freeipa.git - FreeIPA project

	Commit message (Collapse)	Author	Age	Files	Lines
*	ipa-kdb: Add OTP support	Nathaniel McCallum	2013-05-17	1	-1/+37
\| \| \| \| \| \| \| \| \| \| \| \| \|	If OTP is enabled for a user, then: 1. Long-term keys are not provided to KDB 2. The user string 'otp' is defined to KDB Since it is not secure to send radius configuration information over krb5 user strings, we simply set the string to a known default ('[]') which enables the default configuration in the KDC. https://fedorahosted.org/freeipa/ticket/3561 http://freeipa.org/page/V3/OTP
*	ipa-kdb: Read global defaul ipaKrbAuthzData	Sumit Bose	2013-03-08	1	-1/+26
\| \| \| \| \| \| \|	The ipaKrbAuthzData LDAP attribute is read from the ipaConfig object and the read value(s) are stored in the ipadb context. https://fedorahosted.org/freeipa/ticket/2960
*	ipa-kdb: Free talloc autofree context when module is closed	sbose	2013-02-14	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Currently kdb5kdc crashes on exit if the ipadb KDB modules is loaded and trusts are configured. The reason is the talloc autofree context which get initialised during the ndr_push_union_blob() call. On exit the KDC module is unloaded an later on atexit() tries to free the context, but all related symbols are already unloaded with the module. This patch frees the talloc autofree context during the cleanup routine of the module. Since this is called only at exit and not during normal operations this is safe even if other KDC plugins use the talloc autofree context, e.g. via some Samba libraries, as well. Fixes https://fedorahosted.org/freeipa/ticket/3410
*	ipa-kdb: remove memory leaks	Martin Kosek	2013-02-14	1	-0/+4
\| \| \| \| \| \| \| \|	All known memory leaks caused by unfreed allocated memory or unfreed LDAP results (which should be also done after unsuccessful searches) are fixed. https://fedorahosted.org/freeipa/ticket/3413
*	Add support for disabling KDC writes	Simo Sorce	2012-06-06	1	-0/+66
\| \| \| \| \| \| \| \| \| \| \|	Add two global ipaConfig options to disable undesirable writes that have performance impact. The "KDC:Disable Last Success" will disable writing back to ldap the last successful AS Request time (successful kinit) The "KDC:Disable Lockout" will disable completely writing back lockout related data. This means lockout policies will stop working. https://fedorahosted.org/freeipa/ticket/2734
*	policy: add function to check lockout policy	Simo Sorce	2012-02-19	1	-1/+1
\| \| \| \|	Fixes: https://fedorahosted.org/freeipa/ticket/2393
*	ipa-kdb: add AS auditing support	Simo Sorce	2012-02-14	1	-1/+1
\| \| \| \|	Fixes: https://fedorahosted.org/freeipa/ticket/2334
*	ipa-kdb: Add delgation access control support	Simo Sorce	2011-12-08	1	-1/+1
\|
*	Add support for generating PAC for AS requests for user principals	Simo Sorce	2011-11-07	1	-1/+6
\|
*	Fix CID 11019: Resource leak	Simo Sorce	2011-11-07	1	-6/+7
\| \| \| \|	https://fedorahosted.org/freeipa/ticket/2037
*	ipa-kdb: Fix memory leak	Simo Sorce	2011-11-03	1	-0/+1
\|
*	ipa-kdb: implement change_pwd function	Simo Sorce	2011-08-26	1	-1/+1
\|
*	ipa-kdb: implement function to retrieve password policies	Simo Sorce	2011-08-26	1	-43/+6
\|
*	ipa-kdb: Get/Store Master Key directly from LDAP	Simo Sorce	2011-08-26	1	-8/+13
\|
*	ipa-kdb: functions to get principal	Simo Sorce	2011-08-26	1	-35/+0
\|
*	ipa-kdb: implement get_time function	Simo Sorce	2011-08-26	1	-1/+5
\|
*	ipa-kdb: initialize module functions	Simo Sorce	2011-08-26	1	-6/+340
\| \| \| \| \|	Initialize module also on ipadb_create invocation. This is what kdb5_util expects.
*	ipa-kdb: Initial plugin skeleton	Simo Sorce	2011-08-26	1	-0/+185