New upstream release 0.6.0
This commit is contained in:
parent
8b935a1efc
commit
7a716e3c15
|
@ -1 +1 @@
|
||||||
sssd-0.5.0.tar.gz
|
sssd-0.6.0.tar.gz
|
||||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
||||||
7566dcac75e7248ca99b4dd0bb49c1ee sssd-0.5.0.tar.gz
|
2a2e118d9f29dda15dd4b8202b9cac62 sssd-0.6.0.tar.gz
|
||||||
|
|
|
@ -1,90 +1,57 @@
|
||||||
[services]
|
[sssd]
|
||||||
description = Local Service Configuration
|
config_file_version = 2
|
||||||
activeServices = nss, dp, pam
|
# Number of times services should attempt to reconnect in the
|
||||||
|
# event of a crash or restart before they give up
|
||||||
[services/nss]
|
reconnection_retries = 3
|
||||||
description = NSS Responder Configuration
|
|
||||||
# the following prevents sssd for searching for the root user/group in
|
|
||||||
# all domains (you can add here a comma separated list of system accounts are
|
|
||||||
# always going to be /etc/passwd users, or that you want to filter out)
|
|
||||||
filterGroups = root
|
|
||||||
filterUsers = root
|
|
||||||
|
|
||||||
[services/dp]
|
|
||||||
description = Data Provider Configuration
|
|
||||||
|
|
||||||
[services/pam]
|
|
||||||
description = PAM Responder Configuration
|
|
||||||
|
|
||||||
[services/monitor]
|
|
||||||
description = Service Monitor Configuration
|
|
||||||
# if a backend is particularly slow you can raise this timeout here
|
# if a backend is particularly slow you can raise this timeout here
|
||||||
sbusTimeout = 30
|
sbus_timeout = 30
|
||||||
|
services = nss, dp, pam
|
||||||
[domains]
|
|
||||||
description = Domains served by SSSD
|
|
||||||
; domains = LOCAL,LDAP
|
; domains = LOCAL,LDAP
|
||||||
|
|
||||||
# SSSD will not start if you don't configure any domain.
|
# SSSD will not start if you don't configure any domain.
|
||||||
# Add new domains condifgurations as [domains/<NAME>] sections.
|
# Add new domains condifgurations as [domain/<NAME>] sections.
|
||||||
# Then add the list of domains (in the order you want them to be
|
# Then add the list of domains (in the order you want them to be
|
||||||
# queried in the 'domains" attribute above and uncomment it
|
# queried in the 'domains" attribute above and uncomment it
|
||||||
|
|
||||||
# Example LOCAL domain that proxies to /etc/passwd and /etc/group files
|
|
||||||
# This configuration is meant mostly as a migration path to be able to store
|
|
||||||
# additional information about users while still keeping /etc/passwd
|
|
||||||
# authoritative.
|
|
||||||
|
|
||||||
; [domains/LOCAL]
|
[nss]
|
||||||
; description = LOCAL migration domain
|
# the following prevents sssd for searching for the root user/group in
|
||||||
; enumerate = 3
|
# all domains (you can add here a comma separated list of system accounts are
|
||||||
; minId = 500
|
# always going to be /etc/passwd users, or that you want to filter out)
|
||||||
; magicPrivateGroups = FALSE
|
filter_groups = root
|
||||||
; legacy = TRUE
|
filter_users = root
|
||||||
;
|
reconnection_retries = 3
|
||||||
; provider = proxy
|
|
||||||
; libName = files
|
|
||||||
; libPath = libnss_files.so.2
|
|
||||||
|
|
||||||
# optionally a file named sssdproxylocal can be place in pam.d configured to
|
# The EntryCacheTimeout indicates the number of seconds to retain before
|
||||||
# check pam_unix only and pam_sss can be used in the normal pam stack
|
# an entry in cache is considered stale and must block to refresh.
|
||||||
; auth-module = proxy
|
# The EntryCacheNoWaitRefreshTimeout indicates the number of seconds to
|
||||||
; pam-target = sssdproxylocal
|
# wait before updating the cache out-of-band. (NSS requests will still
|
||||||
|
# be returned from cache until the full EntryCacheTimeout). Setting this
|
||||||
|
# value to 0 turns this feature off (default)
|
||||||
|
; entry_cache_timeout = 600
|
||||||
|
; entry_cache_nowait_timeout = 300
|
||||||
|
|
||||||
|
[pam]
|
||||||
|
reconnection_retries = 3
|
||||||
|
|
||||||
|
[dp]
