|
 |
5fca41 |
From fedfc4fa5978dc0ef2c3b6efcd1e9462a8575b3a Mon Sep 17 00:00:00 2001
|
|
|
5fca41 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
5fca41 |
Date: Thu, 7 Mar 2019 22:13:32 +0100
|
|
|
5fca41 |
Subject: [PATCH] SYSDB: Inherit cached_auth_timeout from the main domain
|
|
|
5fca41 |
MIME-Version: 1.0
|
|
|
5fca41 |
Content-Type: text/plain; charset=UTF-8
|
|
|
5fca41 |
Content-Transfer-Encoding: 8bit
|
|
|
5fca41 |
|
|
|
5fca41 |
cached_auth_timeout is a domain option used by the responder. And
|
|
|
5fca41 |
because at the moment the options read from a subdomain section (e.g.
|
|
|
5fca41 |
[domain/main/trusted] are only those represented by the back end specific
|
|
|
5fca41 |
dp_option structure instance, the option cached_auth_timeout, which
|
|
|
5fca41 |
is directly read from the confdb was not set for the main domain.
|
|
|
5fca41 |
|
|
|
5fca41 |
This is a minimal patch that just inherits the option from the main
|
|
|
5fca41 |
domain until SSSD has a more systematic way of inheriting config
|
|
|
5fca41 |
attributes regardless of how they are read and set.
|
|
|
5fca41 |
|
|
|
5fca41 |
Resolves:
|
|
|
5fca41 |
https://pagure.io/SSSD/sssd/issue/3960
|
|
|
5fca41 |
|
|
|
5fca41 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
5fca41 |
(cherry picked from commit 4dd268333ca9ca13555f5dfbd2928154b885a3e7)
|
|
|
5fca41 |
---
|
|
|
5fca41 |
src/db/sysdb_subdomains.c | 1 +
|
|
|
5fca41 |
src/man/sssd.conf.5.xml | 5 +++++
|
|
|
5fca41 |
2 files changed, 6 insertions(+)
|
|
|
5fca41 |
|
|
|
5fca41 |
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
|
|
|
5fca41 |
index e380e6c8b..34d052fdd 100644
|
|
|
5fca41 |
--- a/src/db/sysdb_subdomains.c
|
|
|
5fca41 |
+++ b/src/db/sysdb_subdomains.c
|
|
|
5fca41 |
@@ -154,6 +154,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
|
|
|
5fca41 |
dom->cache_credentials = parent->cache_credentials;
|
|
|
5fca41 |
dom->cache_credentials_min_ff_length =
|
|
|
5fca41 |
parent->cache_credentials_min_ff_length;
|
|
|
5fca41 |
+ dom->cached_auth_timeout = parent->cached_auth_timeout;
|
|
|
5fca41 |
dom->case_sensitive = false;
|
|
|
5fca41 |
dom->user_timeout = parent->user_timeout;
|
|
|
5fca41 |
dom->group_timeout = parent->group_timeout;
|
|
|
5fca41 |
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
|
|
|
5fca41 |
index ef5a4b952..41ba7b924 100644
|
|
|
5fca41 |
--- a/src/man/sssd.conf.5.xml
|
|
|
5fca41 |
+++ b/src/man/sssd.conf.5.xml
|
|
|
5fca41 |
@@ -2962,6 +2962,11 @@ subdomain_inherit = ldap_purge_cache_timeout
|
|
|
5fca41 |
authenticated using cached credentials while
|
|
|
5fca41 |
SSSD is in the online mode.
|
|
|
5fca41 |
</para>
|
|
|
5fca41 |
+ <para>
|
|
|
5fca41 |
+ This option's value is inherited by all trusted
|
|
|
5fca41 |
+ domains. At the moment it is not possible to set
|
|
|
5fca41 |
+ a different value per trusted domain.
|
|
|
5fca41 |
+ </para>
|
|
|
5fca41 |
<para>
|
|
|
5fca41 |
Special value 0 implies that this feature is
|
|
|
5fca41 |
disabled.
|
|
|
5fca41 |
--
|
|
|
5fca41 |
2.19.1
|
|
|
5fca41 |
|