Age | Commit message (Collapse) | Author | Files | Lines |
|
other PAM modules to pick it up from there.
Guenther
(This used to be commit b3ac5a586ba37b1122b0dc941dfee648fc4fa6d5)
|
|
Guenther
(This used to be commit 62a8e0b08919e71c6a575ce6d89d8a4a09acbd87)
|
|
Patch from Dietrich Streifert <dietrich.streifert@visionet.de>
(This used to be commit 8d6218825827a54ca69e462c00a3dc9e25ef3ddf)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
Thanks to Bjoern Jacke for the report and test-case.
Guenther
(This used to be commit f2ebc0e3de396f44f49dabbfe42cb3ad1c1a7ec1)
|
|
pam_winbind.
Guenther
(This used to be commit 29758ea1c4e1b9b57d27765d539306058299fcd1)
|
|
pam_winbind.
Guenther
(This used to be commit bf077fb2268b79faffd1fdda04847c37ffead32d)
|
|
non-critical and fallback to only parse the argv options in that case.
Guenther
(This used to be commit 9dac3ab328e9c7ba374e0efc3fe16d940ecc9d3b)
|
|
(This used to be commit 7188ec6bd81715c4df17528bca2b2e658173043f)
|
|
Guenther
(This used to be commit 34b29c30b2f4b5a3c40a65ca8338c87a4c16f3ff)
|
|
Guenther
(This used to be commit 1856dc0f52b2a2ba2e59f1a7a77ccd32c27928c0)
|
|
Guenther
(This used to be commit cc800ced60e5e6bbd923a3a0b7d58650c6e14121)
|
|
too early.
Guenther
(This used to be commit 7f64a66d25f2a4aa48c2639da8e783c1759c5dd4)
|
|
/etc/security/pam_winbind.conf as config file for the PAM module by
default.
Guenther
(This used to be commit 41b79ee80c7b0f4836ded51d42c7dc91cba75ccd)
|
|
PAM_SUCCESS. Günther, could you take a look?
Thanks,
Volker
(This used to be commit fc6effcd9c2bb2d15b7e8fba85cc3193d2d7ce1f)
|
|
internals, mostly with the code that was in pam_winbind before.
Also switch from using loadparm to use iniParser to read the new
pam_winbind options from a configuration file. That still uses the old
(parametric) option names which will be replaced next (as iniParser does
not support parametric options).
Guenther
(This used to be commit 6f668ce67318f17bba79cd98b5d169cd19eafcd4)
|
|
ensure that global memory is freed when unloading pam_winbind.so (needs more testing on non-linux platforms)
(This used to be commit 1e0b79e591d70352a96e0a0487d8f394dc7b36ba)
|
|
Guenther
(This used to be commit 87293802f3e0666c9a50eb3ca63bb1a7dccc50dc)
|
|
environment.
Guenther
(This used to be commit 1f1402e45db8d80a7c19208fae934e1b0f3da134)
|
|
policies when requested.
No panic, the flags is uint32 so we are not running out of WBFLAG bits.
Guenther
(This used to be commit 2155bb0535656f294bd054d6a0a7d16a9a71c31b)
|
|
WBFLAG_PAM_CONTACT_TRUSTDOM. This
can not work for NTLM auth, where we only have a workstation account for our
own domain. For the PAM Kerberos login we need to find a better way to do
this, probably using Dsr_GetDCName and some winbind-crafted krb5.conf.
Volker
(This used to be commit bf7c608147bcbbedd89b3dcd24a929ea3e601bc8)
|
|
Fix parse_domain_user to fail when splitting a full name like "DOM\user"
when "winbind use default domain" and "winbind trusted domains only" are
not enabled.
This allows pam_winbind to behave correctly when more modules are
stacked in the "account" or "password" PAM facility. pam_winbindd calls
WINBINDD_GETPWNAM which can decide whether or not a user is a winbind
user and return correct PAM error codes.
Guenther
(This used to be commit e6d52c1e9d8cec7be6d552c2a67a392df21c3ec9)
|
|
(got it wrong the first time as administrator has this flag set by
default).
Guenther
(This used to be commit e9ccebf45a5db8964793084950fbb2c23b2469a3)
|
|
password on logon. (this might be true for all domain admins as well).
Guenther
(This used to be commit 24c6b9fecb521380008cb44e6d987a6f495027dc)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
Correctly handle the case where users logon with an expired password.
In that case pam_sm_authenticate has to return PAM_SUCESS instead of
PAM_NEW_AUTHTOK_REQD or PAM_AUTHTOK_EXPIRED and pam_sm_acct_mgmt has to
take care of requesting an immediate password change. (see the Linux PAM
documentation).
Fixes Bugzilla #1524, #3205. Tested with login, sshd, kdm and gdm on
Linux.
