Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
build with krb5
|
|
kerberos_get_principal_from_service_hostname()
This is now used in the GSE GSSAPI client, so that when we connect to
a target server at the CIFS level, we use the same name to connect
at the DCE/RPC level.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Dec 20 13:13:17 CET 2011 on sn-devel-104
|
|
Some Kerberos libraries don't do proper failover. This fixes the situation
where a KDC exists in DNS but is not reachable for some reason.
Ported to master by Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Oct 17 11:25:37 CEST 2011 on sn-devel-104
|
|
No code change except for an early "return talloc_asprintf(..)" making an else
branch obsolete.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Sep 26 18:24:25 CEST 2011 on sn-devel-104
|
|
No code change except for an early "return talloc_asprintf(..)" making an else
branch obsolete.
|
|
No code change except for an early "return talloc_asprintf(..)" making an else
branch obsolete.
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Sep 18 23:31:28 CEST 2011 on sn-devel-104
|
|
|
|
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.
Andrew Bartlett
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_ARRAY isn't standard talloc.
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jun 2 02:51:06 CEST 2011 on sn-devel-104
|
|
|
|
Guenther
|
|
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
|
|
Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill
in just the kdc_name if we have it and let the krb5 lib figure out the
appropriate ipv6 address
ipv6 gurus, please check.
Guenther
|
|
Guenther
|
|
Passing NULL as dest_realm for cli_session_setup_spnego() was
always using our own realm (as for a NetBIOS name). Change this
to look for the mapped realm using krb5_get_host_realm() if
the destination machine name is a DNS name (contains a '.').
Could get fancier with DNS name detection (length, etc.) but
this will do for now.
Jeremy.
|
|
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.
Guenther
|
|
Guenther
|
|
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.
The alternative would have been something like a "krb5 conf include", but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.
Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
|
|
the system one is broken.
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
Guenther
|
|
instead of manually doing an asprintf with lp_lockdir()
Michael
squash
|
|
Michael
|
|
Also eliminates name conflicts with OneFS system libraries
|
|
otherwise (to clarify we can also pass in structs smaller than
sockaddr_storage, such as sockaddr_in).
|
|
Guenther
(This used to be commit 18a26f08b6fab4119a1421a7ca59c32dde8bb8cb)
|
|
Guenther
(This used to be commit b5aaf5aa0f280f69e05b613271c96473a79b812e)
|
|
Jeremy.
(This used to be commit 201bcc8ed291b51be6f4508c6aa1cb17ce6dcbe3)
|
|
(This used to be commit 30956c784f58870ad552a3869d80f99872c31375)
|
|
(This used to be commit 3fc85d22590550f0539215d020e4411bf5b14363)
|
|
Correctly return if we can't create the temporary krb5.conf
Jeremy, please check!
(This used to be commit c2401811aa3d02a9e27969687b9ea035407000c3)
|
|
warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result
(This used to be commit ad37b7b0aee265a3e4d8b7552610f4b9a105434d)
|
|
This fixes the failure observed on FC8 when joining a Windows 2008 RC1
domain. We currently do not handle user session keys correctly
when the KDC uses AES in the ticket replies.
(This used to be commit 8039a2518caae54bc876368c73ec493f3cd4eb73)
|
|
Jeremy.
(This used to be commit 79b7972de4c2a8c71e37642ddf7e5bbed53dd58a)
|
|
for a name '[<ipv6 addr>'.
Jeremy.
(This used to be commit f2aa921505e49f894bfed4e5e2f9fc01918b1bb0)
|
|
Guenther
(This used to be commit 44d67e84625a2a1a93baecef0e418b48e982443b)
|
|
correct way is to copy only 'length' bytes.
Simo.
(This used to be commit 814c1b0e0034fb67c7718760dfcf913904f3e7fa)
|
|
Jeremy.
(This used to be commit 44918f39c0598eec681eb9e5c65452f04809c375)
|