sssd.git - sssd with jhrozek's patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	Allow usage of enterprise principals	Sumit Bose	2013-04-22	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Enterprise principals are currently most useful for the AD provider and hence enabled here by default while for the other Kerberos based authentication providers they are disabled by default. If additional UPN suffixes are configured for the AD domain the user principal stored in the AD LDAP server might not contain the real Kerberos realm of the AD domain but one of the additional suffixes which might be completely randomly chooses, e.g. are not related to any existing DNS domain. This make it hard for a client to figure out the right KDC to send requests to. To get around this enterprise principals (see http://tools.ietf.org/html/rfc6806 for details) were introduced. Basically a default realm is added to the principal so that the Kerberos client libraries at least know where to send the request to. It is not in the responsibility of the KDC to either handle the request itself, return a client referral if he thinks a different KDC can handle the request or return and error. This feature is also use to allow authentication in AD environments with cross forest trusts. Fixes https://fedorahosted.org/sssd/ticket/1842
*	Add support for krb5 1.11's responder callback.	Nathaniel McCallum	2013-03-08	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \|	krb5 1.11 adds support for a new method for responding to structured data queries. This method, called the responder, provides an alternative to the prompter interface. This patch adds support for this method. It takes the password and provides it via a responder instead of the prompter. In the case of OTP authentication, it also disables the caching of credentials (since the credentials are one-time only).
*	krb5: include backwards compatible declaration of krb5_trace_info	Jakub Hrozek	2013-02-11	1	-1/+1
\| \| \| \| \| \| \|	krb5-1.10 used to include "struct krb5_trace_info", now krb5-1.11 includes a "krb5_trace_info" typedefed from "struct _krb5_trace_info". Do the same in the SSSD to allow compiling with both 1.10 and 1.11.
*	Add replacement for krb5_find_authdata()	Sumit Bose	2012-10-26	1	-0/+1
\| \| \| \| \| \| \| \| \|	krb5_find_authdata() is only available in MIT Kerberos 1.10 or higher. To allow sssd to be compiled on platform with lower version of MIT Kerberos a replacement call is added. Please note that on those platform the replacement call will only return an error. If the krb5_find_authdata functionality is really needed on those platform it must be implemented by a different patch.
*	Only call krb5_set_trace_callback on platforms that support it	Jakub Hrozek	2012-10-12	1	-0/+1
\|
*	heimdal: fix compile error in krb5-child-test	Rambaldi	2012-07-09	1	-0/+1
\|
*	KRB5: Auto-detect DIR cache support in configure	Stephen Gallagher	2012-06-15	1	-1/+3
\| \| \| \| \| \|	We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
*	Kerberos locator: Include the correct krb5.h header file	Jakub Hrozek	2012-05-07	1	-2/+13
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1325
*	Add compatibility layer for Heimdal Kerberos implementation	Stephen Gallagher	2011-12-22	1	-1/+9
\|
*	Add wrapper for krb5_get_init_creds_opt_set_canonicalize	Jan Zeleny	2011-11-02	1	-0/+1
\|
*	Added some kerberos functions for building on RHEL5	Jan Zeleny	2011-05-05	1	-1/+2
\|
*	Add support for FAST in krb5 provider	Sumit Bose	2010-12-07	1	-1/+3
\|
*	Use new MIT krb5 API for better password expiration warnings	Sumit Bose	2010-09-23	1	-1/+2
\|
*	Remove bash-isms from configure macros	Petter Reinholdtsen	2010-05-21	1	-1/+1
\|
*	Rename server/ directory to src/	Stephen Gallagher	2010-02-18	1	-0/+62
	Also update BUILD.txt