summaryrefslogtreecommitdiffstats
path: root/src/util/sss_krb5.c
Commit message (Collapse)AuthorAgeFilesLines
* KRB5: Auto-detect DIR cache support in configureStephen Gallagher2012-06-151-2/+10
| | | | | | We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
* Add support for storing credential caches in the DIR: back endJakub Hrozek2012-06-141-19/+2
| | | | https://fedorahosted.org/sssd/ticket/974
* Residual util functionsJakub Hrozek2012-06-141-0/+86
| | | | | | Kerberos credential caches can be specified by TYPE:RESIDUAL. This patch adds a couple of utilities to support parsing if ccache locations, checking types etc.
* KRB5: Avoid NULL-dereference with empty keytabStephen Gallagher2012-05-221-7/+13
| | | | https://fedorahosted.org/sssd/ticket/1330
* Limit krb5_get_init_creds_keytab() to etypes in keytabStef Walter2012-05-071-0/+137
| | | | | | | | | * Load the enctypes for the keys in the keytab and pass them to krb5_get_init_creds_keytab(). * This fixes the problem where the server offers a enctype that krb5 supports, but we don't have a key for in the keytab. https://bugzilla.redhat.com/show_bug.cgi?id=811375
* Remove erroneous failure message in find_principal_in_keytabStef Walter2012-05-071-1/+1
| | | | | * When it's actually a failure, then the callers will print a message. Fine tune this.
* Clean up log messages about keytab_nameStephen Gallagher2012-04-051-11/+19
| | | | | | | | | There were many places where we were printing (null) to the logs because a NULL keytab name tells libkrb5 to use its configured default instead of a particular path. This patch should clean up all uses of this to print "default" in the logs. https://fedorahosted.org/sssd/ticket/1288
* Fix off-by-one error in principal selectionJakub Hrozek2012-03-291-3/+3
| | | | https://fedorahosted.org/sssd/ticket/1269
* Always initialize the returned data in sss_krb5_princ_realm()Sumit Bose2012-03-261-0/+3
|
* Raise the debug level of two very noisy statementsStephen Gallagher2012-01-171-2/+3
|
* Add compatibility layer for Heimdal Kerberos implementationStephen Gallagher2011-12-221-12/+58
|
* Add wrapper for krb5_get_init_creds_opt_set_canonicalizeJan Zeleny2011-11-021-0/+10
|
* Fixed unitialized pointer in select_principal_from_keytabJan Zeleny2011-05-161-1/+1
| | | | https://fedorahosted.org/sssd/ticket/857
* Fixed unitialized return value in match_principalJan Zeleny2011-05-161-2/+1
| | | | https://fedorahosted.org/sssd/ticket/858
* Added some kerberos functions for building on RHEL5Jan Zeleny2011-05-051-5/+178
|
* Modify principal selection for keytab authenticationJan Zeleny2011-04-251-2/+172
| | | | | | | | | | | | | | | | Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
* Extend and move function for finding principal in keytabJan Zeleny2011-04-251-0/+155
| | | | | | | | The function now supports finding principal in keytab not only based on realm, but based on both realm and primary/instance parts. The function also supports * wildcard at the beginning or at the end of primary principal part. The function for finding principal has been moved to util/sss_krb5.c, so it can be used in other parts of the code.
* Fix unchecked return value in sss_krb5_verify_keytab_exStephen Gallagher2010-12-171-1/+8
| | | | https://fedorahosted.org/sssd/ticket/711
* Add support for FAST in krb5 providerSumit Bose2010-12-071-0/+48
|
* Add missing error codeSumit Bose2010-11-181-0/+1
|
* Use new MIT krb5 API for better password expiration warningsSumit Bose2010-09-231-1/+14
|
* Validate keytab at startupJakub Hrozek2010-08-031-0/+153
| | | | | | | | In addition to validating the keytab everytime a TGT is requested, we also validate the keytab on back end startup to give early warning that the keytab is not usable. Fixes: #556
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+196
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-17 18:43:40 +0000