Commit - SSSD/sssd - bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11

    Modify behavior of pam_pwd_expiration_warning
    
    New option pwd_expiration_warning is introduced which can be set per
    domain and can override the value specified by the original
    pam_pwd_expiration_warning.
    
    If the value of expiration warning is set to zero, the filter isn't
    apllied at all - if backend server returns the warning, it will be
    automatically displayed.
    
    Default value for Kerberos: 7 days
    Default value for LDAP: don't apply the filter
    
    Technical note: default value when creating the domain is -1. This is
    important so we can distinguish between "no value set" and 0. Without
    this possibility it would be impossible to set different values for LDAP
    and Kerberos provider.

src/confdb/confdb.c

file modified

+18 -0

src/confdb/confdb.h

file modified

+3 -0

src/config/etc/sssd.api.conf

file modified

+1 -0

src/man/sssd.conf.5.xml

file modified

+34 -1

src/providers/krb5/krb5_auth.c

file modified

+27 -4

src/providers/ldap/ldap_auth.c

file modified

+30 -12

src/responder/pam/pamsrv_cmd.c

file modified

+0 -35

src/util/domain_info_utils.c

file modified

+1 -0

src/util/sss_krb5.h

file modified

+5 -0

SSSD / sssd

Source Code

Documentation

bf8cce7 Modify behavior of pam_pwd_expiration_warning

9 files Authored by jzeleny 11 years ago, Committed by sgallagh 11 years ago,

`bf8cce7` Modify behavior of pam_pwd_expiration_warning