| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
counted struct. Doh !
Jeremy.
(This used to be commit 8c78386e8da72108551cff72a6cc9da89264ddee)
|
|
(This used to be commit 30df6cb65f2dcc1829ea362ea0bc2a5e10f9819a)
|
|
krb5 refresh creds when doing cached NTLM auth, request
the memory creds instead.
Jeremy.
(This used to be commit 310ac0b226edcfd5bedc2c3305a05993db20c7af)
|
|
from the krb5 ticket renewal code. This allows cached
credentials to be stored for single sign-on via ntlm_auth
for machines in a domain still using NTLM. Also (hopefully)
fixes the reference counting problem with pam_logon/logoff
so multiple logons/logoffs won't lose cached credentials.
This compiles, but I'm intending to test it over the weekend
so don't complain too much :-). I also want it in the tree
so Coverity can scan it for errors. Guenther, check this over
please - I ran through the architecture with Jerry and he's
ok with it, but this is modifying your code a lot.
Jeremy.
(This used to be commit 679eeeb91155dad3942efde6ae9f8d81faf18c5b)
|
|
stored - only store the password if we're going to
be doing a krb5 refresh. GD please review this change !
Now to add code to reference count the cached creds
(to allow multiple pam_logon/pam_logoffs to keep the
creds around), ensure that the cred cache is called
on all successful pam_logons (if we have winbindd cache
pam credentials = true, set this by default) and finally
ensure the creds cache is changed on successful password
change. GD - you *really* need to review this :-).
Jeremy.
(This used to be commit 017e7e14958d29246a1b221e33755bb91e96b08f)
|
|
(This used to be commit 05268d7a731861b10ce8556fd32a004808383923)
|
|
Solaris found this one that needs to go into 3.0.23, actually munlock the
password memory.
Volker
(This used to be commit 6fa928f96a70b7b063dd1bdbb08c6a3f5d942229)
|
|
swapped to disc using mlock(). (patch was reviewed by Jeremy).
Guenther
(This used to be commit 206cdbb8e9a4a0900060d56510e58b85a2b8aec5)
|
|
we have a reason to do so.
Guenther
(This used to be commit 4da79bd10c17277171aad26ee0278f8e5b64abdb)
|
|
directly in winbindd.
Jeremy.
(This used to be commit 2e65fcc9def5f1386a33ca4a76e494838e3a0632)
|
|
Guenther
(This used to be commit 7420b095077689fee4b5c9fb76cdb6533be1d465)
|
|
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
(This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
|
|
kerberos_kinit_password_ext provides access to more options.
Guenther
(This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
|
|
over --with-kcm. No time to look after it for the moment.
Guenther
(This used to be commit 7ec2b31a8790db1466ffafeab533c11ab7ea801a)
|
|
macro which sets the freed pointer to NULL.
(This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