|
||||||
|
reconnection_retries = 3
|
||||||
|
|
||||||
# Example LOCAL domain that stores all users natively in the SSSD internal
|
# Example LOCAL domain that stores all users natively in the SSSD internal
|
||||||
# directory. These local users and groups are not visibile in /etc/passwd, it
|
# directory. These local users and groups are not visibile in /etc/passwd, it
|
||||||
# now contains only root and system accounts.
|
# now contains only root and system accounts.
|
||||||
|
; [domain/LOCAL]
|
||||||
; [domains/LOCAL]
|
|
||||||
; description = LOCAL Users domain
|
; description = LOCAL Users domain
|
||||||
; enumerate = 3
|
; id_provider = local
|
||||||
; minId = 500
|
; enumerate = true
|
||||||
; maxId = 999
|
; min_id = 500
|
||||||
; legacy = FALSE
|
; max_id = 999
|
||||||
; magicPrivateGroups = TRUE
|
|
||||||
; provider = local
|
|
||||||
|
|
||||||
# Example LDAP domain that uses the proxy backend and the standard nss_ldap
|
# Example native LDAP domain
|
||||||
# and pam_ldap modules (Useful until we have good working native ldap backends).
|
; [domain/LDAP]
|
||||||
# For this to work the /etc/ldap.conf file needs to be correctly configured just
|
; id_provider = ldap
|
||||||
# like you would do when using nss_ldap in nsswitch.conf, but instead of setting
|
; auth_provider = ldap
|
||||||
# passwd: files ldap, set passwd: files, sss instead there.
|
; ldap_uri = ldap://ldap.mydomain.org
|
||||||
# Also consider using the following setting in /etc/ldap.conf to avoid needless
|
; ldap_user_search_base = dc=mydomain,dc=org
|
||||||
# delays if the ldap server is offline:
|
; ldap_tls_reqcert = demand
|
||||||
# timelimit 10
|
; cache_credentials = true
|
||||||
# bind_timelimit 5
|
; enumerate = true
|
||||||
# nss_reconnect_maxsleeptime 2
|
|
||||||
# nss_reconnect_sleeptime 1
|
|
||||||
|
|
||||||
; [domains/LDAP]
|
|
||||||
; description = Proxy request to our LDAP server
|
|
||||||
; enumerate = 0
|
|
||||||
; minId = 1000
|
|
||||||
; legacy = TRUE
|
|
||||||
;
|
|
||||||
; provider = proxy
|
|
||||||
; libName = ldap
|
|
||||||
; libPath = libnss_ldap.so.2
|
|
||||||
;
|
|
||||||
#if a backend is particularly slow you can raise this timeout here
|
|
||||||
; timeout = 60
|
|
||||||
|
|
59
sssd.spec
59
sssd.spec
|
@ -1,5 +1,7 @@
|
||||||
|
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
|
||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 0.5.0
|
Version: 0.6.0
|
||||||
Release: 0%{?dist}
|
Release: 0%{?dist}
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
|
@ -18,6 +20,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||||
Requires: libldb >= 0.9.3
|
Requires: libldb >= 0.9.3
|
||||||
Requires: libtdb >= 1.1.3
|
Requires: libtdb >= 1.1.3
|
||||||
|
|
||||||
|
Requires: sssd-client = 0.6.0
|
||||||
|
Requires(post): python
|
||||||
Requires(preun): initscripts chkconfig
|
Requires(preun): initscripts chkconfig
|
||||||
Requires(postun): /sbin/service
|
Requires(postun): /sbin/service
|
||||||
|
|
||||||
|
@ -32,7 +36,8 @@ BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
BuildRequires: m4
|
BuildRequires: m4
|
||||||
BuildRequires: popt-devel
|
%{?fedora:BuildRequires: popt-devel}
|
||||||
|
%{?rhel:BuildRequires: popt}
|
||||||
BuildRequires: libtalloc-devel
|
BuildRequires: libtalloc-devel
|
||||||
BuildRequires: libtevent-devel
|
BuildRequires: libtevent-devel
|
||||||
BuildRequires: libtdb-devel
|
BuildRequires: libtdb-devel
|
||||||
|
@ -49,6 +54,7 @@ BuildRequires: libxml2
|
||||||
BuildRequires: docbook-style-xsl
|
BuildRequires: docbook-style-xsl
|
||||||
BuildRequires: krb5-devel
|
BuildRequires: krb5-devel
|
||||||
BuildRequires: c-ares-devel
|
BuildRequires: c-ares-devel
|
||||||
|
BuildRequires: python-devel
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Provides a set of daemons to manage access to remote directories and
|
Provides a set of daemons to manage access to remote directories and
|
||||||
|
@ -57,6 +63,14 @@ the system and a pluggable backend system to connect to multiple different
|
||||||
account sources. It is also the basis to provide client auditing and policy
|
account sources. It is also the basis to provide client auditing and policy
|
||||||
services for projects like FreeIPA.
|
services for projects like FreeIPA.
