| e0ca21d9f899c60cc50030c6ae793c48e92b5b7f |
|
02-Mar-2017 |
Fabiano Fidêncio <fidencio@redhat.com> |
SYSTEMD: Force responders to refuse manual start
As the responders will either be explicitly started by the monitor or
{dbus,socket}-activated, let's force them to refuse manual start, being
a little bit restricter on our side.
Resolves:
https://pagure.io/SSSD/sssd/issue/3300
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
| 6a7e28f06e4db1fa07e63ee39f3c28446ff56f4e |
|
23-Jan-2017 |
Fabiano Fidêncio <fidencio@redhat.com> |
PAM: Make PAM responder socket-activatable
As part of the effort of making all responder socket-activatable, let's
make PAM responder ready for this by providing its systemd's units.
In case the administrators want to use PAM responder taking advantage
of socket-activation they will need to enable sssd-pam.socket and after
a restart of the sssd service, the PAM socket will be ready waiting for
any activity in order to start the PAM responder. Also, the PAM
responder must be removed from the services line on sssd.conf.
The PAM responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.
PAM responder, differently from the others, is a special case as it has
two sockets and its private sockets must be owned by root and must have
a specifc permission (0600). It's not new, though, and it's following
what has been already done in the project..
Related:
https://fedorahosted.org/sssd/ticket/2243
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |