
* Contains many fixes and enhancements related to the ID views
|
|
||||||
functionality of FreeIPA servers.
|
|
||||||
* Several fixes related to retrieving AD group membership in an
|
|
||||||
IPA-AD trust scenario.
|
|
||||||
* Fixes a bug where the GPO access control previously didn't work
|
|
||||||
at all if debugging was enabled in smb.conf.
|
|
||||||
* SSSD can now be pinned to a particular AD site instead of
|
|
||||||
autodiscovering the site.
|
|
||||||
* A regression that caused setting the SELinux context for IPA users
|
|
||||||
to fail, was fixed.
|
|
||||||
* Fixed a potential crash caused by a double-free error when an SSSD
|
|
||||||
service was killed by the monitor process.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Feb 16 10:09:18 UTC 2015 - howard@localhost
|
|
||||||
|
|
||||||
- A minor rpmspec cleanup to get rid of five rpmlint warnings
|
|
||||||
* Remove mentioning of system-wide dbus configuration file from comments.
|
|
||||||
* Remove traditional init script.
|
|
||||||
* Remove compatibility for producing packages on older OpenSUSE releases.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Jan 8 22:23:42 UTC 2015 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.12.3
|
|
||||||
* SSSD now allows the IPA client to move from one ID view to
|
|
||||||
another after SSSD restart.
|
|
||||||
* It is possible to apply ID views to IPA domains as well.
|
|
||||||
Previous SSSD versions only allowed views to be applied to AD
|
|
||||||
trusted domains.
|
|
||||||
* Overriding SSH public keys is supported in this release.
|
|
||||||
* Move semanage related functions to a separate library.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Jan 1 22:01:02 UTC 2015 - meissner@suse.com
|
|
||||||
|
|
||||||
- build with PIE
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Nov 10 00:37:00 UTC 2014 - Led <ledest@gmail.com>
|
|
||||||
|
|
||||||
- fix bashism in postun script
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Oct 30 12:22:06 UTC 2014 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.12.2 (bugfix release, bnc#900159)
|
|
||||||
* Fixed a regression where the IPA provider did not fetch User
|
|
||||||
Private Groups correctly
|
|
||||||
* An important bug in the GPO access control which resulted in a
|
|
||||||
wrong principal being used, was fixed.
|
|
||||||
* Several new options are available for deployments that need to
|
|
||||||
restrict a certain PAM service from connecting to a certain SSSD
|
|
||||||
domain. For more details, see the description of
|
|
||||||
pam_trusted_users and pam_public_domains options in the
|
|
||||||
sssd.conf(5) man page and the domains option in the pam_sss(8)
|
|
||||||
man page.
|
|
||||||
* When SSSD is acting as an IPA client in setup with trusted AD
|
|
||||||
domains, it is able to return group members or full group
|
|
||||||
memberships for users from trusted AD domains.
|
|
||||||
* Support for the "views" feature of IPA.
|
|
||||||
- Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch
|
|
||||||
(merged upstream)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Sat Oct 11 13:36:48 UTC 2014 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch
|
|
||||||
to workaround bad autoconf invocation
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Sat Oct 11 00:16:15 UTC 2014 - crrodriguez@opensuse.org
|
|
||||||
|
|
||||||
- 0001-build-detect-endianness-at-configure-time.patch
|
|
||||||
Correct defective endianness test.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Oct 6 13:25:23 UTC 2014 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.12.1
|
|
||||||
* The GPO access control was further enhanced to allow the access
|
|
||||||
control decisions while offline and map the Windows logon
|
|
||||||
rights onto Linux PAM services.
|
|
||||||
* The SSSD now ships a plugin for the rpc.idmapd daemon,
|
|
||||||
sss_rpcidmapd(5).
|
|
||||||
* A MIT Kerberos localauth plugin was added to SSSD. This plugin
|
|
||||||
helps translating principals to user names in IPA-AD trust
|
|
||||||
scenarios, allowing the krb5.conf configuration to be less
|
|
||||||
complex.
|
|
||||||
* A libwbclient plugin implementation is now part of the SSSD.
|
|
||||||
The main purpose is to map Active Directory users and groups
|
|
||||||
identified by their SID to POSIX users and groups for the
|
|
||||||
file-server use-case.
|
|
||||||
* Active Directory users ca nnow use their User Logon Name to log
|
|
||||||
in.
|
|
||||||
* The sss_cache tool was enhanced to allow invalidating the SSH
|
|
||||||
host keys.
|
|
||||||
* Groups without full POSIX information can now be used to enroll
|
|
||||||
group membership (CVE-2014-0249).
|
|
||||||
* Detection of transition from offline to online state was
|
|
||||||
improved, resulting in fewer timeouts when SSSD is offline.
|
|
||||||
* The Active Directory provider now correctly detects Windows
|
|
||||||
Server 2012 R2. Previous versions would fall back to the slower
|
|
||||||
non-AD path with 2012 R2.
|
|
||||||
* Several other bugs related to deployments where SSSD is acting
|
|
||||||
as an AD client were fixed.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Aug 22 15:44:14 UTC 2014 - lchiquitto@suse.com
|
|
||||||
|
|
||||||
- The utility sss_obfuscate uses the Python module pysss, so add a
|
|
||||||
dependency on python-sssd-config to sssd-tools (bnc#890242)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Sun Aug 10 12:20:50 UTC 2014 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.12.0
|
|
||||||
* A new responder, called InfoPipe was added. This responder
|
|
||||||
provides a public D-Bus interface accessible over the system bus.
|
|
||||||
In this release, methods for retrieving user attributes and list
|
|
||||||
of groups were added as well as objects representing SSSD domains
|
|
||||||
and processes. (The next 1.12.x releases will publish objects
|
|
||||||
representing users and groups, too.)
|
|
||||||
* SSSD provides an ID-mapping plugin for cifs-utils so that Windows
|
|
||||||
SIDs can be mapped onto POSIX IDs and/or names without requiring
|
|
||||||
Winbind and using the same code as the SSSD uses for identity
|
|
||||||
information.
|
|
||||||
* First phase of Group Policy-based access control for the AD
|
|
||||||
provider was added. At the moment, the gpo-ldap component that
|
|
||||||
downloads the list of GPOs that apply for the specific client has
|
|
||||||
been implemented as well as the gpo-smb component that retrieves
|
|
||||||
the group policy files and determines the access control check
|
|
||||||
results based on those files. Future improvements will focus on
|
|
||||||
storing the GPO policies as local files and mapping the Windows
|
|
||||||
logon rights onto Linux PAM services.
|
|
||||||
* Added a new library called sss_sifp that provides a simple
|
|
||||||
synchronous API for communication with our new InfoPipe responder
|
|
||||||
over the system bus.
|
|
||||||
- Remove 0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch
|
|
||||||
(merged upstream)
|
|
||||||
- Provide "rcsssd" in systemd environments
|
|
||||||
- Ensure sssd is always startable by removing /var/lib/sss/db/*.ldb
|
|
||||||
on package installation so as to avoid potentially cache
|
|
||||||
format incompatibility which would cause sssd to exit
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Jun 12 14:18:30 UTC 2014 - ckornacker@suse.com
|
|
||||||
|
|
||||||
- fix %postun to not erroneously remove sss pam module
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue May 27 16:56:42 UTC 2014 - crrodriguez@opensuse.org
|
|
||||||
|
|
||||||
- Switch to libnl-3 so we can get rid of libnl-1.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Sat May 24 14:36:43 UTC 2014 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Redo 0001-build-detect-endianness-at-configure-time.patch to be -p1
|
|
||||||
- Add 0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch
|
|
||||||
to resolve runtime loading problems
|
|
||||||
(http://lists.opensuse.org/opensuse-factory/2014-05/msg00181.html )
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue May 13 11:11:59 UTC 2014 - varkoly@suse.com
|
|
||||||
|
|
||||||
- bnc#877457 - 78 Configuration file /usr/lib/systemd/system/sssd.service is marked executable.
|
|
||||||
Please remove executable permission bits.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue May 6 14:01:29 UTC 2014 - ddiss@suse.com
|
|
||||||
|
|
||||||
- Detect endianness at configure time, for use by Samba's byteorder.h header;
|
|
||||||
(bnc#876544).
|
|
||||||
+ 0001-build-detect-endianness-at-configure-time.patch
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Apr 29 10:00:57 UTC 2014 - varkoly@suse.com
|
|
||||||
|
|
||||||
- Update to new upstream release 1.11.5.1
|
|
||||||
* sssd crashes after upgrade from 1.11.4 to 1.11.5 when using a samba4 domain
|
|
||||||
* SSSD pam module accepts usernames with leading spaces
|
|
||||||
* [RFE] Expose the list of trusted domains to IPA
|
|
||||||
* If both IPA and LDAP are set up with enumeration on, two enum tasks are running
|
|
||||||
* sssd.conf man pages don't list a configuration option.
