| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Application like krb5-auth-dialog might get confused if there is a
credential cache file without any credentials in it. This patch adds an
expired credential where only the client and the server principal are
set. The client principal is the user's principal and the server
principal corresponds to a TGT principal of the realm the user belongs
to.
|
|
|
|
|
| |
Moves several functions out of providers/krb5 hierarchy into a separate
module so it can be shared by the ldap child.
|
|
|
|
|
|
|
|
| |
To support IPA DS to Kerberos password migration a seperate
authentication target is added. It calls the Kerberos authentication
target and in the case of a 'Preauthentication Error' the LDAP
authentication target. On success the Kerberos target is called again to
request the TGT.
|
|
|
|
|
|
|
| |
- save current ccache file to sysdb
- use the saved ccache file if the user has running processes
- create an empty ccache if offline
- return enviroment variables if offline
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
- the patch to handle short read introduced a new variable len to
store the amount of data read. Instead of using this variable
unpack_buffer was called with the old variable ret. Thanks to
mnagy@redhat.com for finding this.
- this patch also fixes a potential error when the message size is
equal to the buffer size.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
- make the build of the locator plugin optional
- added a man page for the locator plugin
- use krb5.h if krb5/krb5.h cannot be found
- added alternatives for missing functions
- set -DDBUS_API_SUBJECT_TO_CHANGE if libdbus version
is lesser than 1.0.0
|
| |
|
|
|
|
|
|
|
|
| |
The configuration options krb5ccache_dir and krb5ccname_template
are added to the Kerberos provider to create the user's credential
caches the same way as pam_krb5 does. Due to the design of the sssd
and the supported ccache types of MIT Kerberos only files are
allowed.
|
| |
|
|
|