Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
(This used to be commit 873eaff8febb50f00f9dac64c57b2a22c16f4f9b)
|
|
they're not used yet...
metze
(This used to be commit a3b97cdce719d9d5e82f26096c0e8c3a86ff3965)
|
|
substructure.
metze
(This used to be commit 00909194a6c1ed193dfdb296f50f58a53450583c)
|
|
metze
(This used to be commit ba70737b7043cae89dd90f8668a24881212ac6fb)
|
|
Guenther
(This used to be commit 0a96a11f01dd8c0d29fff1d97c3d666c32b33b59)
|
|
Guenther
(This used to be commit 684fcf39dcc08bcf571272549222fdeb11d2725f)
|
|
Guenther
(This used to be commit efd817ae118da51058106ae97854572547e113d3)
|
|
extended rights GUID from ad while dumping the security descriptors's aces.
This would perform much better with a guid cache, but for the rare cases where
it is used
net ads search cn=mymachine ntSecurityDescriptor -U user%pass
it should be ok for now.
Guenther
(This used to be commit b36913433eb74203b29f2b7d412a86e60591ea22)
|
|
Guenther
(This used to be commit 1d5b08326fa72bd3423b377a4e6243466e778622)
|
|
Guenther
(This used to be commit ad0a6d5703c35d48ab5bbfa8d6506d42e0cfb61d)
|
|
Guenther
(This used to be commit 4d62f1191b52569fcdbe674773b07a44aa469520)
|
|
Guenther
(This used to be commit a4d5206d0bcbee713790834f119b182e0b419e8c)
|
|
callback in
libads.
Guenther
(This used to be commit 311bbbafa6d860b7b632beac6d9249b0a2fafb86)
|
|
Guenther
(This used to be commit 3effd1c3461301f9ccf7c55386810c36f4ee3ccc)
|
|
Guenther
(This used to be commit a84fd8300661fd895ed7a8a104b743628718dfc8)
|
|
for the
extended apply group policy right.
Guenther
(This used to be commit d832014a6fef657f484412372b5d09047552b183)
|
|
Guenther
(This used to be commit 3925e85812b2aded356866925382b1beb718cd44)
|
|
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
Guenther
(This used to be commit 6fafa64bea4ce6a7a5917fa02ed9c564a7c93ffb)
|
|
Guenther
(This used to be commit a3441c22b342e2802bd9766b7046073db3895a29)
|
|
Guenther
(This used to be commit accb40446ad3f872c5167fc2306d892553293b7b)
|
|
Guenther
(This used to be commit b9d7a2962a472afb0c6b8e3ac5c2c819d4af2b39)
|
|
Guenther
(This used to be commit 19020d19dca7f34be92c8c2ec49ae7dbde60f8c1)
|
|
net ads keytab list /path/to/krb5.keytab
Guenther
(This used to be commit a2befee3f240543ea02ea99cebad886b54ae64eb)
|
|
Guenther
(This used to be commit d22c0d291e1b4a1412164d257310bbbb99de6500)
|
|
of default
keytabnames (like "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab"). This also
fixes keytab support with Heimdal (which supports the WRFILE pragma as well
now).
Guenther
(This used to be commit 7ca002f4cc9ec4139c0c48952ebf05f89b5795ef)
|
|
Guenther
(This used to be commit 11b390309b9677805e5b68f3a1b780658ae85137)
|
|
Jeremy.
(This used to be commit 03763bc5287fef5f100c911041668e23d4305f8d)
|
|
context flags.
(This used to be commit 903145e957cd05b219fdf7d5fc1e35430938a24e)
|
|
when verifying a ticket from winbindd_pam.c.
I've found during multiple, fast, automated SSH logins (such
as from a cron script) that the replay cache in MIT's krb5
lib will occasionally fail the krb5_rd_req() as a replay attack.
There seems to be a small window during which the MIT krb5
libs could reproduce identical time stamps for ctime and cusec
in the authenticator since Unix systems only give back
milli-seconds rather than the micro-seconds needed by the
authenticator. Checked against MIT 1.5.1. Have not
researched how Heimdal does it.
My thinking is that if someone can spoof the KDC and TDS
services we are pretty hopeless anyways.
(This used to be commit cbd33da9f78373e29729325bbab1ae9040712b11)
|
|
(This used to be commit 22a3ea40ac69fa3722abf28db845ab284a65ad97)
|
|
data to krb5_prompter.
Jeremy.
(This used to be commit 232fc5d69d44404df13f6516864352f9a5721552)
|
|
we were calling PRS_ALLOC_MEM with zero count.
Jeremy.
(This used to be commit 9a10736e6fa276ca4b0726fbb7baf0daafbdc46d)
|
|
This fixes the build on solaris (host sun9).
And hopefully doesn't break any other builds... :-)
If it does, we need some configure magic.
Thanks to Björn Jacke <bj@sernet.de>.
(This used to be commit a43775ab36aa3d36108e1b5860bbee6c47e9b1b4)
|
|
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
|
|
tokenGroup attribute.
Guenther
(This used to be commit e4e8f840605dfdf92ca60cc8fc6a4c85336565fb)
|
|
Guenther
(This used to be commit 6e911c442bf9b076f43f99576f9b588df2c39233)
|
|
ALLOWED OBJECT
ACEs).
Guenther
(This used to be commit e138cbc876e50ae25cb15c5109a42bc8b800c1ba)
|
|
search with
the SD_FLAGS control.
Guenther
(This used to be commit 648df57e53ddabe74052e816b8eba95180736208)
|
|
When asked to create a machine account in an OU as part
of "net ads join" and the account already exists in another
OU, simply move the machine object to the requested OU.
(This used to be commit 3004cc6e593e6659a618de66f659f579e71c07f7)
|
|
Helps when transitioning from offline to online mode.
Note that this is a quick hack and a better solution
would be to start the DNS server's state between processes
(similar to the namecache entries).
(This used to be commit 4f05c6fe26f4abd7ca71eac339fee2ef5e254369)
|
|
(This used to be commit 2ab617fbbffbd6bf98ee02150f62b87a2610531f)
|
|
winbindd's kerberized pam_auth use that.
Guenther
(This used to be commit 0f436eab5b2e5891c341c27cb22db52a72bf1af7)
|
|
NTSTATUS
codes directly out of the krb5_error edata.
Guenther
(This used to be commit dcd902f24a59288bbb7400d59c0afc0c8303ed69)
|
|
Guenther
(This used to be commit 997ded4e3f0dc2199b9a66a9485c919c16fbabc6)
|
|
That should be it....
Jeremy.
(This used to be commit 603233a98bbf65467c8b4f04719d771c70b3b4c9)
|
|
Jeremy.
(This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
|
|
Guenther
(This used to be commit 9ec76c542775ae58ff03f42ebfa1acc1a63a1bb1)
|