|
|
||||||
* Make SSSD compilable on systems with non-standard paths to krb5 includes
|
|
||||||
* [freebsd] pam_sss: add ignore_unknown_user option
|
|
||||||
* MAN: Remove misleading memberof example from ldap_access_filter example
|
|
||||||
* not retrieving homedirs of AD users with posix attributes
|
|
||||||
* Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes
|
|
||||||
* Check IPA idranges before saving them to the cache
|
|
||||||
* Evaluate usage of sudo LDAP provider together with the AD provider
|
|
||||||
* Setting int option to 0 yields the default value
|
|
||||||
* ipa-server-mode: Use lower-case user name component in home dir path
|
|
||||||
* SSSD Does not cache SELinux map from FreeIPA correctly
|
|
||||||
* IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in
|
|
||||||
* sssd fails to handle expired passwords when OTP is used
|
|
||||||
* Add another Kerberos error code to trigger IPA password migration
|
|
||||||
* Double OK when starting the service
|
|
||||||
* SSSD should create the SELinux mapping file with format expected by pam_selinux
|
|
||||||
* Valgrind: Invalid read of int while processing netgroup
|
|
||||||
* other subdomains are unavailable when joined to a subdomain in the ad forest
|
|
||||||
* Error during password change
|
|
||||||
* configure time variables not expanded when running ./configure
|
|
||||||
* RHEL7 IPA selinuxusermap hbac rule not always matching
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Mar 7 15:18:34 UTC 2014 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.11.4
|
|
||||||
* The simple access provider supports specifying users and groups
|
|
||||||
using their NetBIOS domain name (such as DOMAIN\username)
|
|
||||||
* Support for enumerating users and groups from trusted AD domains
|
|
||||||
was added to the AD provider
|
|
||||||
* The Active Directory site discovery was made more robust for
|
|
||||||
configurations which use multiple trusted domains
|
|
||||||
* Several bugs in the LDAP provider that affected setups which
|
|
||||||
mapped Windows SIDs to POSIX IDs were fixed
|
|
||||||
* The SSSD is now able to use One Time Password (OTP)
|
|
||||||
authentication configured on an IPA server.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Dec 20 21:54:58 UTC 2013 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.11.3
|
|
||||||
* The AD provider is able to resolve group memberships for groups
|
|
||||||
with Global and Universal scope
|
|
||||||
* The initgroups (get groups for user) operation for users from
|
|
||||||
trusted AD domains was made more reliable by reading the required
|
|
||||||
tokenGroups attribute from LDAP instead of Global Catalog
|
|
||||||
* A new option ad_enable_gc was added to the AD provider. This
|
|
||||||
option allows the administrator to force SSSD to talk to LDAP
|
|
||||||
port only and never try the Global Catalog
|
|
||||||
* The AD provider is now able to leverage the tokenGroups attribute
|
|
||||||
even when POSIX attributes are used, providing better performance
|
|
||||||
during logins.
|
|
||||||
* A memory leak in the NSS responder that affected long-lived
|
|
||||||
clients that requested netgroup data was fixed
|
|
||||||
- Remove sssd-ldflags.diff (merged upstream)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Nov 28 16:51:39 UTC 2013 - ckornacker@suse.com
|
|
||||||
|
|
||||||
- Migrate deprecated krb5_kdcip variable to krb5_server (bnc#851048)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Nov 1 22:12:03 UTC 2013 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.11.2
|
|
||||||
* A new option ad_access_filter was added. This option allows the
|
|
||||||
administrator to easily configure LDAP search filter that the users
|
|
||||||
logging in must match in order to be granted access.
|
|
||||||
* The Kerberos provider will no longer try to create public
|
|
||||||
directories when evaluating the krb5_ccachedir option.
|
|
||||||
- Remove 0005-implicit-decl.diff (merged upstream)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Sep 3 21:12:37 UTC 2013 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.11.0
|
|
||||||
* The sudo integration was made more robust. SSSD is now able to
|
|
||||||
gracefully handle situations where it is not able to resolve the
|
|
||||||
client host name or sudo rules have multiple name attributes.
|
|
||||||
* Several nested group membership bugs were fixed
|
|
||||||
* The PAC responder was made more robust and efficient, modifying
|
|
||||||
existing cache entries instead of always recreating them.
|
|
||||||
* The Kerberos provider now supports the new KEYRING ccache type.
|
|
||||||
- Remove sssd-no-ldb-check.diff, now implemented through a
|
|
||||||
configure argument --disable-ldb-version-check
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Sun Jun 16 16:11:42 UTC 2013 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Explicitly formulate SASL BuildRequires
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu May 2 09:20:49 UTC 2013 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.9.5
|
|
||||||
* Includes a fix for CVE-2013-0287: A simple access provider flaw
|
|
||||||
prevents intended ACL use when SSSD is configured as an Active
|
|
||||||
Directory client.
|
|
||||||
* Fixed spurious password expiration warning that was printed on
|
|
||||||
login with the Kerberos back end.
|
|
||||||
* A new option ldap_rfc2307_fallback_to_local_users was added. If
|
|
||||||
this option is set to true, SSSD is be able to resolve local
|
|
||||||
group members of LDAP groups.
|
|
||||||
* Fixed an indexing bug that prevented the contents of autofs maps
|
|
||||||
from being returned to the automounter deamon in case the map
|
|
||||||
contained a large number of entries.
|
|
||||||
* Several fixes for safer handling of Kerberos credential caches
|
|
||||||
for cases where the ccache is set to be stored in a DIR: type.
|
|
||||||
- Remove Provide-a-be_get_account_info_send-function.patch,
|
|
||||||
Add-unit-tests-for-simple-access-test-by-groups.patch,
|
|
||||||
Do-not-compile-main-in-DP-if-UNIT_TESTING-is-defined.patch,
|
|
||||||
Resolve-GIDs-in-the-simple-access-provider.patch
|
|
||||||
(CVE-2013-0287 material is in upstream),
|
|
||||||
sssd-sysdb-binary-attrs.diff (merged upstream)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Apr 5 16:35:07 UTC 2013 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Implement signature verification
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Mar 20 10:05:00 UTC 2013 - rhafer@suse.com
|
|
||||||
|
|
||||||
- Fixed security issue: CVE-2013-0287 (bnc#809153):
|
|
||||||
When SSSD is configured as an Active Directory client by using
|
|
||||||
the new Active Directory provider or equivalent configuration
|
|
||||||
of the LDAP provider, the Simple Access Provider does not
|
|
||||||
handle access control correctly. If any groups are specified
|
|
||||||
with the simple_deny_groups option, the group members are
|
|
||||||
permitted access. New patches:
|
|
||||||
* Provide-a-be_get_account_info_send-function.patch
|
|
||||||
* Add-unit-tests-for-simple-access-test-by-groups.patch
|
|
||||||
* Do-not-compile-main-in-DP-if-UNIT_TESTING-is-defined.patch
|
|
||||||
* Resolve-GIDs-in-the-simple-access-provider.patch
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Feb 26 08:29:43 UTC 2013 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Resolve user retrieval problems when encountering binary data
|
|
||||||
in LDAP attributes (bnc#806078),
|
|
||||||
added sssd-sysdb-binary-attrs.diff
|
|
||||||
- Added sssd-no-ldb-check.diff so that SSSD continues to start
|
|
||||||
even after an LDB update.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Feb 8 10:31:52 UTC 2013 - rhafer@suse.com
|
|
||||||
|
|
||||||
- fix package name in baselibs.conf (bnc#796423)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Jan 31 16:34:47 UTC 2013 - rhafer@suse.com
|
|
||||||
|
|
||||||
- update to 1.9.4 (bnc#801036):
|
|
||||||
* A security bug assigned CVE-2013-0219 was fixed - TOCTOU race
|
|
||||||
conditions when creating or removing home directories for users
|
|
||||||
in local domain
|
|
||||||
* A security bug assigned CVE-2013-0220 was fixed - out-of-bounds
|
|
||||||
reads in autofs and ssh responder
|
|
||||||
* The sssd_pam responder processes pending requests after
|
|
||||||
reconnect
|
|
||||||
* A serious memory leak in the NSS responder was fixed
|
|
||||||
* Requests that were processing group entries with DNs pointing
|
|
||||||
out of any configured search bases were not terminated
|
|
||||||
correctly, causing long timeouts
|
|
||||||
* Kerberos tickets are correctly renewed even after SSSD daemon
|
|
||||||
restart
|
|
||||||
* Multiple fixes related to SUDO integration, in particular
|
|
||||||
fixing functionality when the sssd back end process was
|
|
||||||
changing its online/offline status
|
|
||||||
* The pwd_exp_warning option was fixed to function as documented
|
|
||||||
in the manual page
|
|
||||||
- refreshed sssd-ldflags.diff to apply cleanly
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Dec 10 09:55:35 UTC 2012 - rhafer@suse.com
|
|
||||||
|
|
||||||
- Removed left-over "Requires" for no longer existing sssd-client
|
|
||||||
subpackage.
|
|
||||||
- New patch: sssd-ldflags.diff to fix link failures due to erroneous
|
|
||||||
LDFLAGS usage
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Dec 6 10:38:59 UTC 2012 - rhafer@suse.com
|
|
||||||
|
|
||||||
- Switch back to using libcrypto instead of mozilla-nss as it seems
|
|
||||||
to be supported upstream again, cf.
|
|
||||||
https://lists.fedorahosted.org/pipermail/sssd-devel/2012-June/010202.html
|
|
||||||
- Cleanup PAM configuration after uninstalling sssd (bnc#788328)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Dec 6 09:05:29 UTC 2012 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.9.3
|
|
||||||
* Many fixes related to deployments where the SSSD is running as
|
|
||||||
a client of IPA server with trust relation established with an
|
|
||||||
Active Directory server
|
|
||||||
* Multiple fixes related to correct reporting of group
|
|
||||||
memberships, especially in setups that use nested groups
|
|
||||||
* Fixed a bug that prevented upgrade from the 1.8 series if the
|
|
||||||
cache contained nested groups before the upgrade
|
|
||||||
* Restarting the responders is more robust for cases where the
|
|
||||||
machine is under heavy load during back end restart
|
|
||||||
* The default_shell option can now be also set per-domain in
|
|
||||||
addition to global setting.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Sat Nov 10 00:27:06 UTC 2012 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.9.2
|
|
||||||
* Users or groups from trusted domains can be retrieved by UID or
|
|
||||||
GID as well
|
|
||||||
* Several fixes that mitigate file descriptor leak during logins
|
|
||||||
* SSH host keys are also removed from the cache after being
|
|
||||||
removed from the server
|
|
||||||
* Fix intermittent crash in responders if the responder was
|
|
||||||
shutting down while requests were still pending
|
|
||||||
* Catch an error condition that might have caused a tight loop in
|
|
||||||
the sssd_nss process while refreshing expired enumeration request
|
|
||||||
* Fixed memory hierarchy of subdomains discovery requests that
|
|
||||||
caused use-after-free access bugs
|
|
||||||
* The krb5_child and ldap_child processes can print libkrb5 tracing
|
|
||||||
information in the debug logs
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Jun 27 12:32:05 UTC 2012 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.8.93 (1.9.0~beta3)
|
|
||||||
* Add native support for autofs to the IPA provider
|
|
||||||
* Support for id mapping when connecting to Active Directory
|
|
||||||
* Support for handling very large (> 1500 users) groups in
|
|
||||||
Active Directory
|
|
||||||
* Add a new fast in-memory cache to speed up lookups of cached data
|
|
||||||
on repeated requests
|
|
||||||
* Add support for the Kerberos DIR cache for storing multiple TGTs
|
|
||||||
automatically
|
|
||||||
* Add a new PAC responder for dealing with cross-realm Kerberos
|
|
||||||
trusts
|
|
||||||
* Terminate idle connections to the NSS and PAM responders
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu May 10 04:22:47 UTC 2012 - jengelh@inai.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.8.3
|
|
||||||
* LDAP: Handle situations where the RootDSE is not available
|
|
||||||
anonymously
|
|
||||||
* LDAP: Fix regression for users using non-standard LDAP attributes
|
|
||||||
for user information
|
|
||||||
- Switch from openssl to mozilla-nss, as this is the officially
|
|
||||||
supported crypto integration
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Apr 13 13:03:44 PDT 2012 - ben.kevan@gmail.com
|
|
||||||
|
|
||||||
- Fix build error on SLES 11 builds
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Apr 9 21:45:45 PDT 2012 - ben.kevan@gmail.com
|
|
||||||
|
|
||||||
- Add suse_version condition for glib over libunistring for
|
|
||||||
SLES 11 SP2.
|
|
||||||
- Update to new upstream release 1.8.2
|
|
||||||
* Fix for GSSAPI binds when the keytab contains unrelated
|
|
||||||
principals
|
|
||||||
* Workarounds added for LDAP servers with unreadable RootDSE
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Apr 4 16:13:33 PDT 2012 - ben.kevan@gmail.com
|
|
||||||
|
|
||||||
- Update to new upstream release 1.8.1
|
|
||||||
* Resolve issue where we could enter an infinite loop trying to
|
|
||||||
connect to an auth server
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
|
|
||||||
Sun Mar 11 18:36:44 UTC 2012 - jengelh@medozas.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.8.0
|
|
||||||
* Support for the service map in NSS
|
|
||||||
* Support for setting default SELinux user context from FreeIPA
|
|
||||||
* Support for retrieving SSH user and host keys from LDAP
|
|
||||||
* Support for caching autofs LDAP requests
|
|
||||||
* Support for caching SUDO rules
|
|
||||||
* Include the IPA AutoFS provider
|
|
||||||
* Fixed several memory-corruption bugs
|
|
||||||
* Fixed a regression in the proxy provider
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Oct 19 13:56:57 UTC 2011 - rhafer@suse.de
|
|
||||||
|
|
||||||
- Fixed systemd related packaging issues (bnc#724157)
|
|
||||||
- fixed build on older openSUSE releases
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Sep 19 17:07:24 UTC 2011 - jengelh@medozas.de
|
|
||||||
|
|
||||||
- Resolve "have choice for libnl-devel:
|
|
||||||
libnl-1_1-devel libnl3-devel"
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Aug 2 08:46:53 UTC 2011 - rhafer@suse.de
|
|
||||||
|
|
||||||
- Fixed typos in configure args
|
|
||||||
- Cherry-picked password policy fixes from 1.5 branch (bnc#705768)
|
|
||||||
- switched to fd-leak fix cherry-picked from 1.5 branch
|
|
||||||
- Add /usr/sbin to the search path to make configure find nscd
|
|
||||||
(bnc#709747)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Jul 29 10:39:51 UTC 2011 - jengelh@medozas.de
|
|
||||||
|
|
||||||
- Add patches to fix an fd leak in sssd_pam
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Jul 28 10:03:32 UTC 2011 - jengelh@medozas.de
|
|
||||||
|
|
||||||
- Update to new upstream release 1.5.11
|
|
||||||
* Support for overriding home directory, shell and primary GID
|
|
||||||
locally
|
|
||||||
* Properly honor TTL values from SRV record lookups
|
|
||||||
* Support non-POSIX groups in nested group chains (for RFC2307bis
|
|
||||||
LDAP servers)
|
|
||||||
* Properly escape IPv6 addresses in the failover code
|
|
||||||
* Do not crash if inotify fails (e.g. resource exhaustion)
|
|
||||||
- Remove redundant %clean section; delete .la files more
|
|
||||||
efficiently
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Jun 7 08:59:04 UTC 2011 - rhafer@suse.de
|
|
||||||
|
|
||||||
- Update to 1.5.8:
|
|
||||||
* Support for the LDAP paging control
|
|
||||||
* Support for multiple DNS servers for name resolution
|
|
||||||
* Fixes for several group membership bugs
|
|
||||||
* Fixes for rare crash bugs
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed May 4 09:22:20 UTC 2011 - rhafer@suse.de
|
|
||||||
|
|
||||||
- Update to 1.5.7
|
|
||||||
* A flaw was found in the handling of cached passwords when
|
|
||||||
kerberos renewal tickets is enabled. Due to a bug, the cached
|
|
||||||
password was overwritten with a (moderately) predictable
|
|
||||||
filename, which could allow a user to authenticate as someone
|
|
||||||
else if they knew the name of the cache file (bnc#691135,
|
|
||||||
CVE-2011-1758)
|
|
||||||
- Changes in 1.5.6:
|
|
||||||
* Fixed a serious memory leak in the memberOf plugin
|
|
||||||
* Fixed a regression with the negative cache that caused it to be
|
|
||||||
essentially nonfunctional
|
|
||||||
* Fixed an issue where the user's full name would sometimes be
|
|
||||||
removed from the cache
|
|
||||||
* Fixed an issue with password changes in the kerberos provider
|
|
||||||
not working with kpasswd
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Apr 14 11:31:38 UTC 2011 - rhafer@suse.de
|
|
||||||
|
|
||||||
- Update to 1.5.5
|
|
||||||
* Fixes for several crash bugs
|
|
||||||
* LDAP group lookups will no longer abort if there is a
|
|
||||||
zero-length member attribute
|
|
||||||
* Add automatic fallback to 'cn' if the 'gecos' attribute does not
|
|
||||||
exist
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Mar 30 09:47:23 UTC 2011 - rhafer@suse.de
|
|
||||||
|
|
||||||
- Should build in SLE-11-SP1 now
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Mar 29 13:23:57 UTC 2011 - rhafer@suse.de
|
|
||||||
|
|
||||||
- Updated to 1.5.4
|
|
||||||
* Fixes for Active Directory when not all users and groups have
|
|
||||||
POSIX attributes
|
|
||||||
* Fixes for handling users and groups that have name aliases
|
|
||||||
(aliases are ignored)
|
|
||||||
* Fix group memberships after initgroups in the IPA provider
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Mar 24 15:42:02 UTC 2011 - rhafer@suse.de
|
|
||||||
|
|
||||||
- Updated to 1.5.3
|
|
||||||
* Support for libldb >= 1.0.0
|
|
||||||
* Proper detection of manpage translations
|
|
||||||
* Changes between 1.5.1 and 1.5.2
|
|
||||||
* Fixes for support of FreeIPA v2
|
|
||||||
* Fixes for failover if DNS entries change
|
|
||||||
* Improved sss_obfuscate tool with better interactive mode
|
|
||||||
* Fix several crash bugs
|
|
||||||
* Don't attempt to use START_TLS over SSL. Some LDAP servers
|
|
||||||
can't handle this
|
|
||||||
* Delete users from the local cache if initgroups calls return
|
|
||||||
'no such user' (previously only worked for getpwnam/getpwuid)
|
|
||||||
* Use new Transifex.net translations
|
|
||||||
* Better support for automatic TGT renewal (now survives
|
|
||||||
restart)
|
|
||||||
* Netgroup fixes
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Mar 8 13:22:58 UTC 2011 - rhafer@suse.de
|
|
||||||
|
|
||||||
- Updated to 1.5.1
|
|
||||||
* Vast performance improvements when enumerate = true
|
|
||||||
* All PAM actions will now perform a forced initgroups lookup
|
|
||||||
instead of just a user information lookup This guarantees that
|
|
||||||
all group information is available to other providers, such as
|
|
||||||
the simple provider.
|
|
||||||
* For backwards-compatibility, DNS lookups will also fall back to
|
|
||||||
trying the SSSD domain name as a DNS discovery domain.
|
|
||||||
* Support for more password expiration policies in LDAP
|
|
||||||
- 389 Directory Server
|
|
||||||
- FreeIPA
|
|
||||||
- ActiveDirectory
|
|
||||||
* Support for ldap_tls_{cert,key,cipher_suite} config options
|
|
||||||
* Assorted bugfixes
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Jan 19 09:32:35 UTC 2011 - rhafer@suse.de
|
|
||||||
|
|
||||||
- /var/lib/sss/pubconf was missing (bnc#665442)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Jan 18 09:08:35 UTC 2011 - rhafer@suse.de
|
|
||||||
|
|
||||||
- It was possible to make sssd hang forever inside a loop in the
|
|
||||||
PAM responder by sending a carefully crafted packet to sssd.
|
|
||||||
This could be exploited by a local attacker to crash sssd and
|
|
||||||
prevent other legitimate users from logging into the system.
|
|
||||||
(bnc#660481, CVE-2010-4341)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Sun Dec 19 13:37:32 UTC 2010 - aj@suse.de
|
|
||||||
|
|
||||||
- Own /etc/systemd directories to fix build.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Nov 25 16:30:40 UTC 2010 - rhafer@novell.com
|
|
||||||
|
|
||||||
- install systemd service file
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Nov 16 11:06:02 UTC 2010 - rhafer@novell.com
|
|
||||||
|
|
||||||
- Updated to 1.4.1
|
|
||||||
* Add support for netgroups to the LDAP and proxy providers
|
|
||||||
* Fixes a minor bug with UIDs/GIDs >= 2^31
|
|
||||||
* Fixes a segfault in the kerberos provider
|
|
||||||
* Fixes a segfault in the NSS responder if a data provider crashes
|
|
||||||
* Correctly use sdap_netgroup_search_base
|
|
||||||
* the utility libraries libpath_utils1, libpath_utils-devel,
|
|
||||||
libref_array1 and libref_array-devel moved to their own
|
|
||||||
separate upstream project (ding-libs)
|
|
||||||
* Performance improvements made to group processing of RFC2307
|
|
||||||
LDAP servers
|
|
||||||
* Fixed nested group issues with RFC2307bis LDAP servers without
|
|
||||||
a memberOf plugin
|
|
||||||
* Manpage reviewed and updated
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Sep 13 12:23:47 UTC 2010 - coolo@novell.com
|
|
||||||
|
|
||||||
- remove hard coded python version
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Sep 3 13:17:48 UTC 2010 - rhafer@novell.com
|
|
||||||
|
|
||||||
- No dependencies on %{release}
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Aug 30 12:57:47 UTC 2010 - rhafer@novell.com
|
|
||||||
|
|
||||||
- Updated to 1.3.1
|
|
||||||
* Fixes to the HBAC backend for obsolete or removed HBAC entries
|
|
||||||
* Improvements to log messages around TLS and GSSAPI for LDAP
|
|
||||||
* Support for building in environments using --as-needed LDFLAGS
|
|
||||||
* Vast performance improvement for initgroups on RFC2307 LDAP servers
|
|
||||||
* Long-running SSSD clients (e.g. GDM) will now reconnect properly to the
|
|
||||||
daemon if SSSD is restarted
|
|
||||||
* Rewrote the internal LDB cache API. As a synchronous API it is now faster
|
|
||||||
to access and easier to work with
|
|
||||||
* Eugene Indenbom contributed a sizeable amount of code to the LDAP provider
|
|
||||||
- We now handle failover situations much more reliably than we did
|
|
||||||
previously
|
|
||||||
- We also will now monitor the GSSAPI kerberos ticket and automatically
|
|
||||||
renew it when appropriate, instead of waiting for a connection to fail
|
|
||||||
* Support for netlink now allows us to more quickly detect situations
|
|
||||||
where we may have come online
|
|
||||||
* New option "dns_discovery_domain" allows better configuration for
|
|
||||||
using SRV records for failover
|
|
||||||
- New subpackages: libpath_utils1, libpath_utils-devel, libref_array1
|
|
||||||
and libref_array-devel
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Mar 31 14:02:43 UTC 2010 - rhafer@novell.com
|
|
||||||
|
|
||||||
- Package pam- and nss-Modules as baselibs
|
|
||||||
- cleaned up file list and dependencies
|
|
||||||
- fixed init script dependencies
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Mar 31 07:57:25 UTC 2010 - rhafer@novell.com
|
|
||||||
|
|
||||||
- Updated to 1.1.0
|
|
||||||
* Support for IPv6
|
|
||||||
* Support for LDAP referrals
|
|
||||||
* Offline failed login counter
|
|
||||||
* Fix for the long-standing cache cleanup performance issues
|
|
||||||
* libini_config, libcollection, libdhash, libref_array and
|
|
||||||
libpath_utils are now built as shared libraries for general
|
|
||||||
consumption (libref_array and libpath_utils are currently not
|
|
||||||
packaged, as no component in sssd links against them)
|
|
||||||
* Users get feedback from PAM if they authenticated offline
|
|
||||||
* Native local backend now has a utility to show nested memberships
|
|
||||||
(sss_groupshow)
|
|
||||||
* New "simple" access provider for easy restriction of users
|
|
||||||
- Backported libcrypto support from master to avoid Mozilla NSS
|
|
||||||
dependency
|
|
||||||
- Backported password policy improvments for LDAP provider from
|
|
||||||
master
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Mar 8 14:06:29 UTC 2010 - rhafer@novell.com
|
|
||||||
|
|
||||||
- use logfiles for debug messages by default
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Mar 5 12:57:25 UTC 2010 - rhafer@novell.com
|
Fri Mar 5 12:57:25 UTC 2010 - rhafer@novell.com
|
||||||
|
|
||||||
|
34
sssd.keyring
34
sssd.keyring
@ -1,34 +0,0 @@
|
|||||||
pub 1024D/32E7BC25 2007-02-02
|
|
||||||
uid Jakub Hrozek <jhrozek@redhat.com>
|
|
||||||
sub 2048g/132DCA21 2007-02-02
|
|
||||||
|
|
||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
Version: GnuPG v2.0.19 (GNU/Linux)
|
|
||||||
|
|
||||||
mQGiBEXDdfURBACLDLdnY7LeLJ7fh3HQWojKuMtJGV3tmTRtt58XnEf/FPJae0MU
|
|
||||||
XQDAKJM7MDYf0yDNT6Nq6WMQDAIHznFdGRTTSaD97kMeYO11i60FfZ9nM88XJCv0
|
|
||||||
R+OiWh8d7ChCG6riv/AUeNtg++casIQNB8xK9HKLFBS1e+q3b+rXTS9crwCg7FWX
|
|
||||||
qZoZrm4lPlBZQltfhzdmvn8D/3CyvgtW5hwr7w+ScQcYnBxdVCtMPSEo541Ealjg
|
|
||||||
q9Knn4sE9lnGjtG4RCYMT2Sideognk9Ah5nWOGynwta6cluCEqlF6ORJPKpAeqG1
|
|
||||||
a2zpn3iSPbUiyRF+udta9sbwL0hsJTcPTGzvDZO/XtMoHSSyPi/Xum6R+jwISv7n
|
|
||||||
TMQpA/0efY/Gy/SZrulBgQqKBMbaW2phvgRThph4n31IYrlSB6tAqN0G7VL6AFcs
|
|
||||||
iOJZPhu0TNqEOSYE6Mh5/YBwRPnrKMHZYXiKOeUrfjvURVq+l5dTX7KNtbnCrhS+
|
|
||||||
Rlgq1uin5L7g8QbAKMns32Mo1MxB5aN0YUL5pTbJuWL0Sb2Kb7QhSmFrdWIgSHJv
|
|
||||||
emVrIDxqaHJvemVrQHJlZGhhdC5jb20+iF8EExECACAFAkXDdfUCGwMGCwkIBwMC
|
|
||||||
BBUCCAMEFgIDAQIeAQIXgAAKCRAexqt1Mue8JSHBAKCjYF/HshYkJ8pSZTilLO0y
|
|
||||||
bMWOFwCYlOqF7icGVDFT42W3CoqLfgajCrkCDQRFw3YAEAgAuqo0FxH1XtdOi/qW
|
|
||||||
6v+tWdqYHLj/f0Voqj1cbpS+cODNTaX1/Xf4Jnv6vm4lOG5gIkqD1e5UCpG5pDJv
|
|
||||||
MkrpY0lYRr5RGoC29tHZYXfEBVEkdhuU7ZTSQRaoitK5TSwjOj5aKvFSHEjMrCWc
|
|
||||||
GSUajECQkRHwZb3HK2wqqBWrJjjjPtj+5cQg+sKp7Zp6xU3iZlMoVfdYi/zGenum
|
|
||||||
Cp5SMm8CZZ5gcsNZhjItkTww5K//N6Kz41oMYyHlgh029JD0LHPgKacP3KeEEDzS
|
|
||||||
DEx/SSEF4zD/EfLDHehga/n0ZisNmxdxue/BI2Lm7qqGNDtV+qa17pIJ6fPfafbS
|
|
||||||
AKYatwAECwf/SuMkZN36UDsoOn06qIrYi5JBss3sOfheJEnqUIEO0JCpyb+fqisd
|
|
||||||
qoTJM0G5gFpCvuZOACpzzVv0WjhlMIyPl/7UuP4KYI6LGqAARqNxsHT7FNxT0Uv6
|
|
||||||
QR8fGPQqVdFLFBd66EBL9PnOt3RDYwtJlD9cMNUNpzWEXjJ3RCk0lZF2eljpPlu0
|
|
||||||
Or53OuiommnhmcmjxR5gvMf4pLqURhEZ2U0ylRiTiTIk0YyIASsDnAf0BClFXz4i
|
|
||||||
4qSD6jJloKorRC7Mu87xi1DG4ML+FYC/2d53I8OqHBRhtNUt/GbcthsHDxFq5iVp
|
|
||||||
NxwDAX1vr65PWv98pvTMnJmjIDhfgwJMdIhJBBgRAgAJBQJFw3YAAhsMAAoJEB7G
|
|
||||||
q3Uy57wllOcAoKkHB3lDFWlUNcSLdRCQxfsCCy7zAJ9GLSU2G0HR+hQVMi2ONorE
|
|
||||||
i/EyTA==
|
|
||||||
=nO6v
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
15
sssd.service
15
sssd.service
@ -1,15 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=System Security Services Daemon
|
|
||||||
Before=nss-user-lookup.target
|
|
||||||
Wants=nss-user-lookup.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
EnvironmentFile=-/etc/sysconfig/sssd
|
|
||||||
ExecStart=/usr/sbin/sssd -D -f
|
|
||||||
# These two should be used with traditional UNIX forking daemons
|
|
||||||
# consult systemd.service(5) for more details
|
|
||||||
Type=forking
|
|
||||||
PIDFile=/var/run/sssd.pid
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
786
sssd.spec
786
sssd.spec
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package sssd
|
# spec file for package sssd (Version 1.0.5)
|
||||||
#
|
#
|
||||||
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -16,73 +16,50 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 1.13.3
|
Version: 1.0.5
|
||||||
Release: 0
|
Release: 1
|
||||||
Summary: System Security Services Daemon
|
|
||||||
License: GPL-3.0+ and LGPL-3.0+
|
|
||||||
Group: System/Daemons
|
Group: System/Daemons
|
||||||
|
Summary: System Security Services Daemon
|
||||||
|
# The entire source code is GPLv3+ except replace/ which is LGPLv3+
|
||||||
|
License: GPLv3+ and LGPLv3+
|
||||||
Url: https://fedorahosted.org/sssd/
|
Url: https://fedorahosted.org/sssd/
|
