summaryrefslogtreecommitdiffstats
path: root/src/providers/krb5
Commit message (Collapse)AuthorAgeFilesLines
* Check ccache file for renewable TGTs at startupSumit Bose2011-02-223-0/+241
|
* Remove renewal item if it is not re-addedSumit Bose2011-02-181-1/+34
|
* Fix potential NULL-dereference in krb5_auth_done()Sumit Bose2010-12-211-3/+3
| | | | https://fedorahosted.org/sssd/ticket/745
* Serialize requests of the same user in the krb5 providerSumit Bose2010-12-204-0/+239
|
* Fixes for automatic ticket renewalSumit Bose2010-12-204-44/+100
| | | | | | - do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes
* Fix incorrect return value on failure in check_and_export_options()Sumit Bose2010-12-141-0/+1
| | | | https://fedorahosted.org/sssd/ticket/722
* Fix build issue with older Kerberos librarySumit Bose2010-12-081-2/+2
|
* Replace krb5_kdcip by krb5_server in LDAP providerSumit Bose2010-12-072-7/+10
|
* Add support for FAST in krb5 providerSumit Bose2010-12-075-13/+344
|
* Refactor krb5_child to make helpers more flexibleSumit Bose2010-12-071-20/+36
|
* Allow krb5 lifetime values without a unitSumit Bose2010-12-031-36/+65
|
* Add support for automatic Kerberos ticket renewalSumit Bose2010-12-037-1/+420
|
* krb5_child returns TGT lifetimeSumit Bose2010-12-033-0/+57
|
* Add krb5_lifetime optionSumit Bose2010-12-033-2/+38
|
* Add krb5_renewable_lifetime optionSumit Bose2010-12-033-2/+42
|
* Check authtok type for krb5 auth and chpassSumit Bose2010-12-031-0/+12
|
* Add a renew task to krb5_childSumit Bose2010-12-031-0/+87
|
* Send authtok_type to krb5_childSumit Bose2010-12-032-2/+6
|
* Allow protocol fallback for SRV queriesJakub Hrozek2010-12-011-1/+1
| | | | https://fedorahosted.org/sssd/ticket/691
* Call krb5_child to check access permissionsSumit Bose2010-11-041-4/+121
|
* Make handle_child_* request publicSumit Bose2010-11-043-325/+429
| | | | | | I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit.
* Add krb5_kuserok() access check to krb5_childSumit Bose2010-11-041-17/+73
|
* Make krb5_setup() publicSumit Bose2010-11-043-6/+8
|
* Add krb5_get_simple_upn()Sumit Bose2010-11-043-6/+30
|
* Add infrastructure for Kerberos access providerSumit Bose2010-11-044-26/+184
|
* Store krb5 auth context for other targetsSumit Bose2010-11-041-1/+2
|
* Fix two return value checksSumit Bose2010-11-011-2/+2
|
* Fix incorrect free of req in krb5_auth.cStephen Gallagher2010-11-011-1/+1
|
* Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.Jan Zeleny2010-10-193-2/+48
| | | | | | | | For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
* Initialize kerberos service for GSSAPIJakub Hrozek2010-10-132-1/+7
|
* Suppress some 'may be used uninitialized' warningsSumit Bose2010-09-281-6/+12
| | | | | Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
* Use new MIT krb5 API for better password expiration warningsSumit Bose2010-09-231-0/+51
|
* Dead assignments cleanup in providers codeJan Zeleny2010-09-081-1/+0
| | | | | | | Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586
* Fixed potential comparison of undefined variableJan Zeleny2010-09-021-0/+1
| | | | | | If the allocation on line 678 failed, the value of ret was undefined in following comparison. ENOMEM is now assigned before the comparison. Ticket: #578
* Add dns_discovery_domain optionJakub Hrozek2010-06-301-1/+1
| | | | | | | | | | | | The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
* Standardize on correct spelling of "principal" for krb5Stephen Gallagher2010-06-162-4/+4
| | | | https://fedorahosted.org/sssd/ticket/542
* Remove krb5_changepw_principal optionJakub Hrozek2010-06-144-42/+22
| | | | Fixes: #531
* Properly handle read() and write() throughout the SSSDStephen Gallagher2010-06-101-7/+18
| | | | | | | We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
* Add a missing initializerSumit Bose2010-06-091-1/+1
|
* Initialize pam_data in Kerberos child.Sumit Bose2010-06-061-1/+1
|
* Refactor krb5 SIGTERM handler installationSumit Bose2010-05-273-14/+39
|
* Add callback to remove krb5 info files when going offlineSumit Bose2010-05-274-40/+156
|
* Refactor krb5_finalize()Sumit Bose2010-05-271-12/+27
|
* Revert "Create kdcinfo and kpasswdinfo file at startup"Sumit Bose2010-05-272-41/+1
| | | | This reverts commit f3c31d11bf365eb6a79c4f698667915a4c81eeb7.
* Fix handling of ccache file when going offlineSumit Bose2010-05-262-32/+76
| | | | | | | The ccache file was removed too early if system is offline but the backend was not already marked offline. Now we remove the ccache file only if the successfully got a new one and it is not the same as the old one.
* Add support for delayed kinit if offlineSumit Bose2010-05-266-27/+425
| | | | | | | If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
* Handle Krb5 password expiration warningSumit Bose2010-05-262-174/+195
|
* Try all servers during Kerberos authJakub Hrozek2010-05-261-23/+104
| | | | | The Kerberos backend would previously try only the first server and if it was unreachable, it immediatelly went offline.
* Properly set up SIGCHLD handlersStephen Gallagher2010-05-162-1/+6
| | | | | | Instead of having all-purpose SIGCHLD handlers that try to catch every occurrence, we instead create a per-PID handler. This will allow us to specify callbacks to occur when certain children exit.
* New version of IPA auth and password migrationSumit Bose2010-05-161-2/+2
| | | | | | | | | The current version modified some global structures to be able to use Kerberos and LDAP authentication during the IPA password migration. This new version only uses tevent requests. Additionally the ipaMigrationEnabled attribute is read from the IPA server to see if password migration is allowed or not.
generated by cgit (git 2.34.1) at 2024-05-01 10:44:54 +0000