summaryrefslogtreecommitdiffstats
path: root/src/providers/krb5/krb5_auth.c
Commit message (Collapse)AuthorAgeFilesLines
* Delete cached ccache file if password is expiredSumit Bose2011-06-151-8/+63
|
* Fix bad password caching when using automatic TGT renewalsssd-1_5_7Stephen Gallagher2011-04-291-3/+12
| | | | Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856
* Always generate kpasswdinfo filesssd-1_5_6Stephen Gallagher2011-04-201-2/+1
| | | | | Previously, we only generated it when performing a password change, but this didn't play nicely with kpasswd.
* Fix potential NULL-dereference in krb5_auth_done()Sumit Bose2010-12-211-3/+3
| | | | https://fedorahosted.org/sssd/ticket/745
* Serialize requests of the same user in the krb5 providerSumit Bose2010-12-201-0/+22
|
* Fixes for automatic ticket renewalSumit Bose2010-12-201-18/+27
| | | | | | - do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes
* Add support for FAST in krb5 providerSumit Bose2010-12-071-5/+7
|
* Add support for automatic Kerberos ticket renewalSumit Bose2010-12-031-0/+18
|
* krb5_child returns TGT lifetimeSumit Bose2010-12-031-0/+21
|
* Make handle_child_* request publicSumit Bose2010-11-041-319/+12
| | | | | | I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit.
* Make krb5_setup() publicSumit Bose2010-11-041-3/+2
|
* Add krb5_get_simple_upn()Sumit Bose2010-11-041-6/+3
|
* Add infrastructure for Kerberos access providerSumit Bose2010-11-041-26/+78
|
* Fix two return value checksSumit Bose2010-11-011-2/+2
|
* Fix incorrect free of req in krb5_auth.cStephen Gallagher2010-11-011-1/+1
|
* Fixed potential comparison of undefined variableJan Zeleny2010-09-021-0/+1
| | | | | | If the allocation on line 678 failed, the value of ret was undefined in following comparison. ENOMEM is now assigned before the comparison. Ticket: #578
* Fix handling of ccache file when going offlineSumit Bose2010-05-261-32/+75
| | | | | | | The ccache file was removed too early if system is offline but the backend was not already marked offline. Now we remove the ccache file only if the successfully got a new one and it is not the same as the old one.
* Add support for delayed kinit if offlineSumit Bose2010-05-261-26/+50
| | | | | | | If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
* Handle Krb5 password expiration warningSumit Bose2010-05-261-119/+73
|
* Try all servers during Kerberos authJakub Hrozek2010-05-261-23/+104
| | | | | The Kerberos backend would previously try only the first server and if it was unreachable, it immediatelly went offline.
* Properly set up SIGCHLD handlersStephen Gallagher2010-05-161-0/+6
| | | | | | Instead of having all-purpose SIGCHLD handlers that try to catch every occurrence, we instead create a per-PID handler. This will allow us to specify callbacks to occur when certain children exit.
* Make Kerberos authentication a tevent_reqSumit Bose2010-05-161-214/+339
| | | | | To allow other providers to include Kerberos authentication the main part is put into a tevent request.
* Display a message if a password reset by root failsSumit Bose2010-04-261-0/+7
|
* sysdb: convert sysdb_get_user_attrSimo Sorce2010-04-121-38/+13
|
* Remove remaining use of sysdb_transaction_sendSimo Sorce2010-04-121-103/+49
|
* sysdb: convert sysdb_cache_passwordSimo Sorce2010-04-121-29/+8
|
* sysdb: convert sysdb_set_entry/user/group_attrSimo Sorce2010-04-121-23/+4
|
* Allow arbitrary-length PAM messagesStephen Gallagher2010-03-251-1/+1
| | | | | | | | | The PAM standard allows for messages of any length to be returned to the client. We were discarding all messages of length greater than 255. This patch dynamically allocates the message buffers so we can pass the complete message. This resolves https://fedorahosted.org/sssd/ticket/432
* Add krb5_kpasswd optionSumit Bose2010-03-121-9/+76
|
* Add expandable sequences to krb5_ccachedirSumit Bose2010-03-111-2/+11
| | | | | | | As with krb5_ccname_template sequences like %u can be used in the krb5_ccachedir parameter which are expanded at runtime. If the directory does not exist, it will be created. Depending on the used sequences it is created as a public or private directory.
* Add forgotten \n in DEBUG statementsMartin Nagy2010-03-041-1/+1
| | | | | | Logs from confdb with missing '\n' in the DEBUG statements annoyed me so I decided to fix them. I also made a quick grep through the code and found other places so I fixed them too.
* Improve safe alignment buffer handling macrosSimo Sorce2010-03-031-16/+17
| | | | | | | | | Make the counter optional so that alignment safe macros can be used also where there is no counter to update. Change arguments names so that they are not deceiving (ptr normlly identify a pointer) Turn the memcpy substitute into an inline function so that passing a pointer to rp and checking for it doesn't make the compiler spit lots of warnings.
* Remove unneeded items from struct pam_dataSumit Bose2010-02-191-16/+30
|
* Send Kerberos environment after password changeSumit Bose2010-02-191-1/+1
|
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+1193
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-07 23:35:02 +0000