||||||
|
Source0: %{name}-%{version}.tar.gz
|
||||||
#Git-Clone: git://git.fedorahosted.org/sssd
|
|
||||||
Source: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz
|
|
||||||
Source2: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz.asc
|
|
||||||
Source3: baselibs.conf
|
|
||||||
Source4: sssd.service
|
|
||||||
Source5: %name.keyring
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
Patch1: 0001-build-detect-endianness-at-configure-time.patch
|
|
||||||
|
|
||||||
%define servicename sssd
|
### Patches ###
|
||||||
%define sssdstatedir %_localstatedir/lib/sss
|
|
||||||
%define dbpath %sssdstatedir/db
|
|
||||||
%define pipepath %sssdstatedir/pipes
|
|
||||||
%define pubconfpath %sssdstatedir/pubconf
|
|
||||||
|
|
||||||
BuildRequires: autoconf >= 2.59
|
### Dependencies ###
|
||||||
|
%define servicename sssd
|
||||||
|
%define sssdstatedir %{_localstatedir}/lib/sss
|
||||||
|
%define dbpath %{sssdstatedir}/db
|
||||||
|
%define pipepath %{sssdstatedir}/pipes
|
||||||
|
|
||||||
|
### Build Dependencies ###
|
||||||
|
|
||||||
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: bind-utils
|
|
||||||
BuildRequires: cifs-utils-devel
|
|
||||||
BuildRequires: cyrus-sasl-devel
|
|
||||||
BuildRequires: docbook-xsl-stylesheets
|
|
||||||
BuildRequires: krb5-devel >= 1.12
|
|
||||||
BuildRequires: libsmbclient-devel
|
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
BuildRequires: libxml2-tools
|
BuildRequires: m4
|
||||||
BuildRequires: libxslt-tools
|
BuildRequires: popt-devel
|
||||||
BuildRequires: nscd
|
BuildRequires: libtalloc-devel
|
||||||
|
BuildRequires: libtevent-devel
|
||||||
|
BuildRequires: libtdb-devel
|
||||||
|
BuildRequires: libldb-devel
|
||||||
|
BuildRequires: dbus-1-devel
|
||||||
BuildRequires: openldap2-devel
|
BuildRequires: openldap2-devel
|
||||||
BuildRequires: pam-devel
|
BuildRequires: pam-devel
|
||||||
BuildRequires: pkg-config >= 0.21
|
BuildRequires: pkg-config
|
||||||
|
BuildRequires: mozilla-nss-devel
|
||||||
|
BuildRequires: mozilla-nspr-devel
|
||||||
|
BuildRequires: pcre-devel
|
||||||
|
BuildRequires: libxslt
|
||||||
|
BuildRequires: libxml2
|
||||||
|
BuildRequires: docbook-xsl-stylesheets
|
||||||
|
BuildRequires: krb5-devel
|
||||||
|
BuildRequires: libcares-devel
|
||||||
BuildRequires: python-devel
|
BuildRequires: python-devel
|
||||||
BuildRequires: python3-devel
|
|
||||||
BuildRequires: systemd-rpm-macros
|
|
||||||
BuildRequires: pkgconfig(augeas) >= 1.0.0
|
|
||||||
BuildRequires: pkgconfig(collection) >= 0.5.1
|
|
||||||
BuildRequires: pkgconfig(dbus-1) >= 1.0.0
|
|
||||||
BuildRequires: pkgconfig(dhash) >= 0.4.2
|
|
||||||
BuildRequires: pkgconfig(glib-2.0)
|
|
||||||
BuildRequires: pkgconfig(ini_config) >= 1.1.0
|
|
||||||
BuildRequires: pkgconfig(ldb) >= 0.9.2
|
|
||||||
BuildRequires: pkgconfig(libcares)
|
|
||||||
BuildRequires: pkgconfig(libcrypto)
|
|
||||||
BuildRequires: pkgconfig(libnfsidmap)
|
|
||||||
BuildRequires: pkgconfig(libnl-3.0) >= 3.0
|
|
||||||
BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0
|
|
||||||
BuildRequires: pkgconfig(libpcre) >= 7
|
|
||||||
BuildRequires: pkgconfig(libsystemd-login)
|
|
||||||
BuildRequires: pkgconfig(ndr_nbt)
|
|
||||||
BuildRequires: pkgconfig(popt)
|
|
||||||
BuildRequires: pkgconfig(python)
|
|
||||||
BuildRequires: pkgconfig(talloc)
|
|
||||||
BuildRequires: pkgconfig(tdb) >= 1.1.3
|
|
||||||
BuildRequires: pkgconfig(tevent)
|
|
||||||
%{?systemd_requires}
|
|
||||||
Requires: sssd-ldap = %version-%release
|
|
||||||
Requires(postun): pam-config
|
|
||||||
Provides: libsss_sudo = %version-%release
|
|
||||||
Provides: sssd-client = %version-%release
|
|
||||||
Obsoletes: libsss_sudo < %version-%release
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Provides a set of daemons to manage access to remote directories and
|
Provides a set of daemons to manage access to remote directories and
|
||||||
@ -91,638 +68,147 @@ the system and a pluggable backend system to connect to multiple different
|
|||||||
account sources. It is also the basis to provide client auditing and policy
|
account sources. It is also the basis to provide client auditing and policy
|
||||||
services for projects like FreeIPA.
|
services for projects like FreeIPA.
|
||||||
|
|
||||||
%package ad
|
%package ipa-provider
|
||||||
Summary: The ActiveDirectory backend plugin for sssd
|
License: GPLv3+ and LGPLv3+
|
||||||
License: GPL-3.0+
|
Summary: FreeIPA provider plugin for sssd
|
||||||
Group: System/Daemons
|
Group: System/Daemons
|
||||||
Requires: %name-krb5-common = %version
|
Requires: sssd = %{version}
|
||||||
|
|
||||||
%description ad
|
%description ipa-provider
|
||||||
Provides the Active Directory back end that the SSSD can utilize to
|
This package provide the FreeIPA provider plugin for the System Security
|
||||||
fetch identity data from and authenticate against an Active Directory
|
Services Daemon (sssd).
|
||||||
server.
|
|
||||||
|
|
||||||
%package dbus
|
|
||||||
Summary: The D-Bus responder of sssd
|
|
||||||
License: GPL-3.0+
|
|
||||||
Group: System/Base
|
|
||||||
Requires: %name = %version
|
|
||||||
|
|
||||||
%description dbus
|
|
||||||
Provides the D-Bus responder of sssd, called InfoPipe, which allows
|
|
||||||
information from sssd to be transmitted over the system bus.
|
|
||||||
|
|
||||||
%package ipa
|
|
||||||
Summary: FreeIPA backend plugin for sssd
|
|
||||||
License: GPL-3.0+
|
|
||||||
Group: System/Daemons
|
|
||||||
Requires: %name = %version
|
|
||||||
Requires: %name-krb5-common = %version-%release
|
|
||||||
Obsoletes: %name-ipa-provider < %version-%release
|
|
||||||
Provides: %name-ipa-provider = %version-%release
|
|
||||||
|
|
||||||
%description ipa
|
|
||||||
Provides the IPA back end that the SSSD can utilize to fetch identity
|
|
||||||
data from and authenticate against an IPA server.
|
|
||||||
|
|
||||||
%package krb5
|
|
||||||
Summary: The Kerberos authentication backend plugin for sssd
|
|
||||||
License: GPL-3.0+
|
|
||||||
Group: System/Daemons
|
|
||||||
Requires: %name-krb5-common = %version-%release
|
|
||||||
|
|
||||||
%description krb5
|
|
||||||
Provides the Kerberos back end that the SSSD can utilize authenticate
|
|
||||||
against a Kerberos server.
|
|
||||||
|
|
||||||
%package krb5-common
|
|
||||||
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
|
|
||||||
License: GPL-3.0+
|
|
||||||
Group: System/Daemons
|
|
||||||
|
|
||||||
%description krb5-common
|
|
||||||
Provides helper processes that the LDAP and Kerberos back ends can
|
|
||||||
use for Kerberos user or host authentication.
|
|
||||||
|
|
||||||
%package ldap
|
|
||||||
Summary: The LDAP backend plugin for sssd
|
|
||||||
License: GPL-3.0+
|
|
||||||
Group: System/Daemons
|
|
||||||
Requires: %name-krb5-common = %version-%release
|
|
||||||
|
|
||||||
%description ldap
|
|
||||||
Provides the LDAP back end that the SSSD can utilize to fetch
|
|
||||||
identity data from and authenticate against an LDAP server.
|
|
||||||
|
|
||||||
%package proxy
|
|
||||||
Summary: The proxy backend plugin for sssd
|
|
||||||
License: GPL-3.0+
|
|
||||||
Group: System/Daemons
|
|
||||||
|
|
||||||
%description proxy
|
|
||||||
Provides the proxy back end which can be used to wrap an existing NSS
|
|
||||||
and/or PAM modules to leverage SSSD caching.
|
|
||||||
|
|
||||||
%package tools
|
%package tools
|
||||||
|
License: GPLv3+ and LGPLv3+
|
||||||
Summary: Commandline tools for sssd
|
Summary: Commandline tools for sssd
|
||||||
License: GPL-3.0+ and LGPL-3.0+
|
|
||||||
Group: System/Management
|
Group: System/Management
|
||||||
Requires: python-sssd-config = %version
|
Requires: sssd = %{version}
|
||||||
Requires: sssd = %version
|
|
||||||
%py_requires
|
|
||||||
|
|
||||||
%description tools
|
%description tools
|
||||||
The packages contains commandline tools for managing users and groups using
|
The packages contains commandline tools for managing users and groups using
|
||||||
the "local" id provider of the System Security Services Daemon (sssd).
|
the "local" id provider of the System Security Services Daemon (sssd).
