IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
* as openlog() is non-reentrant and pam_winbind thereby overrides the
syslog settings of the calling application, directly call syslog (or
pam_vsyslog if available)
* support the PAM_SILENT flag to avoid any log messages beeing created
Guenther
(This used to be commit 0f7e37ffc4)
name that will be returned by winbindd. This
(should) fix the bug where the user logs in
with DOMAIN\user but winbindd returns only
"user" for the username due to 'winbind use
default domain' being set.
Jeremy.
(This used to be commit 1b2aa17354)
* Merge patches from SLES10 to make sure we talk to the correct
winbindd process when performing pam_auth (and pull the password policy info).
(This used to be commit 43bd8c00ab)
internals, mostly with the code that was in pam_winbind before.
Also switch from using loadparm to use iniParser to read the new
pam_winbind options from a configuration file. That still uses the old
(parametric) option names which will be replaced next (as iniParser does
not support parametric options).
Guenther
(This used to be commit 6f668ce673)
can not work for NTLM auth, where we only have a workstation account for our
own domain. For the PAM Kerberos login we need to find a better way to do
this, probably using Dsr_GetDCName and some winbind-crafted krb5.conf.
Volker
(This used to be commit bf7c608147)
Fix parse_domain_user to fail when splitting a full name like "DOM\user"
when "winbind use default domain" and "winbind trusted domains only" are
not enabled.
This allows pam_winbind to behave correctly when more modules are
stacked in the "account" or "password" PAM facility. pam_winbindd calls
WINBINDD_GETPWNAM which can decide whether or not a user is a winbind
user and return correct PAM error codes.
Guenther
(This used to be commit e6d52c1e9d)
Correctly handle the case where users logon with an expired password.
In that case pam_sm_authenticate has to return PAM_SUCESS instead of
PAM_NEW_AUTHTOK_REQD or PAM_AUTHTOK_EXPIRED and pam_sm_acct_mgmt has to
take care of requesting an immediate password change. (see the Linux PAM
documentation).
Fixes Bugzilla #1524, #3205. Tested with login, sshd, kdm and gdm on
Linux.
Thanks to Scott Barker <Scott_Barker@mtechIT.com>.
Guenther
(This used to be commit 4cb662ffd7)
This is just cosmetic but prevents people from thinking that the
pam_winbind "require_membership_of"-option is not yet implemented :)
Guenther
(This used to be commit ef80a49a85)
Allow 'require_membership_of' and 'require-membership-of'.
Really use a different struct for the SID->Name lookup.
Andrew Bartlett
(This used to be commit 83dadcd089)
naming of the require_membership_of parameter in pam_winbind and fix
the error code for 'you didn't specify a domain' in ntlm_auth.
Andrew Bartlett
(This used to be commit 4bf0b94011)
ntlm_auth uses, to pam_winbindd as well.
This allows to make successfull authentication via PAM dependent on
SID-membership. At the moment, both ntlm_auth and pam_winbindd.so accept
user/group-names or sid-strings - as discussed, recursive membership
(e.g. local aliases) will be added later.
Guenther
(This used to be commit 7494569655)
*sync up configure.in
*don't build torture tools in make all
*make sure to remove torture tools as part of make clean
(This used to be commit 0fb724b321)
- vorlan's hosts allow with DNS names patch
- use x_fileno() in debug.c, not the struct directly.
- check for server timeout on password change (was reporting success)
- better error/status loggin in both the pam_winbind client and winbindd_pam
server code.
- (pdb_ldap) don't set the ldap version twice - we do it on every bind anyway.
(This used to be commit 9fa1863d8e)
- pam_winbind updates from vance, fixing a typo and making some the options
work properly.
- Extra parinoia in the winbind connection loop
- Allow pam_winbind to compile on HP-UX (Don Mcall, more work to do).
- Fix up configure.in to use the same method for building the test .so
as the Makefile uses.
Andrew Bartlett
(This used to be commit 8e705dd921)