Thanks to Scott Barker <Scott_Barker@mtechIT.com>.
Guenther
(This used to be commit 4cb662ffd76dbe30003c618c94ccf6ebd4afb48c)
|
|
<steuwer@univention.de>.
Jeremy.
(This used to be commit 6795c818a3d63737d5b40faffa3a0b91c71b427b)
|
|
This is just cosmetic but prevents people from thinking that the
pam_winbind "require_membership_of"-option is not yet implemented :)
Guenther
(This used to be commit ef80a49a858d7d81d427c7bac71fdac4fc0d1bd6)
|
|
(This used to be commit 9019a8436162d3606f6b8584701b0832cf5a7439)
|
|
Guenther
(This used to be commit 52dea588fd0b40a32c56b5634315b149fc088907)
|
|
Allow 'require_membership_of' and 'require-membership-of'.
Really use a different struct for the SID->Name lookup.
Andrew Bartlett
(This used to be commit 83dadcd089905aa8ff3392010177ffa1dc8237ba)
|
|
naming of the require_membership_of parameter in pam_winbind and fix
the error code for 'you didn't specify a domain' in ntlm_auth.
Andrew Bartlett
(This used to be commit 4bf0b94011fe6bfbec5635e58cafbfe3dc898569)
|
|
access typos.
Jeremy.
(This used to be commit a278dca1b2c103f368d154aee2d3a1edd5604687)
|
|
Guenther
(This used to be commit 74287178d208fd2f5b152314a3b797dcfea698a7)
|
|
(This used to be commit a0b80033c997d50562f66686e79a58fc9603217d)
|
|
ntlm_auth uses, to pam_winbindd as well.
This allows to make successfull authentication via PAM dependent on
SID-membership. At the moment, both ntlm_auth and pam_winbindd.so accept
user/group-names or sid-strings - as discussed, recursive membership
(e.g. local aliases) will be added later.
Guenther
(This used to be commit 7494569655f8d112a0c883a2748a1012bb64ad3a)
|
|
*sync up configure.in
*don't build torture tools in make all
*make sure to remove torture tools as part of make clean
(This used to be commit 0fb724b3216eeeb97e61ff12755ca3a31bcad6ef)
|
|
- vorlan's hosts allow with DNS names patch
- use x_fileno() in debug.c, not the struct directly.
- check for server timeout on password change (was reporting success)
- better error/status loggin in both the pam_winbind client and winbindd_pam
server code.
- (pdb_ldap) don't set the ldap version twice - we do it on every bind anyway.
(This used to be commit 9fa1863d8e7788eda83911ca2610754486b33069)
|
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
applied these to 2.2.
Andrew Bartlett
(This used to be commit 51fe3324dda6b1f9a9a45deda7a76b1fff35399a)
|
|
- pam_winbind updates from vance, fixing a typo and making some the options
work properly.
- Extra parinoia in the winbind connection loop
- Allow pam_winbind to compile on HP-UX (Don Mcall, more work to do).
- Fix up configure.in to use the same method for building the test .so
as the Makefile uses.
Andrew Bartlett
(This used to be commit 8e705dd9215b1cb3f44d6348094679d7dc6a7fbd)
|
|
(This used to be commit 54e69ed20adc74fdfe007a9642dcb3a55c02d856)
|
|
be replaced by DEBUG() calls?
(This used to be commit 33dd07d1fc6946e53d3bdaad025adfc20abfab77)
|
|
This adds code to do generic PAM -> NTSTATUS and NTSTATUS -> PAM error
conversions, and uses them to make the error handling in pam_winbind sane.
In particular, pam_winbind now uses PAM error codes, not silly '-1, -2 ...'
stuff, and logs the NTSTATUS error that winbind now sends over the pipe.
Added code to wbinfo to display these - makes a big difference in debugging
winbindd.
The main change here is the code to allow pam_winbind password changing to
correctly stack - This code ripped from pam_unix, and the copyright attached.
(Same as for all pam modules, including pam_winbind)
Andrew Bartlett
(This used to be commit dc1a72f896b83bc1ad3c7bf6c12c36ace3967280)
|
|
Part of Samuel Ziegler's patch to get winbind password changing working
again in HEAD.
(This used to be commit b5540bee7be957d1def62ee85a84488e0250624b)
|
|
defined. This is done with --enable-developer mode.
(This used to be commit caff5dc1d66953cb52f94cd6407778b23e1810eb)
|
|
(This used to be commit 1e7b1c71b9c409859bcf0aeb3d5785acc4aee027)
|
|
renamed ntdom to winbind
I think that using winbind in /etc/nsswitch.conf is better than ntdom
(This used to be commit 80f85b5359c26dc26f8f88b984f27cfa4ac34e61)
|