|
||||||
|
|
||||||
%package wbclient
|
|
||||||
Summary: SSSD's implementation of the Winbind pipe protocol
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: System/Libraries
|
|
||||||
|
|
||||||
%description wbclient
|
|
||||||
libwbclient is a plugin for the Samba client, though it has been
|
|
||||||
implemented as a regular shared library requested via DT_NEEDED.
|
|
||||||
|
|
||||||
sssd-wbclient implements the libwbclient API for Samba daemons and
|
|
||||||
utilities. The main purpose is to map Active Directory users and
|
|
||||||
groups identified by their SID to POSIX users and groups identified
|
|
||||||
by their POSIX UIDs and GIDs respectively.
|
|
||||||
|
|
||||||
%package wbclient-devel
|
|
||||||
Summary: Development files for SSSD winbind
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: Development/Libraries/C and C++
|
|
||||||
Requires: %name-wbclient = %version
|
|
||||||
|
|
||||||
%description wbclient-devel
|
|
||||||
sssd-wbclient implements the libwbclient API for Samba daemons and
|
|
||||||
utilities. The main purpose is to map Active Directory users and
|
|
||||||
groups identified by their SID to POSIX users and groups identified
|
|
||||||
by their POSIX UIDs and GIDs respectively.
|
|
||||||
|
|
||||||
%package -n libipa_hbac0
|
|
||||||
Summary: FreeIPA HBAC Evaluator library
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: System/Libraries
|
|
||||||
|
|
||||||
%description -n libipa_hbac0
|
|
||||||
Utility library to validate FreeIPA HBAC rules for authorization
|
|
||||||
requests.
|
|
||||||
|
|
||||||
%package -n libipa_hbac-devel
|
|
||||||
Summary: Development files for the FreeIPA HBAC Evaluator library
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: Development/Libraries/C and C++
|
|
||||||
Requires: libipa_hbac0 = %version
|
|
||||||
|
|
||||||
%description -n libipa_hbac-devel
|
|
||||||
Utility library to validate FreeIPA HBAC rules for authorization
|
|
||||||
requests.
|
|
||||||
|
|
||||||
%package -n libnfsidmap-sss
|
|
||||||
Summary: Library to allow communication between libnfsidmap and SSSD
|
|
||||||
License: GPL-3.0+
|
|
||||||
Group: System/Libraries
|
|
||||||
Supplements: packageand(nfsidmap:sssd-client)
|
|
||||||
|
|
||||||
%description -n libnfsidmap-sss
|
|
||||||
A utility library to allow communication between libnfsidmap and SSSD.
|
|
||||||
|
|
||||||
%package -n libsss_idmap0
|
|
||||||
Summary: FreeIPA ID mapping library
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: System/Libraries
|
|
||||||
|
|
||||||
%description -n libsss_idmap0
|
|
||||||
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
|
|
||||||
|
|
||||||
%package -n libsss_idmap-devel
|
|
||||||
Summary: Development files for the FreeIPA idmap library
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: Development/Libraries/C and C++
|
|
||||||
Requires: libsss_idmap0 = %version
|
|
||||||
|
|
||||||
%description -n libsss_idmap-devel
|
|
||||||
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
|
|
||||||
|
|
||||||
%package -n libsss_nss_idmap0
|
|
||||||
Summary: FreeIPA ID mapping library
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: System/Libraries
|
|
||||||
|
|
||||||
%description -n libsss_nss_idmap0
|
|
||||||
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
|
|
||||||
|
|
||||||
%package -n libsss_nss_idmap-devel
|
|
||||||
Summary: Development files for the FreeIPA idmap library
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: Development/Libraries/C and C++
|
|
||||||
Requires: libsss_nss_idmap0 = %version
|
|
||||||
|
|
||||||
%description -n libsss_nss_idmap-devel
|
|
||||||
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
|
|
||||||
|
|
||||||
%package -n libsss_simpleifp0
|
|
||||||
Summary: The SSSD D-Bus responder helper library
|
|
||||||
License: GPL-3.0+
|
|
||||||
Group: System/Libraries
|
|
||||||
|
|
||||||
%description -n libsss_simpleifp0
|
|
||||||
This subpackage provides a library that simplifies the D-Bus API for
|
|
||||||
the SSSD InfoPipe responder.
|
|
||||||
|
|
||||||
%package -n libsss_simpleifp-devel
|
|
||||||
Summary: Development files for the SSSD D-Bus responder helper library
|
|
||||||
License: GPL-3.0+
|
|
||||||
Group: Development/Libraries/C and C++
|
|
||||||
Requires: libsss_simpleifp0 = %version
|
|
||||||
|
|
||||||
%description -n libsss_simpleifp-devel
|
|
||||||
This subpackage provides the development files for sssd's simpleifp,
|
|
||||||
a library that simplifies the D-Bus API for the SSSD InfoPipe
|
|
||||||
responder.
|
|
||||||
|
|
||||||
%package -n libsss_sudo
|
|
||||||
Summary: A library to allow communication between sudo and SSSD
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: System/Libraries
|
|
||||||
Supplements: packageand(sudo:sssd-client)
|
|
||||||
|
|
||||||
%description -n libsss_sudo
|
|
||||||
A utility library to allow communication between sudo and SSSD.
|
|
||||||
|
|
||||||
%package -n python-ipa_hbac
|
|
||||||
Summary: Python bindings for the FreeIPA HBAC Evaluator library
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: Development/Libraries/Python
|
|
||||||
|
|
||||||
%description -n python-ipa_hbac
|
|
||||||
The python-ipa_hbac package contains the bindings so that libipa_hbac
|
|
||||||
can be used by Python applications.
|
|
||||||
|
|
||||||
%package -n python3-ipa_hbac
|
|
||||||
Summary: Python bindings for the FreeIPA HBAC Evaluator library
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: Development/Libraries/Python
|
|
||||||
|
|
||||||
%description -n python3-ipa_hbac
|
|
||||||
The python-ipa_hbac package contains the bindings so that libipa_hbac
|
|
||||||
can be used by Python applications.
|
|
||||||
|
|
||||||
%package -n python-sss-murmur
|
|
||||||
Summary: Python2 bindings for SSSD Murmur hash function
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: Development/Libraries/Python
|
|
||||||
|
|
||||||
%description -n python-sss-murmur
|
|
||||||
This subpackage provides the python2 module for calculating the
|
|
||||||
Murmur hash version 3.
|
|
||||||
|
|
||||||
%package -n python3-sss-murmur
|
|
||||||
Summary: Python3 bindings for SSSD Murmur hash function
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: Development/Libraries/Python
|
|
||||||
|
|
||||||
%description -n python3-sss-murmur
|
|
||||||
This subpackage provides the python3 module for calculating the
|
|
||||||
Murmur hash version 3.
|
|
||||||
|
|
||||||
%package -n python-sss_nss_idmap
|
|
||||||
Summary: Python bindings for libsss_nss_idmap
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: Development/Libraries/Python
|
|
||||||
|
|
||||||
%description -n python-sss_nss_idmap
|
|
||||||
The libsss_nss_idmap-python contains the bindings so that
|
|
||||||
libsss_nss_idmap can be used by Python applications.
|
|
||||||
|
|
||||||
%package -n python3-sss_nss_idmap
|
|
||||||
Summary: Python bindings for libsss_nss_idmap
|
|
||||||
License: LGPL-3.0+
|
|
||||||
Group: Development/Libraries/Python
|
|
||||||
|
|
||||||
%description -n python3-sss_nss_idmap
|
|
||||||
The libsss_nss_idmap-python contains the bindings so that
|
|
||||||
libsss_nss_idmap can be used by Python applications.
|
|
||||||
|
|
||||||
%package -n python-sssd-config
|
%package -n python-sssd-config
|
||||||
|
License: GPLv3+ and LGPLv3+
|
||||||
Summary: Python API for configuring sssd
|
Summary: Python API for configuring sssd
|
||||||
License: GPL-3.0+ and LGPL-3.0+
|
|
||||||
Group: Development/Libraries/Python
|
Group: Development/Libraries/Python
|
||||||
|
%{py_requires}
|
||||||
|
|
||||||
%description -n python-sssd-config
|
%description -n python-sssd-config
|
||||||
Provide python module to access and manage configuration of the System
|
Provide python module to access and manage configuration of the System
|
||||||
Security Services Daemon (sssd).
|
Security Services Daemon (sssd).
|
||||||
|
|
||||||
%package -n python3-sssd-config
|
|
||||||
Summary: Python API for configuring sssd
|
|
||||||
License: GPL-3.0+ and LGPL-3.0+
|
|
||||||
Group: Development/Libraries/Python
|
|
||||||
|
|
||||||
%description -n python3-sssd-config
|
|
||||||
Provide python module to access and manage configuration of the System
|
|
||||||
Security Services Daemon (sssd).