|
||||||
|
|
||||||
|
%package client
|
||||||
|
Summary: SSSD Client libraries for NSS and PAM
|
||||||
|
Group: Applications/System
|
||||||
|
|
||||||
|
%description client
|
||||||
|
Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
|
||||||
|
service.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
|
@ -83,15 +97,22 @@ rm -f \
|
||||||
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
|
||||||
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \
|
||||||
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \
|
||||||
$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la
|
$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \
|
||||||
|
$RPM_BUILD_ROOT/%{python_sitearch}/pysss.la
|
||||||
|
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
|
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
|
||||||
install -m600 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
|
install -m600 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
|
||||||
|
|
||||||
|
touch locator.filelist
|
||||||
|
if test -e $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
|
||||||
|
then
|
||||||
|
echo %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so > locator.filelist
|
||||||
|
fi
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
%files
|
%files -f locator.filelist
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
%doc COPYING
|
%doc COPYING
|
||||||
%attr(755,root,root) %{_initrddir}/%{name}
|
%attr(755,root,root) %{_initrddir}/%{name}
|
||||||
|
@ -105,23 +126,40 @@ rm -rf $RPM_BUILD_ROOT
|
||||||
%{_libexecdir}/%{servicename}/
|
%{_libexecdir}/%{servicename}/
|
||||||
%{_libdir}/%{name}/
|
%{_libdir}/%{name}/
|
||||||
%{_libdir}/ldb/memberof.so
|
%{_libdir}/ldb/memberof.so
|
||||||
%{_libdir}/krb5/plugins/libkrb5/*
|
|
||||||
%dir %{sssdstatedir}
|
%dir %{sssdstatedir}
|
||||||
%attr(700,root,root) %dir %{dbpath}
|
%attr(700,root,root) %dir %{dbpath}
|
||||||
%attr(755,root,root) %dir %{pipepath}
|
%attr(755,root,root) %dir %{pipepath}
|
||||||
%attr(700,root,root) %dir %{pipepath}/private
|
%attr(700,root,root) %dir %{pipepath}/private
|
||||||
|
%attr(750,root,root) %dir %{_var}/log/%{name}
|
||||||
%dir %{_sysconfdir}/sssd
|
%dir %{_sysconfdir}/sssd
|
||||||
%config(noreplace) %{_sysconfdir}/sssd/sssd.conf
|
%config(noreplace) %{_sysconfdir}/sssd/sssd.conf
|
||||||
/%{_lib}/libnss_sss.so.2
|
%{_mandir}/man5/sssd.conf.5*
|
||||||
/%{_lib}/security/pam_sss.so
|
%{_mandir}/man5/sssd-krb5.5*
|
||||||
%{_mandir}/man5/*
|
%{_mandir}/man5/sssd-ldap.5*
|
||||||
%{_mandir}/man8/*
|
%{_mandir}/man8/sssd.8*
|
||||||
|
%{_mandir}/man8/sss_groupadd.8*
|
||||||
|
%{_mandir}/man8/sss_groupdel.8*
|
||||||
|
%{_mandir}/man8/sss_groupmod.8*
|
||||||
|
%{_mandir}/man8/sss_useradd.8*
|
||||||
|
%{_mandir}/man8/sss_userdel.8*
|
||||||
|
%{_mandir}/man8/sss_usermod.8*
|
||||||
|
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
|
||||||
%{_datadir}/locale/*/LC_MESSAGES/sss_client.mo
|
%{_datadir}/locale/*/LC_MESSAGES/sss_client.mo
|
||||||
%{_datadir}/locale/*/LC_MESSAGES/sss_daemon.mo
|
%{_datadir}/locale/*/LC_MESSAGES/sss_daemon.mo
|
||||||
|
%{python_sitearch}/pysss.so
|
||||||
|
|
||||||
|
%files client
|
||||||
|
/%{_lib}/libnss_sss.so.2
|
||||||
|
/%{_lib}/security/pam_sss.so
|
||||||
|
%{_mandir}/man8/pam_sss.8*
|
||||||
|
|
||||||
%post
|
%post
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
/sbin/chkconfig --add %{servicename}
|
/sbin/chkconfig --add %{servicename}
|
||||||
|
if [ $1 -ge 2 ] ; then
|
||||||
|
# a one-time upgrade from confdb v1 to v2, only if upgrading
|
||||||
|
python %{_libexecdir}/%{servicename}/upgrade_config.py
|
||||||
|
fi
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
if [ $1 = 0 ]; then
|
if [ $1 = 0 ]; then
|
||||||
|
@ -136,6 +174,9 @@ if [ $1 -ge 1 ] ; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0
|
||||||
|
- New upstream release 0.6.0
|
||||||
|
|
||||||
* Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
|
* Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
|
||||||
- New upstream release 0.5.0
|
- New upstream release 0.5.0
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue