freeipa.git/util, branch patternfly Unnamed repository; edit this file 'description' to name the repository. Add support to ipa-kdb for keyless principals 2014-02-19T09:15:36+00:00 Nathaniel McCallum nathaniel@themccallums.org 2013-11-12T15:52:51+00:00 b769d1c18678b5eede7505dec7938f6836070044 https://fedorahosted.org/freeipa/ticket/3779 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
https://fedorahosted.org/freeipa/ticket/3779

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
BUILD: Fix portability of NSS in file ipa_pwd.c 2014-01-28T15:35:34+00:00 Lukas Slebodnik lslebodn@redhat.com 2014-01-28T15:35:34+00:00 a4faa2f444f42644e6565675999d0db360716db0 Tested-by: Timo Aaltonen <tjaalton@ubuntu.com> 
Tested-by: Timo Aaltonen <tjaalton@ubuntu.com>
Remove generation and handling of LM hashes 2013-11-01T08:28:35+00:00 Sumit Bose sbose@redhat.com 2013-10-29T11:19:01+00:00 d876a22732d83ddf8e37ead89e6f23bf7aa0d69c https://fedorahosted.org/freeipa/ticket/3795 
https://fedorahosted.org/freeipa/ticket/3795
ipa-kdb: read SID blacklist from LDAP 2013-02-12T09:37:47+00:00 Martin Kosek mkosek@redhat.com 2013-02-07T13:52:35+00:00 827ea50566dbb2a0906da76d318a2ba68a4b818e SIDs in incoming MS-PAC were checked and filtered with a fixed list of well-known SIDs. Allow reading the SID blacklist from LDAP (ipaNTSIDBlacklistIncoming and ipaNTSIDBlacklistOutgoing) and add the list to mspac adtrust structure. Use the hardcoded SID list only if the LDAP SID list is not configured. LIMITATION: SID blacklist list is not used yet. https://fedorahosted.org/freeipa/ticket/3289 
SIDs in incoming MS-PAC were checked and filtered with a fixed list of
well-known SIDs. Allow reading the SID blacklist from LDAP
(ipaNTSIDBlacklistIncoming and ipaNTSIDBlacklistOutgoing) and add the list
to mspac adtrust structure. Use the hardcoded SID list only if the LDAP
SID list is not configured.

LIMITATION: SID blacklist list is not used yet.

https://fedorahosted.org/freeipa/ticket/3289
Prevent integer overflow when setting krbPasswordExpiration 2013-02-08T14:54:21+00:00 Tomas Babej tbabej@redhat.com 2013-01-14T15:19:44+00:00 0e8a329048629f639ae64ff32e01e12a495e7763 Since in Kerberos V5 are used 32-bit unix timestamps, setting maxlife in pwpolicy to values such as 9999 days would cause integer overflow in krbPasswordExpiration attribute. This would result into unpredictable behaviour such as users not being able to log in after password expiration if password policy was changed (#3114) or new users not being able to log in at all (#3312). The timestamp value is truncated to Jan 1, 2038 in ipa-kdc driver. https://fedorahosted.org/freeipa/ticket/3312 https://fedorahosted.org/freeipa/ticket/3114 
Since in Kerberos V5 are used 32-bit unix timestamps, setting
maxlife in pwpolicy to values such as 9999 days would cause
integer overflow in krbPasswordExpiration attribute.

This would result into unpredictable behaviour such as users
not being able to log in after password expiration if password
policy was changed (#3114) or new users not being able to log
in at all (#3312).

The timestamp value is truncated to Jan 1, 2038 in ipa-kdc driver.

https://fedorahosted.org/freeipa/ticket/3312
https://fedorahosted.org/freeipa/ticket/3114
Make encode_ntlm_keys() public 2012-09-06T07:24:58+00:00 Sumit Bose sbose@redhat.com 2012-08-24T12:46:05+00:00 973aad9db3a2a5e4cdd9d0c300e9ae1a826c1b41 






Move code into common krb5 utils
2012-07-30T14:31:47+00:00

Simo Sorce
ssorce@redhat.com

2012-07-06T15:15:15+00:00

505bc85ec31ad8cfa66be0dc99d19599cd1a9497

This moves the decoding function that reads the keys from the ber format
into a structure in the common krb5 util code right below the function
that encodes the same data structure into a ber format.
This way the 2 functions are in the same place and can be both used by
all ia components.





This moves the decoding function that reads the keys from the ber format
into a structure in the common krb5 util code right below the function
that encodes the same data structure into a ber format.
This way the 2 functions are in the same place and can be both used by
all ia components.







Move some krb5 keys related functions from ipa-client to util
2012-06-11T10:04:05+00:00

Sumit Bose
sbose@redhat.com

2012-03-13T09:29:00+00:00

ee936431c88a7b089c9c2780d63b393813d114e5












Dereference pointer when comparing password history in qsort compare.
2012-04-10T16:33:04+00:00

Rob Crittenden
rcritten@redhat.com

2012-04-10T03:42:41+00:00

35f44a1aebe0350884113c0ce57c2aeb736c714b

The man page for qsort(3) says that the comparison function is called
with pointers to pointers to char but memcmp(3) wants a pointer to void
so we need to cast and dereference.

Without this the qsort() call wasn't properly sorting the elements so
a random password was being removed rather than the oldest when the
list overflowed.

https://fedorahosted.org/freeipa/ticket/2613





The man page for qsort(3) says that the comparison function is called
with pointers to pointers to char but memcmp(3) wants a pointer to void
so we need to cast and dereference.

Without this the qsort() call wasn't properly sorting the elements so
a random password was being removed rather than the oldest when the
list overflowed.

https://fedorahosted.org/freeipa/ticket/2613







ipa-kdb: add AS auditing support
2012-02-14T23:03:45+00:00

Simo Sorce
ssorce@redhat.com

2012-02-13T17:15:07+00:00

651f9324735d0680c6a56246616932459e15b99d

Fixes: https://fedorahosted.org/freeipa/ticket/2334





Fixes: https://fedorahosted.org/freeipa/ticket/2334