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch -P 1 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if 0%{?suse_version} < 1210
|
|
||||||
# pkgconfig file not present
|
|
||||||
export LDB_LIBS="-lldb"
|
export LDB_LIBS="-lldb"
|
||||||
export LDB_CFLAGS=" "
|
export LDB_CFLAGS="-I/usr/include"
|
||||||
export LDB_DIR="%_libdir/ldb"
|
|
||||||
%else
|
|
||||||
export LDB_DIR="$(pkg-config ldb --variable=modulesdir)"
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# help configure find nscd
|
|
||||||
export PATH="$PATH:/usr/sbin"
|
|
||||||
|
|
||||||
autoreconf -fiv;
|
|
||||||
export CFLAGS="%optflags -fPIE"
|
|
||||||
export LDFLAGS="-pie"
|
|
||||||
%configure \
|
%configure \
|
||||||
--with-crypto=libcrypto \
|
--without-tests \
|
||||||
--with-db-path="%dbpath" \
|
--with-db-path=%{dbpath} \
|
||||||
--with-pipe-path="%pipepath" \
|
--with-pipe-path=%{pipepath} \
|
||||||
--with-pubconf-path="%pubconfpath" \
|
--with-init-dir=%{_initrddir} \
|
||||||
--with-init-dir="%_initrddir" \
|
--enable-nsslibdir=/%{_lib} \
|
||||||
--enable-nsslibdir="/%_lib" \
|
--with-ldb-lib-dir=%{_libdir}/ldb \
|
||||||
--enable-pammoddir="/%_lib/security" \
|
--with-selinux=no
|
||||||
--with-ldb-lib-dir="$LDB_DIR" \
|
|
||||||
--with-selinux=no \
|
|
||||||
--with-os=suse \
|
|
||||||
--with-semanage=no \
|
|
||||||
--disable-ldb-version-check \
|
|
||||||
--disable-pac-responder
|
|
||||||
|
|
||||||
make %{?_smp_mflags} all
|
#make %{?_smp_mflags}
|
||||||
|
make
|
||||||
|
|
||||||
%install
|
%install
|
||||||
b="%buildroot";
|
rm -rf $RPM_BUILD_ROOT
|
||||||
make install DESTDIR="$b"
|
|
||||||
|
make install DESTDIR=$RPM_BUILD_ROOT
|
||||||
|
|
||||||
# Copy default sssd.conf file
|
# Copy default sssd.conf file
|
||||||
install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \
|
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
|
||||||
"$b/%_mandir"/{uk/man5,uk/man8};
|
install -m600 server/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
|
||||||
install -d "$b/%_sysconfdir/sssd";
|
install server/sysv/SUSE/sssd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/sssd
|
||||||
install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf";
|
ln -sf ../../etc/init.d/sssd $RPM_BUILD_ROOT/usr/sbin/rcsssd
|
||||||
install -d "$b/%_unitdir";
|
|
||||||
install -m644 %{S:4} "$b/%_unitdir/sssd.service";
|
|
||||||
rm -Rf "$b/%_initddir"
|
|
||||||
ln -s service "$b/%_sbindir/rcsssd"
|
|
||||||
|
|
||||||
mkdir -p "$b/%sssdstatedir/mc"
|
# Remove .la files created by libtool
|
||||||
mkdir -p "$b/%_sysconfdir/ld.so.conf.d"
|
rm -f \
|
||||||
cat >"$b/%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf" <<-EOF
|
$RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
|
||||||
%_libdir/%name/modules
|
$RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
|
||||||
EOF
|
$RPM_BUILD_ROOT/%{_libdir}/ldb/memberof.la \
|
||||||
find "$b" -type f -name "*.la" -delete;
|
$RPM_BUILD_ROOT/%{_libdir}/python2.6/site-packages/pysss.la \
|
||||||
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
|
||||||
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \
|
||||||
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \
|
||||||
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ipa.la \
|
||||||
|
$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la
|
||||||
|
|
||||||
rm -Rf "$b/%_sysconfdir/dbus-1" "$b/%_datadir/dbus-1"
|
%find_lang sss_daemon
|
||||||
|
%find_lang sss_client
|
||||||
|
cat sss_client.lang >> sss_daemon.lang
|
||||||
|
|
||||||
%find_lang %name --all-name
|
%clean
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
%pre
|
%files -f sss_daemon.lang
|
||||||
%service_add_pre sssd.service
|
%defattr(-,root,root,-)
|
||||||
|
|
||||||
%post
|
|
||||||
# migrate config variable krb5_kdcip to krb5_server (bnc#851048)
|
|
||||||
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf
|
|
||||||
/sbin/ldconfig
|
|
||||||
%service_add_post sssd.service
|
|
||||||
|
|
||||||
%preun
|
|
||||||
%service_del_preun sssd.service
|
|
||||||
|
|
||||||
%postun
|
|
||||||
if [ "$1" = "0" ]; then
|
|
||||||
"%_sbindir/pam-config" -d --sss || :;
|
|
||||||
fi;
|
|
||||||
/sbin/ldconfig
|
|
||||||
# Clear caches, which may have an incompatible format afterwards
|
|
||||||
# (especially, downgrades)
|
|
||||||
rm -f /var/lib/sss/db/*.ldb
|
|
||||||
# del_postun includes a try-restart
|
|
||||||
%service_del_postun sssd.service
|
|
||||||
%insserv_cleanup
|
|
||||||
|
|
||||||
%post -n libipa_hbac0 -p /sbin/ldconfig
|
|
||||||
%postun -n libipa_hbac0 -p /sbin/ldconfig
|
|
||||||
%post -n libsss_idmap0 -p /sbin/ldconfig
|
|
||||||
%postun -n libsss_idmap0 -p /sbin/ldconfig
|
|
||||||
%post -n libsss_nss_idmap0 -p /sbin/ldconfig
|
|
||||||
%postun -n libsss_nss_idmap0 -p /sbin/ldconfig
|
|
||||||
%post -n libsss_simpleifp0 -p /sbin/ldconfig
|
|
||||||
%postun -n libsss_simpleifp0 -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%files -f sssd.lang
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%doc COPYING
|
%doc COPYING
|
||||||
%_unitdir
|
%{_initrddir}/%{name}
|
||||||
%_bindir/sss_ssh_*
|
%{_sbindir}/sssd
|
||||||
%_sbindir/sssd
|
%{_sbindir}/rcsssd
|
||||||
%_sbindir/rcsssd
|
%{_libexecdir}/%{servicename}/
|
||||||
%dir %_mandir/??/
|
%dir %{_libdir}/%{name}/
|
||||||
%dir %_mandir/??/man[158]/
|
%{_libdir}/%{name}/libsss_krb5*
|
||||||
%_mandir/??/man1/sss_ssh_*
|
%{_libdir}/%{name}/libsss_ldap*
|
||||||
%_mandir/??/man5/sssd-simple.5*
|
%{_libdir}/%{name}/libsss_proxy*
|
||||||
%_mandir/??/man5/sssd-sudo.5*
|
%{_libdir}/ldb/memberof.so
|
||||||
%_mandir/??/man5/sssd.conf.5*
|
%{_libdir}/krb5/plugins/libkrb5/*
|
||||||
%_mandir/??/man8/sssd.8*
|
%dir %{sssdstatedir}
|
||||||
%_mandir/man1/sss_ssh_*
|
%attr(700,root,root) %dir %{dbpath}
|
||||||
%_mandir/man5/sssd-simple.5*
|
%attr(755,root,root) %dir %{pipepath}
|
||||||
%_mandir/man5/sssd-sudo.5*
|
%attr(700,root,root) %dir %{pipepath}/private
|
||||||
%_mandir/man5/sssd.conf.5*
|
%attr(750,root,root) %dir %{_var}/log/%{name}
|
||||||
%_mandir/man8/sssd.8*
|
%dir %{_sysconfdir}/sssd
|
||||||
%dir %_libdir/%name/
|
%config(noreplace) %{_sysconfdir}/sssd/sssd.conf
|
||||||
%_libdir/%name/libsss_child*
|
%config %{_sysconfdir}/sssd/sssd.api.conf
|
||||||
%_libdir/%name/libsss_cert*
|
%attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d
|
||||||
%_libdir/%name/libsss_crypt*
|
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-krb5.conf
|
||||||
%_libdir/%name/libsss_debug*
|
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-ldap.conf
|
||||||
%_libdir/%name/libsss_semanage*
|
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-local.conf
|
||||||
%_libdir/%name/libsss_simple*
|
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-proxy.conf
|
||||||
%_libdir/%name/libsss_util*
|
/%{_lib}/libnss_sss.so.2
|
||||||
%dir %_libdir/%name/modules/
|
/%{_lib}/security/pam_sss.so
|
||||||
%_libdir/%name/modules/libsss_autofs.so
|
%{_mandir}/man5/sssd-krb5.*
|
||||||
%_libdir/libsss_sudo.so
|
%{_mandir}/man5/sssd-ldap.*
|
||||||
%dir %_libdir/ldb/
|
%{_mandir}/man5/sssd.conf.*
|
||||||
%_libdir/ldb/memberof.so
|
|
||||||
%dir %_libexecdir/%name/
|
|
||||||
%_libexecdir/%name/sssd_autofs
|
|
||||||
%_libexecdir/%name/sssd_be
|
|
||||||
%_libexecdir/%name/sssd_nss
|
|
||||||
%_libexecdir/%name/sssd_pam
|
|
||||||
%_libexecdir/%name/sssd_ssh
|
|
||||||
%_libexecdir/%name/sssd_sudo
|
|
||||||
%_libexecdir/%name/sss_signal
|
|
||||||
%dir %sssdstatedir
|
|
||||||
%attr(700,root,root) %dir %dbpath/
|
|
||||||
%attr(755,root,root) %dir %pipepath/
|
|
||||||
%attr(700,root,root) %dir %pipepath/private/
|
|
||||||
%attr(755,root,root) %dir %pubconfpath/
|
|
||||||
%attr(755,root,root) %dir %sssdstatedir/mc/
|
|
||||||
%attr(700,root,root) %dir %sssdstatedir/keytabs/
|
|
||||||
%attr(750,root,root) %dir %_localstatedir/log/%name/
|
|
||||||
%dir %_sysconfdir/sssd/
|
|
||||||
%config(noreplace) %_sysconfdir/sssd/sssd.conf
|
|
||||||
%dir %_datadir/%name/
|
|
||||||
%_datadir/%name/sssd.api.conf
|
|
||||||
%dir %_datadir/%name/sssd.api.d/
|
|
||||||
%_datadir/%name/sssd.api.d/sssd-local.conf
