summaryrefslogtreecommitdiff
path: root/source3/include/smb_krb5.h
AgeCommit message (Collapse)AuthorFilesLines
2012-04-12auth-krb: Move pac related util functions in a single place.Simo Sorce1-0/+1
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-02-17auth/kerberos: Move gse_get_session_key() to common code and use in ↵Andrew Bartlett1-12/+0
gensec_gssapi Thie ensures that both code bases use the same logic to determine the use of NEW_SPNEGO. Andrew Bartlett
2011-06-10source3/include/smb_krb5.h: fix licence/copyrightGünther Deschner1-0/+22
Guenther
2011-04-27libcli/auth Move Samba4's gssapi_error_string from GENSEC to libcli/authAndrew Bartlett1-8/+0
This will allow the GSSAPI PAC fetch code to use it. Andrew Bartlett
2011-04-15s3-krb5 Move #ifdef HAVE_KRB5 above #include of libcli/auth/krb5_wrap.hAndrew Bartlett1-1/+2
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Apr 15 01:22:51 CEST 2011 on sn-devel-104
2011-04-14libcli/auth Move krb5 wrapper functions from s3 into commonAndrew Bartlett1-7/+1
This requires a small rework of the build system to ensure that the correct #define statements are made in both the s3 and top level builds. We now define the various HAVE_ macros in config.h at all times, using heimdal_build/wscript_configure when that is in use. Andrew Bartlett
2011-03-16s3-includes: avoid global include of gssapi headers.Günther Deschner1-0/+12
Guenther
2010-12-08libcli/auth bring ADS_IGNORE_PRINCIPAL in commonAndrew Bartlett1-2/+0
2010-08-13s3-krb5 Only build ADS support if arcfour-hmac-md5 is availableAndrew Bartlett1-1/+1
Modern Kerberos implementations have either defines or enums for these key types, which makes doing #ifdef difficult. This shows up in files such as libnet_samsync_keytab.c, the bulk of which is not compiled on current Fedora 12, for example. The downside is that this makes Samba unconditionally depend on the arcfour-hmac-md5 encryption type at build time. We will no longer support libraries that only support the DES based encryption types. However, the single-DES types that are supported in common with AD are already painfully weak - so much so that they are disabled by default in modern Kerberos libraries. If not found, ADS support will not be compiled in. This means that our 'net ads join' will no longer set the ACB_USE_DES_KEY_ONLY flag, and we will always try to use arcfour-hmac-md5. A future improvement would be to remove the use of the DES encryption types totally, but this would require that any ACB_USE_DES_KEY_ONLY flag be removed from existing joins. Andrew Bartlett Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-0/+2
Guenther
2009-11-27s3-kerberos: only use krb5 headers where required.Günther Deschner1-0/+72
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther