Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
(This used to be commit 9ec76c542775ae58ff03f42ebfa1acc1a63a1bb1)
|
|
Jeremy.
(This used to be commit d432d81c8321a4444b970169a5c7c3c5709de8e5)
|
|
directly after another.
Guenther
(This used to be commit 76ba11d7770bac7c6db2eb1640139bbe270d82c3)
|
|
so apps will know which one to look for,
(This used to be commit d4a5dc3ad5f56a5f741424ecc4fffa0ef39bdc67)
|
|
Major points of interest:
* Figure the DES salt based on the domain functional level
and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
keys
* Remove all the case permutations in the keytab entry
generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
in AD
The resulting keytab looks like:
ktutil: list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value. The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.
Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
(This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4)
|
|
smb_krb5_parse_name_norealm_conv that pull/push from unix charset
to utf8 (which krb5 uses on the wire). This should fix issues when
the unix charset is not compatible with or set to utf8.
Jeremy.
(This used to be commit 37ab42afbc9a79cf5b04ce6a1bf4060e9c961199)
|
|
permutations to the kerberos keytab.
Jeremy.
(This used to be commit c687e73f242967cd3a78db66c1dd23349766ebb8)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
Jeremy.
(This used to be commit 82651c1b1704d90ca52be1463ee871801c607d3b)
|
|
Jeremy.
(This used to be commit b356a8fdc5a1ac45f2f7f56a0836e794bdecddc6)
|
|
memcpy's into fqdn names. I think the original intent was to create
MYNAME.fqdn.tail.part.
Will need testing to see I haven't broken keytab support.
Jeremy.
(This used to be commit 82acf83040654eb8b7e261518a3e5eb9caea7750)
|
|
Dahyabhai <nalin@redhat.com>
(bugid #1717).
Jeremy.
(This used to be commit 30b8807cf6d5c3c5b9947a7e841d69f0b22eb019)
|
|
is not invalid.
Jeremy.
(This used to be commit 4bdf914cba2a63d186138d1341a7260ad79da1f5)
|
|
struct not a pointer).
Jeremy.
(This used to be commit 940f893d485a01e73afe714a70d724c2d41c7ad4)
|
|
it compiles with Heimdal.
Jeremy.
(This used to be commit dd07278b892770ac51750b87a4ab902d4de3a960)
|
|
Can't fix the krb5 memory leaks inside that library :-(.
Jeremy.
(This used to be commit ad440213aaae58fb5bff6e8a6fcf811c5ba83669)
|
|
<dperry@pppl.gov>,
fixed valgrind detected mem corruption in libads/kerberos_keytab.c.
Jeremy.
(This used to be commit 286f4c809cb1532b3f8ae7ddf92349c68cc8ce31)
|
|
haven't broken krb5 ticket verification in the mainline code path,
also need to check with valgrind. Everything now compiles (MIT, need
to also check Heimdal) and the "net keytab" utility code will follow.
Jeremy.
(This used to be commit f0f2e28958cb9abfed216c71f291f19ea346d630)
|
|
krb5_free_keytab_entry_contents
Jeremy.
(This used to be commit be8a2dc00dd876c4b596600ae72d4ac05f9ebe64)
|
|
Jeremy.
(This used to be commit af5a08f5ad895cb33c9134771da19ba5e709e742)
|
|
if compiles yet,
but will soon :-).
Jeremy.
(This used to be commit 0d982956f6ba2f284ffa4313a9e7581a79dbf397)
|
|
Jeremy.
(This used to be commit 57c037c6c92d28b70e36859a639c53979126ff01)
|
|
Jeremy.
(This used to be commit 786a440c189556d5c122b2c9ddca9fdf6bd65d1d)
|
|
Work in progress !
It seems the krb5 interfaces are so horrible it's impossible to write good error checking
code :-(.
Jeremy.
(This used to be commit 03f8c8bc07c9d8a378a34c271dcc088d17adb342)
|
|
Jeremy.
(This used to be commit 858e849af697bba67ebaa970257d93b6cff7d9e0)
|