Age | Commit message (Collapse) | Author | Files | Lines |
|
* fail on invalid credential flags in pam_sm_setcred
* parse config file for pam_sm_acct_mgmt and pam_sm_open_session
Guenther
(This used to be commit 2a428ac814d03880de63656ea97827126ccfec5c)
|
|
Guenther
(This used to be commit f6c9421abdf5731e894cd2ccc1b7431a3c368bbf)
|
|
Guenther
(This used to be commit 222320373f8a251fc2cf3ff8c3fec93a7a48f9df)
|
|
is set.
Guenther
(This used to be commit ecbab58826a51ace2a0d1181a41391f5d170ff06)
|
|
(e.g. to get the debug flag)
Guenther
(This used to be commit 2c549f71f15b066ac1f415544848b582558abd5d)
|
|
when offline and or doing password changes.
Jeremy.
(This used to be commit 4a74c553845c960a355ddb86abaadfe0d550271f)
|
|
pam_winbind. Thanks to Andrew Benham <andrew.benham@thus.net>
(This used to be commit 0d03f5137936546253a8b3334995f536f3621d57)
|
|
we're just doing strchr on a const string there's
no need to strdup it before, we're never modifying
it. Just remove the variable "parm".
Jeremy.
(This used to be commit 1af18f613b1399220e38e7ab40665c2ca177c5a7)
|
|
(This used to be commit 3fed72ac3efd1fa7df8fb7d1e2cb9772d66bb4bd)
|
|
field.
Guenther
(This used to be commit 66b92f27fa4edec180b8c8eee929ec8f31ef6a08)
|
|
Guenther
(This used to be commit a4d17ee9c960abdf21b9af1601bd1042e0cd7636)
|
|
Guenther
(This used to be commit 9621bb420a13e634badcc922c73c8bfb30aa6120)
|
|
it in.
(This used to be commit 4e464a2c35984752244f30ce9bb259eb16149e3f)
|
|
Guenther
(This used to be commit 143a48927b0e21d31a9f54cfc720b5d04a4b6751)
|
|
(This used to be commit 8c60e71229cd577f3b17345c5824363dd202eba9)
|
|
Jeremy.
(This used to be commit 7644fa70ba4f7c88d887930e23b5ee2e1632473b)
|
|
* as openlog() is non-reentrant and pam_winbind thereby overrides the
syslog settings of the calling application, directly call syslog (or
pam_vsyslog if available)
* support the PAM_SILENT flag to avoid any log messages beeing created
Guenther
(This used to be commit 0f7e37ffc4759a4e29f63ab83f39ddb31c8240f6)
|
|
pam offline logons.
Guenther
(This used to be commit 95788cb291b89b431972e29e148b412992cc32a5)
|
|
name that will be returned by winbindd. This
(should) fix the bug where the user logs in
with DOMAIN\user but winbindd returns only
"user" for the username due to 'winbind use
default domain' being set.
Jeremy.
(This used to be commit 1b2aa17354d50740902010f4a1e0217c8b1f7bdd)
|
|
AD DC
* Merge patches from SLES10 to make sure we talk to the correct
winbindd process when performing pam_auth (and pull the password policy info).
(This used to be commit 43bd8c00abb38eb23a1497a255d194fb1bbffffb)
|
|
(This used to be commit f6194cf4b263454bbdf180a7d014ffc3498df497)
|
|
other PAM modules to pick it up from there.
Guenther
(This used to be commit b3ac5a586ba37b1122b0dc941dfee648fc4fa6d5)
|
|
Guenther
(This used to be commit 62a8e0b08919e71c6a575ce6d89d8a4a09acbd87)
|
|
Patch from Dietrich Streifert <dietrich.streifert@visionet.de>
(This used to be commit 8d6218825827a54ca69e462c00a3dc9e25ef3ddf)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
Thanks to Bjoern Jacke for the report and test-case.
Guenther
(This used to be commit f2ebc0e3de396f44f49dabbfe42cb3ad1c1a7ec1)
|
|
pam_winbind.
Guenther
(This used to be commit 29758ea1c4e1b9b57d27765d539306058299fcd1)
|
|
pam_winbind.
Guenther
(This used to be commit bf077fb2268b79faffd1fdda04847c37ffead32d)
|
|
non-critical and fallback to only parse the argv options in that case.
