New upstream release 0.6.0

2009-09-28 08:51:24 +00:00 · 2009-09-28 08:51:24 +00:00 · 7a716e3c15
parent 8b935a1efc
commit 7a716e3c15
4 changed files with 96 additions and 88 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1 +1 @@
-sssd-0.5.0.tar.gz
+sssd-0.6.0.tar.gz
--- a/2
+++ b/2
@ -1 +1 @@
-7566dcac75e7248ca99b4dd0bb49c1ee  sssd-0.5.0.tar.gz
+2a2e118d9f29dda15dd4b8202b9cac62  sssd-0.6.0.tar.gz
--- a/sssd.conf.default
+++ b/sssd.conf.default
@ -1,90 +1,57 @@
-[services]
+[sssd]
-description = Local Service Configuration
+config_file_version = 2
-activeServices = nss, dp, pam
+# Number of times services should attempt to reconnect in the
-
+# event of a crash or restart before they give up
-[services/nss]
+reconnection_retries = 3
 description = NSS Responder Configuration
 # the following prevents sssd for searching for the root user/group in
 # all domains (you can add here a comma separated list of system accounts are
 # always going to be /etc/passwd users, or that you want to filter out)
 filterGroups = root
 filterUsers = root
 [services/dp]
 description = Data Provider Configuration
 [services/pam]
 description = PAM Responder Configuration
 [services/monitor]
 description = Service Monitor Configuration
 # if a backend is particularly slow you can raise this timeout here
-sbusTimeout = 30
+sbus_timeout = 30
-
+services = nss, dp, pam
 [domains]
 description = Domains served by SSSD
 ; domains = LOCAL,LDAP
 # SSSD will not start if you don't configure any domain.
-# Add new domains condifgurations as [domains/<NAME>] sections.
+# Add new domains condifgurations as [domain/<NAME>] sections.
 # Then add the list of domains (in the order you want them to be
 # queried in the 'domains" attribute above and uncomment it
 # Example LOCAL domain that proxies to /etc/passwd and /etc/group files
 # This configuration is meant mostly as a migration path to be able to store
 # additional information about users while still keeping /etc/passwd
 # authoritative.
-; [domains/LOCAL]
+[nss]
-; description = LOCAL migration domain
+# the following prevents sssd for searching for the root user/group in
-; enumerate = 3
+# all domains (you can add here a comma separated list of system accounts are
-; minId = 500
+# always going to be /etc/passwd users, or that you want to filter out)
-; magicPrivateGroups = FALSE
+filter_groups = root
-; legacy = TRUE
+filter_users = root
-;
+reconnection_retries = 3
 ; provider = proxy
 ; libName = files
 ; libPath = libnss_files.so.2
-# optionally a file named sssdproxylocal can be place in pam.d configured to
+# The EntryCacheTimeout indicates the number of seconds to retain before
-# check pam_unix only and pam_sss can be used in the normal pam stack
+# an entry in cache is considered stale and must block to refresh.
-; auth-module = proxy
+# The EntryCacheNoWaitRefreshTimeout indicates the number of seconds to
-; pam-target = sssdproxylocal
+# wait before updating the cache out-of-band. (NSS requests will still
 # be returned from cache until the full EntryCacheTimeout). Setting this
 # value to 0 turns this feature off (default)
 ; entry_cache_timeout = 600
 ; entry_cache_nowait_timeout = 300
 [pam]
 reconnection_retries = 3
 [dp]
 reconnection_retries = 3
 # Example LOCAL domain that stores all users natively in the SSSD internal
 # directory. These local users and groups are not visibile in /etc/passwd, it
 # now contains only root and system accounts.
-
+; [domain/LOCAL]
 ; [domains/LOCAL]
 ; description = LOCAL Users domain
-; enumerate = 3
+; id_provider = local
-; minId = 500
+; enumerate = true
-; maxId = 999
+; min_id = 500
-; legacy = FALSE
+; max_id = 999
 ; magicPrivateGroups = TRUE
 ; provider = local
-# Example LDAP domain that uses the proxy backend and the standard nss_ldap
+# Example native LDAP domain
-# and pam_ldap modules (Useful until we have good working native ldap backends).
+; [domain/LDAP]
-# For this to work the /etc/ldap.conf file needs to be correctly configured just
+; id_provider = ldap
-# like you would do when using nss_ldap in nsswitch.conf, but instead of setting
+; auth_provider = ldap
-# passwd: files ldap, set passwd: files, sss instead there.
+; ldap_uri = ldap://ldap.mydomain.org
-# Also consider using the following setting in /etc/ldap.conf to avoid needless
+; ldap_user_search_base = dc=mydomain,dc=org
-# delays if the ldap server is offline:
+; ldap_tls_reqcert = demand
-# timelimit 10
+; cache_credentials = true
-# bind_timelimit 5
+; enumerate = true
 # nss_reconnect_maxsleeptime 2
 # nss_reconnect_sleeptime 1
 ; [domains/LDAP]
 ; description = Proxy request to our LDAP server
 ; enumerate = 0
 ; minId = 1000
 ; legacy = TRUE
 ;
 ; provider = proxy
 ; libName = ldap
 ; libPath = libnss_ldap.so.2
 ;
 #if a backend is particularly slow you can raise this timeout here
 ; timeout = 60
--- a/sssd.spec
+++ b/sssd.spec
@ -1,5 +1,7 @@
 %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
 Name: sssd
-Version: 0.5.0
+Version: 0.6.0
 Release: 0%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
@ -18,6 +20,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 Requires: libldb >= 0.9.3
 Requires: libtdb >= 1.1.3
 Requires: sssd-client = 0.6.0
 Requires(post): python
 Requires(preun):  initscripts chkconfig
 Requires(postun): /sbin/service
@ -32,7 +36,8 @@ BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: libtool
 BuildRequires: m4
-BuildRequires: popt-devel
+%{?fedora:BuildRequires: popt-devel}
 %{?rhel:BuildRequires: popt}
 BuildRequires: libtalloc-devel
 BuildRequires: libtevent-devel
 BuildRequires: libtdb-devel
@ -49,6 +54,7 @@ BuildRequires: libxml2
 BuildRequires: docbook-style-xsl
 BuildRequires: krb5-devel
 BuildRequires: c-ares-devel
 BuildRequires: python-devel
 %description
 Provides a set of daemons to manage access to remote directories and
@ -57,6 +63,14 @@ the system and a pluggable backend system to connect to multiple different
 account sources. It is also the basis to provide client auditing and policy
 services for projects like FreeIPA.
 %package client
 Summary: SSSD Client libraries for NSS and PAM
 Group: Applications/System
 %description client
 Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
 service.
 %prep
 %setup -q
@ -83,15 +97,22 @@ rm -f \
    $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
    $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \
    $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \
-    $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la
+    $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \
    $RPM_BUILD_ROOT/%{python_sitearch}/pysss.la
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
 install -m600 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
 touch locator.filelist
 if test -e $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
 then
    echo %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so > locator.filelist
 fi
 %clean
 rm -rf $RPM_BUILD_ROOT
-%files
+%files -f locator.filelist
 %defattr(-,root,root,-)
 %doc COPYING
 %attr(755,root,root) %{_initrddir}/%{name}
@ -105,23 +126,40 @@ rm -rf $RPM_BUILD_ROOT
 %{_libexecdir}/%{servicename}/
 %{_libdir}/%{name}/
 %{_libdir}/ldb/memberof.so
 %{_libdir}/krb5/plugins/libkrb5/*
 %dir %{sssdstatedir}
 %attr(700,root,root) %dir %{dbpath}
 %attr(755,root,root) %dir %{pipepath}
 %attr(700,root,root) %dir %{pipepath}/private
 %attr(750,root,root) %dir %{_var}/log/%{name}
 %dir %{_sysconfdir}/sssd
 %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
-/%{_lib}/libnss_sss.so.2
+%{_mandir}/man5/sssd.conf.5*
-/%{_lib}/security/pam_sss.so
+%{_mandir}/man5/sssd-krb5.5*
-%{_mandir}/man5/*
+%{_mandir}/man5/sssd-ldap.5*
-%{_mandir}/man8/*
+%{_mandir}/man8/sssd.8*
 %{_mandir}/man8/sss_groupadd.8*
 %{_mandir}/man8/sss_groupdel.8*
 %{_mandir}/man8/sss_groupmod.8*
 %{_mandir}/man8/sss_useradd.8*
 %{_mandir}/man8/sss_userdel.8*
 %{_mandir}/man8/sss_usermod.8*
 %{_mandir}/man8/sssd_krb5_locator_plugin.8*
 %{_datadir}/locale/*/LC_MESSAGES/sss_client.mo
 %{_datadir}/locale/*/LC_MESSAGES/sss_daemon.mo
 %{python_sitearch}/pysss.so
 %files client
 /%{_lib}/libnss_sss.so.2
 /%{_lib}/security/pam_sss.so
 %{_mandir}/man8/pam_sss.8*
 %post
 /sbin/ldconfig
 /sbin/chkconfig --add %{servicename}
 if [ $1 -ge 2 ] ; then
 # a one-time upgrade from confdb v1 to v2, only if upgrading
    python %{_libexecdir}/%{servicename}/upgrade_config.py
 fi
 %preun
 if [ $1 = 0 ]; then
@ -136,6 +174,9 @@ if [ $1 -ge 1 ] ; then
 fi
 %changelog
 * Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0
 - New upstream release 0.6.0
 * Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
 - New upstream release 0.5.0
`@ -1 +1 @@`
	`7566dcac75e7248ca99b4dd0bb49c1ee sssd-0.5.0.tar.gz`	`2a2e118d9f29dda15dd4b8202b9cac62 sssd-0.6.0.tar.gz`