diff --git a/.gitignore b/.gitignore index 5558a2b..b9adec7 100644 --- a/.gitignore +++ b/.gitignore @@ -28,3 +28,4 @@ sssd-1.2.91.tar.gz /sssd-1.8.1.tar.gz /sssd-1.8.2.tar.gz /sssd-1.8.3.tar.gz +/sssd-1.9.0beta1.tar.gz diff --git a/FED01-Change-Kerberos-credential-cache-default-loca.patch b/FED01-Change-Kerberos-credential-cache-default-loca.patch index e27e04a..99d9267 100644 --- a/FED01-Change-Kerberos-credential-cache-default-loca.patch +++ b/FED01-Change-Kerberos-credential-cache-default-loca.patch @@ -1,4 +1,4 @@ -From 8ae0fc769b419e16ce7804bd516f7c2d03ce8471 Mon Sep 17 00:00:00 2001 +From 05c49dd916dcbea2ce8f6a6b14fd54a5c67fd6db Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 22 Feb 2012 07:53:56 -0500 Subject: [PATCH] FEDORA: Change Kerberos credential cache default location @@ -7,9 +7,9 @@ On Fedora, we need to default to using /run/user/%u for credential caches for improved security and to simplify rpc.gssd locating the cache for use with NFS. --- - src/man/sssd-krb5.5.xml | 4 ++-- - src/providers/krb5/krb5_common.c | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) + src/man/sssd-krb5.5.xml | 4 ++-- + src/providers/krb5/krb5_opts.h | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml index 247337a90a80b078d0395b27a02e5ea2c72a5ce8..cc10dc149c407450a59f39ebc2de0ac95e33028e 100644 @@ -33,21 +33,19 @@ index 247337a90a80b078d0395b27a02e5ea2c72a5ce8..cc10dc149c407450a59f39ebc2de0ac9 -diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c -index c2cb94b61463cbdaf3f4fa5a5cb311af55b4b960..e3a74697249a8dd10907beaeaef415a48c3c30a9 100644 ---- a/src/providers/krb5/krb5_common.c -+++ b/src/providers/krb5/krb5_common.c -@@ -34,8 +34,8 @@ - struct dp_option default_krb5_opts[] = { +diff --git a/src/providers/krb5/krb5_opts.h b/src/providers/krb5/krb5_opts.h +index 7f47290c961ce6455e0d123e9ec14c7add39d28d..ff1863b98524eab1d175e06253e78cafa15b3f2d 100644 +--- a/src/providers/krb5/krb5_opts.h ++++ b/src/providers/krb5/krb5_opts.h +@@ -29,7 +29,7 @@ struct dp_option default_krb5_opts[] = { { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, -- { "krb5_ccachedir", DP_OPT_STRING, { "/tmp" }, NULL_STRING }, + { "krb5_ccachedir", DP_OPT_STRING, { "/tmp" }, NULL_STRING }, - { "krb5_ccname_template", DP_OPT_STRING, { "FILE:%d/krb5cc_%U_XXXXXX" }, NULL_STRING}, -+ { "krb5_ccachedir", DP_OPT_STRING, { "/run/user/%u" }, NULL_STRING }, -+ { "krb5_ccname_template", DP_OPT_STRING, { "FILE:%d/krb5cc" }, NULL_STRING}, ++ { "krb5_ccname_template", DP_OPT_STRING, { "/run/user/%u" }, NULL_STRING}, { "krb5_auth_timeout", DP_OPT_NUMBER, { .number = 15 }, NULL_NUMBER }, { "krb5_keytab", DP_OPT_STRING, { "/etc/krb5.keytab" }, NULL_STRING }, { "krb5_validate", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, -- -1.7.7.6 +1.7.10.1 diff --git a/sources b/sources index 0388784..693ecd5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e09410d6bfe0a2bf8a4ce7ab95c005db sssd-1.8.3.tar.gz +829ecc6544f76185581d5feb788edae4 sssd-1.9.0beta1.tar.gz diff --git a/sssd.spec b/sssd.spec index d21c5ce..7538704 100644 --- a/sssd.spec +++ b/sssd.spec @@ -15,13 +15,13 @@ %global ldb_version 1.1.4 Name: sssd -Version: 1.8.3 -Release: 11%{?dist} +Version: 1.9.0 +Release: 1%{?dist}.beta1 Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ URL: http://fedorahosted.org/sssd/ -Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz +Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}beta1.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### @@ -36,6 +36,7 @@ Requires: libtdb >= 1.1.3 Requires: sssd-client%{?_isa} = %{version}-%{release} Requires: cyrus-sasl-gssapi%{?_isa} Requires: libipa_hbac%{?_isa} = %{version}-%{release} +Requires: libsss_idmap%{?_isa} = %{version}-%{release} Requires: krb5-libs >= 1.9 Requires: keyutils-libs Requires(post): systemd-units initscripts chkconfig /sbin/ldconfig @@ -122,6 +123,23 @@ SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides a userspace tool for generating an obfuscated LDAP password for use with ldap_default_authtok_type = obfuscated_password. +%package -n libsss_idmap +Summary: FreeIPA Idmap library +Group: Development/Libraries +License: LGPLv3+ + +%description -n libsss_idmap +Utility library to SIDs to Unix uids and gids + +%package -n libsss_idmap-devel +Summary: FreeIPA Idmap library +Group: Development/Libraries +License: LGPLv3+ +Requires: libsss_idmap = %{version}-%{release} + +%description -n libsss_idmap-devel +Utility library to SIDs to Unix uids and gids + %package -n libipa_hbac Summary: FreeIPA HBAC Evaluator library Group: Development/Libraries @@ -182,7 +200,7 @@ UpdateTimestamps() { done } -%setup -q -n %{name}-%{version} +%setup -q -n %{name}-1.8.91 for p in %patches ; do %__patch -p1 -i $p @@ -243,7 +261,7 @@ cp src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{_unitdir}/ find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \; # Suppress developer-only documentation -rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}/doc +rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name} # Older versions of rpmbuild can only handle one -f option # So we need to append to the sssd.lang file @@ -370,6 +388,18 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/sss_cache.8* %{_mandir}/man8/sss_debuglevel.8* +%files -n libsss_idmap +%defattr(-,root,root,-) +%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_idmap.so.* + +%files -n libsss_idmap-devel +%defattr(-,root,root,-) +%doc idmap_doc/html +%{_includedir}/sss_idmap.h +%{_libdir}/libsss_idmap.so +%{_libdir}/pkgconfig/sss_idmap.pc + %files -n libipa_hbac %defattr(-,root,root,-) %doc src/sss_client/COPYING src/sss_client/COPYING.LESSER @@ -456,6 +486,16 @@ fi %postun -n libipa_hbac -p /sbin/ldconfig %changelog +* Fri May 11 2012 Stephen Gallagher - 1.9.0-1.beta1 +- New upstream release 1.9.0 beta 1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 +- Add native support for autofs to the IPA provider +- Support for ID-mapping when connecting to Active Directory +- Support for handling very large (> 1500 users) groups in Active Directory +- Support for sub-domains (will be used for dealing with trust relationships) +- Add a new fast in-memory cache to speed up lookups of cached data on + repeated requests + * Thu May 03 2012 Stephen Gallagher - 1.8.3-11 - New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3