summaryrefslogtreecommitdiffstats
path: root/src/providers/krb5
Commit message (Collapse)AuthorAgeFilesLines
* Add dns_discovery_domain optionJakub Hrozek2010-06-301-1/+1
| | | | | | | | | | | | The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
* Standardize on correct spelling of "principal" for krb5Stephen Gallagher2010-06-162-4/+4
| | | | https://fedorahosted.org/sssd/ticket/542
* Remove krb5_changepw_principal optionJakub Hrozek2010-06-144-42/+22
| | | | Fixes: #531
* Properly handle read() and write() throughout the SSSDStephen Gallagher2010-06-101-7/+18
| | | | | | | We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
* Add a missing initializerSumit Bose2010-06-091-1/+1
|
* Initialize pam_data in Kerberos child.Sumit Bose2010-06-061-1/+1
|
* Refactor krb5 SIGTERM handler installationSumit Bose2010-05-273-14/+39
|
* Add callback to remove krb5 info files when going offlineSumit Bose2010-05-274-40/+156
|
* Refactor krb5_finalize()Sumit Bose2010-05-271-12/+27
|
* Revert "Create kdcinfo and kpasswdinfo file at startup"Sumit Bose2010-05-272-41/+1
| | | | This reverts commit f3c31d11bf365eb6a79c4f698667915a4c81eeb7.
* Fix handling of ccache file when going offlineSumit Bose2010-05-262-32/+76
| | | | | | | The ccache file was removed too early if system is offline but the backend was not already marked offline. Now we remove the ccache file only if the successfully got a new one and it is not the same as the old one.
* Add support for delayed kinit if offlineSumit Bose2010-05-266-27/+425
| | | | | | | If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
* Handle Krb5 password expiration warningSumit Bose2010-05-262-174/+195
|
* Try all servers during Kerberos authJakub Hrozek2010-05-261-23/+104
| | | | | The Kerberos backend would previously try only the first server and if it was unreachable, it immediatelly went offline.
* Properly set up SIGCHLD handlersStephen Gallagher2010-05-162-1/+6
| | | | | | Instead of having all-purpose SIGCHLD handlers that try to catch every occurrence, we instead create a per-PID handler. This will allow us to specify callbacks to occur when certain children exit.
* New version of IPA auth and password migrationSumit Bose2010-05-161-2/+2
| | | | | | | | | The current version modified some global structures to be able to use Kerberos and LDAP authentication during the IPA password migration. This new version only uses tevent requests. Additionally the ipaMigrationEnabled attribute is read from the IPA server to see if password migration is allowed or not.
* Make Kerberos authentication a tevent_reqSumit Bose2010-05-162-215/+345
| | | | | To allow other providers to include Kerberos authentication the main part is put into a tevent request.
* Use service discovery in backendsJakub Hrozek2010-05-073-6/+27
| | | | | | | | | Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
* Create kdcinfo and kpasswdinfo file at startupSumit Bose2010-05-072-1/+41
|
* Clean up kdcinfo and kpasswdinfo files when exitingStephen Gallagher2010-05-073-2/+57
|
* Display a message if a password reset by root failsSumit Bose2010-04-261-0/+7
|
* sysdb: convert sysdb_get_user_attrSimo Sorce2010-04-121-38/+13
|
* Remove remaining use of sysdb_transaction_sendSimo Sorce2010-04-121-103/+49
|
* sysdb: convert sysdb_cache_passwordSimo Sorce2010-04-121-29/+8
|
* sysdb: convert sysdb_set_entry/user/group_attrSimo Sorce2010-04-121-23/+4
|
* Allow arbitrary-length PAM messagesStephen Gallagher2010-03-252-20/+7
| | | | | | | | | The PAM standard allows for messages of any length to be returned to the client. We were discarding all messages of length greater than 255. This patch dynamically allocates the message buffers so we can pass the complete message. This resolves https://fedorahosted.org/sssd/ticket/432
* Add krb5_kpasswd optionSumit Bose2010-03-126-30/+205
|
* Write the IP address of the KDC to the kdcinfo fileSumit Bose2010-03-111-16/+10
|
* Add expandable sequences to krb5_ccachedirSumit Bose2010-03-116-21/+292
| | | | | | | As with krb5_ccname_template sequences like %u can be used in the krb5_ccachedir parameter which are expanded at runtime. If the directory does not exist, it will be created. Depending on the used sequences it is created as a public or private directory.
* Add forgotten \n in DEBUG statementsMartin Nagy2010-03-041-1/+1
| | | | | | Logs from confdb with missing '\n' in the DEBUG statements annoyed me so I decided to fix them. I also made a quick grep through the code and found other places so I fixed them too.
* Improve safe alignment buffer handling macrosSimo Sorce2010-03-032-31/+32
| | | | | | | | | Make the counter optional so that alignment safe macros can be used also where there is no counter to update. Change arguments names so that they are not deceiving (ptr normlly identify a pointer) Turn the memcpy substitute into an inline function so that passing a pointer to rp and checking for it doesn't make the compiler spit lots of warnings.
* Handle expired passwords like other PAM modulesSumit Bose2010-02-231-1/+1
| | | | | | | | | | | | | So far we handled expired password during authentication. Other PAM modules typically detect expired password during account management and return PAM_NEW_AUTHTOK_REQD if the password is expired and should be changed. The PAM library then calls the change password routines. To meet these standards pam_sss is change accordingly. As a result it is now possible to update an expired password via ssh if sssd is running with PasswordAuthentication=yes. One drawback due to limitations of PAM is that the user now has to type his current password again before setting a new one.
* Remove unneeded items from struct pam_dataSumit Bose2010-02-194-59/+69
|
* Send Kerberos environment after password changeSumit Bose2010-02-191-1/+1
|
* Rename server/ directory to src/Stephen Gallagher2010-02-189-0/+3139
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-06 15:23:32 +0000