summaryrefslogtreecommitdiffstats
path: root/server/providers/krb5/krb5_child.c
Commit message (Collapse)AuthorAgeFilesLines
* Add dummy credentials to an empty ccache fileSumit Bose2009-12-081-2/+54
| | | | | | | | | Application like krb5-auth-dialog might get confused if there is a credential cache file without any credentials in it. This patch adds an expired credential where only the client and the server principal are set. The client principal is the user's principal and the server principal corresponds to a TGT principal of the realm the user belongs to.
* Split helpers for child processesJakub Hrozek2009-11-251-24/+1
| | | | | Moves several functions out of providers/krb5 hierarchy into a separate module so it can be shared by the ldap child.
* Add ipa_authSumit Bose2009-11-201-0/+3
| | | | | | | | To support IPA DS to Kerberos password migration a seperate authentication target is added. It calls the Kerberos authentication target and in the case of a 'Preauthentication Error' the LDAP authentication target. On success the Kerberos target is called again to request the TGT.
* Improve handling of ccache filesSumit Bose2009-11-201-97/+153
| | | | | | | - save current ccache file to sysdb - use the saved ccache file if the user has running processes - create an empty ccache if offline - return enviroment variables if offline
* Validate Kerberos credentials with local keytabSumit Bose2009-11-201-2/+146
|
* Check is ccache structure is initialized before calling krb5_cc_destroySumit Bose2009-11-061-8/+16
|
* add replacements for missing Kerberos callsSumit Bose2009-11-051-33/+7
|
* update krb5 option handling to new option schemeSumit Bose2009-10-221-3/+38
|
* enable debugging of krb5_childSumit Bose2009-10-151-2/+42
|
* fix a wrong argument to unpack_bufferSumit Bose2009-10-121-18/+40
| | | | | | | | | - the patch to handle short read introduced a new variable len to store the amount of data read. Instead of using this variable unpack_buffer was called with the old variable ret. Thanks to mnagy@redhat.com for finding this. - this patch also fixes a potential error when the message size is equal to the buffer size.
* handle expired password during authenticationSumit Bose2009-10-051-2/+25
|
* fix possible short reads in kerberos providerSumit Bose2009-09-251-10/+28
|
* added support for older MIT kerberos versionssbose2009-09-241-2/+29
| | | | | | | | | - make the build of the locator plugin optional - added a man page for the locator plugin - use krb5.h if krb5/krb5.h cannot be found - added alternatives for missing functions - set -DDBUS_API_SUBJECT_TO_CHANGE if libdbus version is lesser than 1.0.0
* fix the wrong usage of an offsetSumit Bose2009-09-141-1/+1
|
* add krb5ccache_dir and krb5ccname_template optionSumit Bose2009-09-141-26/+90
| | | | | | | | The configuration options krb5ccache_dir and krb5ccname_template are added to the Kerberos provider to create the user's credential caches the same way as pam_krb5 does. Due to the design of the sssd and the supported ccache types of MIT Kerberos only files are allowed.
* use fork+exec for kerberos helperSumit Bose2009-09-111-60/+253
|
* add change password target to krb5 backendSumit Bose2009-09-111-0/+363
generated by cgit (git 2.34.1) at 2024-05-09 15:42:00 +0000