Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
(This used to be commit f2a2ed315e393353110aa7760b4eca4f1f49ca21)
|
|
Guenther
(This used to be commit 8504a92ac55d6936df051be66207a59a76bf32a3)
|
|
Guenther
(This used to be commit 693f90fd2394309ce40d3ca5fc007543058b342a)
|
|
from gdm/xdm. Patch from boyang <boyang@novell.com>.
Jeremy.
(This used to be commit 8cfc6afc7b4a6af9aea5f5a7cb5af7e3218c2d75)
|
|
Fix is from Bo Yang @ Novell.
Thanks!
(This used to be commit e4eb9d347d14de8c9ba73b07f26fe8fd4f17eab5)
|
|
Thanks to Bo Yang for pointing this out.
Guenther
(This used to be commit 516a067016955938988ab37c777102a14b41e100)
|
|
Guenther
(This used to be commit 37091859126167e84e55afe8a32025ac0f65065e)
|
|
Guenther
(This used to be commit bf960f57e7adf09cdf096f2c72065ea1ff8b0daa)
|
|
Guenther
(This used to be commit d62676cf886d910334b3d6f7ce0147b75ef53aec)
|
|
Guenther
(This used to be commit ea2175ee0e6288ccb132e86b9dd0bf8a0e4169c9)
|
|
NTLM logons must go against our DC.
(This used to be commit 2e24f7c0243c67a00102c11258cfa6f61caf499f)
|
|
To not conflict with WBFLAG_PAM_INFO3_TEXT.
This should fix pam_winbind.
metze
(This used to be commit 1b8ed6c0ffb2548442bb7e9d848117ce9b1c65c0)
|
|
Guenther
(This used to be commit f7100156a7df7ac3ae84e45a47153b38d9375215)
|
|
is set.
This essentially re-establishes r14496 (2155bb0535656f294bd054d6a0a7d16a9a71c31b)
which was undone in r17723 (43bd8c00abb38eb23a1497a255d194fb1bbffffb) for
reasons that are unclear to me. Maybe I am being too naive.
Now we do again only retrieve the password policy when called from
the pam_winbind module. This fixes logons delegated to AD trusted
domain controllers: We need to connect to the sam to retrieve the
password policy. But auhtenticated session setup is not possible
when contacting the trusted domain dc and afterwards, SamrConnect
also fails with whatever credentials and method used.
Michael
(This used to be commit 6d765e0de523211a2d0b43a2c4c4117f5f0c662f)
|
|
Michael
(This used to be commit 4a053d5bf9db82b5ae9ac342f68e90ef89ba292f)
|
|
Guenther
(This used to be commit c3b423c52a2bf3f50870158d8c7ffd314c8ac935)
|
|
init_request => winbindd_init_request
free_response => winbindd_free_response
read_reply => winbindd_read_reply
write_sock => winbind_write_sock
read_sock => winbind_read_sock
close_sock => winbind_close_sock(void)
metze
(This used to be commit 8a95d7a7edcfa5e45bccc6eda5c45d9c308cb95d)
|
|
in winbind client and nss/pam stuff
metze
(This used to be commit 2e13e05fa91788bd128e6940bccc0d2cc7140986)
|
|
Guenther
(This used to be commit 29a56dcc78c49653bcf72dea6313fd4852de8f72)
|
|
commit fb52f971986dd298abbcd9745ddf702820ce0184
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Mon Aug 27 13:50:26 2007 -0500
Check correct return type for pam_winbind_request_log() wnibind_upn_to_username
which is an int and not NSS_STATUS.
commit 7382edf6fc0fe555df89d5b2a94d12b35049b279
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Mon Aug 27 13:30:26 2007 -0500
Allow wbinfo -n to convert a UPN to a SID
commit 8266c0fe1ccf2141e5a983f3213356419e626dda
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Fri Aug 3 09:53:16 2007 -0500
Merge some of Guenther UPN work for pam_winbind.c (check the winbind separator
and better pam logging when converting a upn to a username).
commit 15156c17bc81dbcadf32757015c4e5158823bf3f
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Fri Aug 3 08:52:50 2007 -0500
Include Universal groups from the cached PAC/SamLogon info when
generating the list of domain group SIDs for a user's token.
commit 979053c0307b051954261d539445102c55f309c7
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Thu Aug 2 17:35:41 2007 -0500
merge upnlogon patch from my tree
(This used to be commit 98fb5bcd5702d5086bdf9b58105a67efb90950f4)
|
|
- Add parameter config_flag to get_config_item_int() and do the same
check as in get_conf_item_string.
(This used to be commit d1d1baa264587911e1c97b3b35d5ed2bc56bf12b)
|
|
get_conf_item_string() to the later if statement.
- Also move the key definition to the later if statement in
get_conf_item_string() and get_conf_item_int().
(This used to be commit 3a82ec943a3828b843dd47aaa0e360844d4dfb91)
|
|
This is a slightly modified version to set warn_pwd_expire to the
default value if 0, no, or a broken value is set.
This version also has one if statement less in get_config_item_int().
Thanks a lot to Andreas 'GlaDiaC' Schneider for this feature!
(This used to be commit d26914c978457ae0ec097cc40c8e33a7cee9ebcf)
|
|
the silent
argument when parsing pam configuration file options.
Guenther
(This used to be commit 5b4a4df26f32fe1947a0c4fb741a4cb89e308f92)
|
|
and the krb5 tkt cache could not be created due to clock skew.
(This used to be commit 24616f7d6be40b090dc74851b1ea7d09d6976811)
|
|
Guenther
(This used to be commit bf9131fed30b3d6f80c41734c04450a1e6bcba5b)
|
|
(This used to be commit 70878d698532aa8b0e151e7772894e251290186e)
|
|
(This used to be commit 7961476784713267efc19d305aa66c68275ccaa1)
|
|
(This used to be commit ad57434faf806a6ad27beb0f75b73d5389a35382)
|
|
to not request a privileged pipe operation for everything
as this cannot be done from a process running under the
context of a user (e.g. screensaver).
Thanks to Danilo Almeida <dalmeida@centeris.com> for the help
in pointing out the change to write_sock().
(This used to be commit 80790f935abc8905542338b08f54d61ebacf2ff1)
|
|
decides smbd
to be idle it might happen that smbd needs to do a winbind operation (for
example sid2name) as non-root. This then fails to get the privileged
pipe. When later on on the same connection another authentication request
comes in, we try to do the CRAP auth via the non-privileged pipe.
This adds a winbindd_priv_request_response() request that kills the existing
winbind pipe connection if it's not privileged.
Volker
(This used to be commit e5741e27c4c22702c9f8b07877641fecc7eef39c)
|
|
(This used to be commit 82dc19f844af65a8815c629e4ec1f354d208a53f)
|
|
LAM module does to work around a system that does not support
>8 character usernames. Without the change, pam_winbind tries
to authenticate _#uid in the domain.
(This used to be commit 7f0ba72e05acbd958fbf768a04d16c29189dc8f7)
|
|
changed a password via pam_chauthtok. Only do this if
a) a user logs on using an expired password (or a password that needs to
be changed immediately) or
b) the user itself changes his password.
Also make sure to delete the in-memory krb5 credential cache (when a
user did not request a FILE based cred cache).
Finally honor the krb5 settings in the first pam authentication in the
chauthtok block (PAM_PRELIM_CHECK). This circumvents confusion when
NTLM samlogon authentication is still possible with the old password after
the password has been already changed (on w2k3 sp1 dcs).
Guenther
(This used to be commit c3005c48cd86bc1dd17fab80da05c2d34071b872)
|
|
Cached logon with pam_winbind should work now also for NT4 and samba3
domains.
Guenther
(This used to be commit b2f91154820219959b8008b15802c70e1d76d158)
|