Guenther
(This used to be commit 9dac3ab328e9c7ba374e0efc3fe16d940ecc9d3b)
|
|
(This used to be commit 7188ec6bd81715c4df17528bca2b2e658173043f)
|
|
Guenther
(This used to be commit 34b29c30b2f4b5a3c40a65ca8338c87a4c16f3ff)
|
|
Guenther
(This used to be commit 1856dc0f52b2a2ba2e59f1a7a77ccd32c27928c0)
|
|
Guenther
(This used to be commit cc800ced60e5e6bbd923a3a0b7d58650c6e14121)
|
|
too early.
Guenther
(This used to be commit 7f64a66d25f2a4aa48c2639da8e783c1759c5dd4)
|
|
/etc/security/pam_winbind.conf as config file for the PAM module by
default.
Guenther
(This used to be commit 41b79ee80c7b0f4836ded51d42c7dc91cba75ccd)
|
|
PAM_SUCCESS. Günther, could you take a look?
Thanks,
Volker
(This used to be commit fc6effcd9c2bb2d15b7e8fba85cc3193d2d7ce1f)
|
|
internals, mostly with the code that was in pam_winbind before.
Also switch from using loadparm to use iniParser to read the new
pam_winbind options from a configuration file. That still uses the old
(parametric) option names which will be replaced next (as iniParser does
not support parametric options).
Guenther
(This used to be commit 6f668ce67318f17bba79cd98b5d169cd19eafcd4)
|
|
ensure that global memory is freed when unloading pam_winbind.so (needs more testing on non-linux platforms)
(This used to be commit 1e0b79e591d70352a96e0a0487d8f394dc7b36ba)
|
|
Guenther
(This used to be commit 87293802f3e0666c9a50eb3ca63bb1a7dccc50dc)
|
|
environment.
Guenther
(This used to be commit 1f1402e45db8d80a7c19208fae934e1b0f3da134)
|
|
policies when requested.
No panic, the flags is uint32 so we are not running out of WBFLAG bits.
Guenther
(This used to be commit 2155bb0535656f294bd054d6a0a7d16a9a71c31b)
|
|
WBFLAG_PAM_CONTACT_TRUSTDOM. This
can not work for NTLM auth, where we only have a workstation account for our
own domain. For the PAM Kerberos login we need to find a better way to do
this, probably using Dsr_GetDCName and some winbind-crafted krb5.conf.
Volker
(This used to be commit bf7c608147bcbbedd89b3dcd24a929ea3e601bc8)
|
|
Fix parse_domain_user to fail when splitting a full name like "DOM\user"
when "winbind use default domain" and "winbind trusted domains only" are
not enabled.
This allows pam_winbind to behave correctly when more modules are
stacked in the "account" or "password" PAM facility. pam_winbindd calls
WINBINDD_GETPWNAM which can decide whether or not a user is a winbind
user and return correct PAM error codes.
Guenther
(This used to be commit e6d52c1e9d8cec7be6d552c2a67a392df21c3ec9)
|
|
(got it wrong the first time as administrator has this flag set by
default).
Guenther
(This used to be commit e9ccebf45a5db8964793084950fbb2c23b2469a3)
|
|
password on logon. (this might be true for all domain admins as well).
Guenther
(This used to be commit 24c6b9fecb521380008cb44e6d987a6f495027dc)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
Correctly handle the case where users logon with an expired password.
In that case pam_sm_authenticate has to return PAM_SUCESS instead of
PAM_NEW_AUTHTOK_REQD or PAM_AUTHTOK_EXPIRED and pam_sm_acct_mgmt has to
take care of requesting an immediate password change. (see the Linux PAM
documentation).
Fixes Bugzilla #1524, #3205. Tested with login, sshd, kdm and gdm on
Linux.
Thanks to Scott Barker <Scott_Barker@mtechIT.com>.
Guenther
(This used to be commit 4cb662ffd76dbe30003c618c94ccf6ebd4afb48c)
|
|
<steuwer@univention.de>.
Jeremy.
(This used to be commit 6795c818a3d63737d5b40faffa3a0b91c71b427b)
|
|
This is just cosmetic but prevents people from thinking that the
pam_winbind "require_membership_of"-option is not yet implemented :)
Guenther
(This used to be commit ef80a49a858d7d81d427c7bac71fdac4fc0d1bd6)
|
|
(This used to be commit 9019a8436162d3606f6b8584701b0832cf5a7439)
|