|
|
||||||
%_datadir/%name/sssd.api.d/sssd-simple.conf
|
|
||||||
#
|
|
||||||
# sssd-client
|
|
||||||
#
|
|
||||||
/%_lib/libnss_sss.so.2
|
|
||||||
/%_lib/security/pam_sss.so
|
|
||||||
%_libdir/cifs-utils/
|
|
||||||
%_libdir/krb5/
|
|
||||||
%_libdir/%name/modules/sssd_krb5_localauth_plugin.so
|
|
||||||
%_mandir/??/man8/pam_sss.8*
|
|
||||||
%_mandir/??/man8/sssd_krb5_locator_plugin.8*
|
|
||||||
%_mandir/man8/pam_sss.8*
|
|
||||||
%_mandir/man8/sssd_krb5_locator_plugin.8*
|
|
||||||
|
|
||||||
%files ad
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%dir %_libdir/%name/
|
|
||||||
%_libdir/%name/libsss_ad.so
|
|
||||||
%dir %_libexecdir/%name/
|
|
||||||
%_libexecdir/%name/gpo_child
|
|
||||||
%dir %_datadir/%name/
|
|
||||||
%dir %_datadir/%name/sssd.api.d/
|
|
||||||
%_datadir/%name/sssd.api.d/sssd-ad.conf
|
|
||||||
%_mandir/man5/sssd-ad.5*
|
|
||||||
%dir %_mandir/??/
|
|
||||||
%dir %_mandir/??/man5/
|
|
||||||
%_mandir/??/man5/sssd-ad.5*
|
|
||||||
|
|
||||||
%files dbus
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%dir %_libexecdir/sssd/
|
|
||||||
%_libexecdir/sssd/sssd_ifp
|
|
||||||
%dir %_libdir/sssd/
|
|
||||||
%_libdir/sssd/libsss_config.so
|
|
||||||
%_mandir/man5/sssd-ifp.5*
|
|
||||||
%dir %_mandir/??/
|
|
||||||
%dir %_mandir/??/man5/
|
|
||||||
%_mandir/??/man5/sssd-ifp.5*
|
|
||||||
|
|
||||||
%files ipa
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%dir %_libdir/%name/
|
|
||||||
%_libdir/%name/libsss_ipa*
|
|
||||||
%dir %_datadir/%name/
|
|
||||||
%dir %_datadir/%name/sssd.api.d
|
|
||||||
%_datadir/%name/sssd.api.d/sssd-ipa.conf
|
|
||||||
%_mandir/man5/sssd-ipa.5*
|
|
||||||
%dir %_mandir/??/
|
|
||||||
%dir %_mandir/??/man5/
|
|
||||||
%_mandir/??/man5/sssd-ipa.5*
|
|
||||||
|
|
||||||
%files krb5
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%dir %_libdir/%name/
|
|
||||||
%_libdir/%name/libsss_krb5.so
|
|
||||||
%dir %_datadir/%name/
|
|
||||||
%dir %_datadir/%name/sssd.api.d/
|
|
||||||
%_datadir/%name/sssd.api.d/sssd-krb5.conf
|
|
||||||
%dir %_mandir/??/
|
|
||||||
%dir %_mandir/??/man5/
|
|
||||||
%_mandir/man5/sssd-krb5.5*
|
|
||||||
%_mandir/??/man5/sssd-krb5.5*
|
|
||||||
|
|
||||||
%files krb5-common
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%dir %_libdir/%name/
|
|
||||||
%_libdir/%name/libsss_krb5_common.so
|
|
||||||
%dir %_libexecdir/%name/
|
|
||||||
%_libexecdir/%name/krb5_child
|
|
||||||
%_libexecdir/%name/ldap_child
|
|
||||||
|
|
||||||
%files ldap
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%dir %_libdir/%name/
|
|
||||||
%_libdir/%name/libsss_ldap*
|
|
||||||
%dir %_datadir/%name/
|
|
||||||
%dir %_datadir/%name/sssd.api.d/
|
|
||||||
%_datadir/%name/sssd.api.d/sssd-ldap.conf
|
|
||||||
%_mandir/man5/sssd-ldap.5*
|
|
||||||
%dir %_mandir/??/
|
|
||||||
%dir %_mandir/??/man5/
|
|
||||||
%_mandir/??/man5/sssd-ldap.5*
|
|
||||||
|
|
||||||
%files proxy
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%dir %_libdir/%name/
|
|
||||||
%_libdir/%name/libsss_proxy.so
|
|
||||||
%dir %_libexecdir/%name/
|
|
||||||
%_libexecdir/%name/proxy_child
|
|
||||||
%dir %_datadir/%name/
|
|
||||||
%dir %_datadir/%name/sssd.api.d/
|
|
||||||
%_datadir/%name/sssd.api.d/sssd-proxy.conf
|
|
||||||
|
|
||||||
%files tools
|
%files tools
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root,-)
|
||||||
%_sbindir/sss_cache
|
%{_mandir}/man8/*
|
||||||
%_sbindir/sss_debuglevel
|
%{_sbindir}/sss_useradd
|
||||||
%_sbindir/sss_groupadd
|
%{_sbindir}/sss_userdel
|
||||||
%_sbindir/sss_groupdel
|
%{_sbindir}/sss_usermod
|
||||||
%_sbindir/sss_groupmod
|
%{_sbindir}/sss_groupadd
|
||||||
%_sbindir/sss_groupshow
|
%{_sbindir}/sss_groupdel
|
||||||
%_sbindir/sss_seed
|
%{_sbindir}/sss_groupmod
|
||||||
%_sbindir/sss_obfuscate
|
|
||||||
%_sbindir/sss_override
|
|
||||||
%_sbindir/sss_useradd
|
|
||||||
%_sbindir/sss_userdel
|
|
||||||
%_sbindir/sss_usermod
|
|
||||||
%_sbindir/sss_override
|
|
||||||
%dir %_mandir/??/man8/
|
|
||||||
%_mandir/??/man8/sss_*.8*
|
|
||||||
%_mandir/man8/sss_*.8*
|
|
||||||
|
|
||||||
%files wbclient
|
%files ipa-provider
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root,-)
|
||||||
%config %_sysconfdir/ld.so.conf.d/sssd-wbclient.conf
|
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-ipa.conf
|
||||||
%dir %_libdir/sssd/
|
%{_libdir}/sssd/libsss_ipa*
|
||||||
%dir %_libdir/sssd/modules/
|
%{_mandir}/man5/sssd-ipa.*
|
||||||
%_libdir/sssd/modules/libwbclient.so.*
|
|
||||||
|
|
||||||
%files wbclient-devel
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%_includedir/wbclient_sssd.h
|
|
||||||
%dir %_libdir/sssd/
|
|
||||||
%dir %_libdir/sssd/modules/
|
|
||||||
%_libdir/sssd/modules/libwbclient.so
|
|
||||||
%_libdir/pkgconfig/wbclient_sssd.pc
|
|
||||||
|
|
||||||
%files -n libipa_hbac0
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%_libdir/libipa_hbac.so.0*
|
|
||||||
|
|
||||||
%files -n libipa_hbac-devel
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%_includedir/ipa_hbac.h
|
|
||||||
%_libdir/libipa_hbac.so
|
|
||||||
%_libdir/pkgconfig/ipa_hbac.pc
|
|
||||||
|
|
||||||
%files -n libnfsidmap-sss
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%_libdir/libnfsidmap/
|
|
||||||
%_mandir/man5/sss_rpcidmapd.5*
|
|
||||||
%dir %_mandir/??/man5/
|
|
||||||
%_mandir/??/man5/sss_rpcidmapd.5*
|
|
||||||
|
|
||||||
%files -n libsss_idmap0
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%_libdir/libsss_idmap.so.0*
|
|
||||||
|
|
||||||
%files -n libsss_idmap-devel
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%_includedir/sss_idmap.h
|
|
||||||
%_libdir/libsss_idmap.so
|
|
||||||
%_libdir/pkgconfig/sss_idmap.pc
|
|
||||||
|
|
||||||
%files -n libsss_nss_idmap0
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%_libdir/libsss_nss_idmap.so.0*
|
|
||||||
|
|
||||||
%files -n libsss_nss_idmap-devel
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%_includedir/sss_nss_idmap.h
|
|
||||||
%_libdir/libsss_nss_idmap.so
|
|
||||||
%_libdir/pkgconfig/sss_nss_idmap.pc
|
|
||||||
|
|
||||||
%files -n libsss_simpleifp0
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%_libdir/libsss_simpleifp.so.0*
|
|
||||||
|
|
||||||
%files -n libsss_simpleifp-devel
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%_includedir/sss_sifp*.h
|
|
||||||
%_libdir/libsss_simpleifp.so
|
|
||||||
%_libdir/pkgconfig/sss_simpleifp.pc
|
|
||||||
|
|
||||||
%files -n python-ipa_hbac
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%dir %python_sitearch
|
|
||||||
%python_sitearch/pyhbac.so
|
|
||||||
|
|
||||||
%files -n python3-ipa_hbac
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%dir %python3_sitearch
|
|
||||||
%python3_sitearch/pyhbac.so
|
|
||||||
|
|
||||||
%files -n python-sss-murmur
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%python_sitearch/pysss_murmur.so
|
|
||||||
|
|
||||||
%files -n python3-sss-murmur
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%python3_sitearch/pysss_murmur.so
|
|
||||||
|
|
||||||
%files -n python-sss_nss_idmap
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%dir %python_sitearch
|
|
||||||
%python_sitearch/pysss_nss_idmap.so
|
|
||||||
|
|
||||||
%files -n python3-sss_nss_idmap
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%dir %python3_sitearch
|
|
||||||
%python3_sitearch/pysss_nss_idmap.so
|
|
||||||
|
|
||||||
%files -n python-sssd-config
|
%files -n python-sssd-config
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root,-)
|
||||||
%python_sitearch/pysss.so
|
%{python_sitearch}/pysss.so
|
||||||
%python_sitelib/SSSDConfig*
|
%{python_sitelib}/*.py*
|
||||||
|
%{python_sitelib}/*.egg-info
|
||||||
|
|
||||||
%files -n python3-sssd-config
|
%post
|
||||||
%defattr(-,root,root)
|
/sbin/ldconfig
|
||||||
%python3_sitearch/pysss.so
|
|
||||||
%python3_sitelib/SSSDConfig*
|
%preun
|
||||||
|
%stop_on_removal sssd
|
||||||
|
|
||||||
|
%postun
|
||||||
|
/sbin/ldconfig
|
||||||
|
%restart_on_update sssd
|
||||||
|
%insserv_cleanup
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
Loading…
Reference in New Issue
Block a user