freeipa.git/daemons/ipa-kdb, branch my-master FreeIPA patches Add Delegation Info to MS-PAC 2013-05-23T16:55:27+00:00 Simo Sorce simo@redhat.com 2013-02-05T22:50:55+00:00 c931c97558352a4bc35e4bac5de1f63a71ce73dd 






NO-PUSH: TODO and 2.0->3.0 upgrade notes
2013-05-23T16:55:27+00:00

Simo Sorce
ssorce@redhat.com

2011-06-08T22:36:34+00:00

915a49093b9578e96fe5ae30d0f7f9cd1b869db4












ipa-kdb: Add OTP support
2013-05-17T07:30:51+00:00

Nathaniel McCallum
npmccallum@redhat.com

2013-04-11T17:50:42+00:00

5d51ae50a59466fa2d6d230d7f2879de34210f0c

If OTP is enabled for a user, then:
  1. Long-term keys are not provided to KDB
  2. The user string 'otp' is defined to KDB

Since it is not secure to send radius configuration information
over krb5 user strings, we simply set the string to a known default
('[]') which enables the default configuration in the KDC.

https://fedorahosted.org/freeipa/ticket/3561
http://freeipa.org/page/V3/OTP





If OTP is enabled for a user, then:
  1. Long-term keys are not provided to KDB
  2. The user string 'otp' is defined to KDB

Since it is not secure to send radius configuration information
over krb5 user strings, we simply set the string to a known default
('[]') which enables the default configuration in the KDC.

https://fedorahosted.org/freeipa/ticket/3561
http://freeipa.org/page/V3/OTP







Remove build warnings
2013-03-29T07:59:36+00:00

Martin Kosek
mkosek@redhat.com

2013-03-12T14:28:58+00:00

13b1028ac832c29656c6711834f05f7b34c75cfa

Fix rpm build warnings report in Fedora 19 build.

https://fedorahosted.org/freeipa/ticket/3500





Fix rpm build warnings report in Fedora 19 build.

https://fedorahosted.org/freeipa/ticket/3500







Add unit test for get_authz_data_types()
2013-03-08T09:46:00+00:00

Sumit Bose
sbose@redhat.com

2013-02-19T11:16:37+00:00

efd4d80827a24794245327ce8b74b47e735f5b16

https://fedorahosted.org/freeipa/ticket/2960





https://fedorahosted.org/freeipa/ticket/2960







ipa-kdb: add PAC only if requested
2013-03-08T09:46:00+00:00

Sumit Bose
sbose@redhat.com

2013-02-12T13:02:27+00:00

4e3468211e37f71ca9d434512b68a4caddb2b314

Instead of always adding a PAC to the Kerberos ticket the global default
for the authorization data and the authorization data of the service
entry is evaluated and the PAC is added accordingly.

https://fedorahosted.org/freeipa/ticket/2960





Instead of always adding a PAC to the Kerberos ticket the global default
for the authorization data and the authorization data of the service
entry is evaluated and the PAC is added accordingly.

https://fedorahosted.org/freeipa/ticket/2960







ipa-kdb: Read ipaKrbAuthzData with other principal data
2013-03-08T09:46:00+00:00

Sumit Bose
sbose@redhat.com

2013-02-12T08:44:32+00:00

3eb64f0a5c1968c97af5bfb4718c36b9f824ea8f

The ipaKrbAuthzData LDAP attribute is read together with the other data
of the requestedprincipal and the read value(s) are stored in the e-data
of the entry for later use.

https://fedorahosted.org/freeipa/ticket/2960





The ipaKrbAuthzData LDAP attribute is read together with the other data
of the requestedprincipal and the read value(s) are stored in the e-data
of the entry for later use.

https://fedorahosted.org/freeipa/ticket/2960







ipa-kdb: Read global defaul ipaKrbAuthzData
2013-03-08T09:46:00+00:00

Sumit Bose
sbose@redhat.com

2013-02-12T10:01:11+00:00

d5216d5428dc9653c382656bd5187f1e49b3fe02

The ipaKrbAuthzData LDAP attribute is read from the ipaConfig object
and the read value(s) are stored in the ipadb context.

https://fedorahosted.org/freeipa/ticket/2960





The ipaKrbAuthzData LDAP attribute is read from the ipaConfig object
and the read value(s) are stored in the ipadb context.

https://fedorahosted.org/freeipa/ticket/2960







Revert "MS-PAC: Special case NFS services"
2013-03-08T09:46:00+00:00

Sumit Bose
sbose@redhat.com

2013-02-12T08:59:00+00:00

15cc21cce9d4bf7e44e1fb772afa5bb731a84227

This reverts commit 5269458f552380759c86018cd1f30b64761be92e.

With the implementation of https://fedorahosted.org/freeipa/ticket/2960
a special hardcoded handling of NFS service tickets is not needed
anymore.





This reverts commit 5269458f552380759c86018cd1f30b64761be92e.

With the implementation of https://fedorahosted.org/freeipa/ticket/2960
a special hardcoded handling of NFS service tickets is not needed
anymore.







ipa-kdb: Dereference after null check in ipa_kdb_mspac.c
2013-02-28T11:31:02+00:00

Sumit Bose
sbose@redhat.com

2013-02-22T12:30:30+00:00

29ddcf3bcb0596fd60cbc090d3f70a2f20d70c72

A wrong logic was used to check ipactx.

Fixes https://fedorahosted.org/freeipa/ticket/3424





A wrong logic was used to check ipactx.

Fixes https://fedorahosted.org/freeipa/ticket/3424