Age | Commit message (Collapse) | Author | Files | Lines |
|
winbindd's kerberized pam_auth use that.
Guenther
(This used to be commit 0f436eab5b2e5891c341c27cb22db52a72bf1af7)
|
|
(This used to be commit 4a99b89618948f5518b9c685d1cdcfaad69bfc80)
|
|
SATOH Fumiyasu <fumiya@samba.gr.jp>
(This used to be commit d68b2910c8ba97a42b8bccc0af1341fc301a76d0)
|
|
(This used to be commit 05886edb3559355e8cd3e3eb8999f24b64ddb3eb)
|
|
is took late
(This used to be commit 5575845952171aaeae81cf65fe32be33cc1b45ba)
|
|
on x86_64 Linux boxes. Since it is not needed, just use malloc()
on Linux.
(This used to be commit 3644bd999621e04b3fae262f172e93ea8fdcd47e)
|
|
there is just no cache around for a user.
Guenther
(This used to be commit a6c249b59228c6891cde624f72fff23879dbd19f)
|
|
shoulder.... Correct fix for warning :-)
Jeremy.
(This used to be commit 773001870d22ef4ff7ec00f73661b59a63cade42)
|
|
Jeremy.
(This used to be commit 34675624e2be886188337a883a6c4a57ef7e3fe3)
|
|
others don't get stuck with the winbindd hang.
Still waiting on additional confirmation from Guenther
that this fixes thes issues he was observing as well.
But it's been running in my local tree for a day without
problems.
(This used to be commit 0d2b80c6c4a744b05a0efdec352cddccc430e0c4)
|
|
(This used to be commit 52e6a2ceab794875781575ed17ec86808f6e26da)
|
|
This add a struct event_context and infrastructure for fd events to smbd. This
is step zero to import lib/events.
Jeremy, I rely on you to watch the change in receive_message_or_smb()
closely. For the normal code path this should be the only relevant change. The
rest is either not yet used or is cosmetic.
Volker
(This used to be commit cd07f93a8aecb24c056e33b1ad3447a41959810f)
|
|
(This used to be commit 1ef910f423a9ec69af6abf5a4e2137e8a4e81755)
|
|
non-existing krb5 credential cache should not generate an error.
Guenther
(This used to be commit 11c6f573af5c1d3387e60f3fc44b00e28cd87813)
|
|
Guenther
(This used to be commit a1378979be4fe5ac5148b0a7830859aebb97838c)
|
|
Guenther
(This used to be commit b1cd9d45e9581bec56bfdc21d2a8afb7f094be22)
|
|
cache time = 0".
Guenther
(This used to be commit 9ac6016e32d236e7470919c075df551d1d73498c)
|
|
this at the moment as I'm working on this area. Thanks
a lot Guenther.
Add the capability to get krb5 tickets even if we
log on in the offline state and have to cache
the credentials. Once we go online we should
start getting krb5 tickets again. Currently
this code waits until lp_winbind_cache_time()
seconds (5 minutes by default) before getting
tickets. This is correct in the DC down case,
but not in the global offline -> online case.
I'll later add a trigger to force an immediate refresh
on the offline -> online state transition.
Jeremy.
(This used to be commit 04fe034f4a222c83a8d788040f7edc370afe9fa6)
|
|
counted struct. Doh !
Jeremy.
(This used to be commit 8c78386e8da72108551cff72a6cc9da89264ddee)
|
|
(This used to be commit 30df6cb65f2dcc1829ea362ea0bc2a5e10f9819a)
|
|
krb5 refresh creds when doing cached NTLM auth, request
the memory creds instead.
Jeremy.
(This used to be commit 310ac0b226edcfd5bedc2c3305a05993db20c7af)
|
|
from the krb5 ticket renewal code. This allows cached
credentials to be stored for single sign-on via ntlm_auth
for machines in a domain still using NTLM. Also (hopefully)
fixes the reference counting problem with pam_logon/logoff
so multiple logons/logoffs won't lose cached credentials.
This compiles, but I'm intending to test it over the weekend
so don't complain too much :-). I also want it in the tree
so Coverity can scan it for errors. Guenther, check this over
please - I ran through the architecture with Jerry and he's
ok with it, but this is modifying your code a lot.
Jeremy.
(This used to be commit 679eeeb91155dad3942efde6ae9f8d81faf18c5b)
|
|
stored - only store the password if we're going to
be doing a krb5 refresh. GD please review this change !
Now to add code to reference count the cached creds
(to allow multiple pam_logon/pam_logoffs to keep the
creds around), ensure that the cred cache is called
on all successful pam_logons (if we have winbindd cache
pam credentials = true, set this by default) and finally
ensure the creds cache is changed on successful password
change. GD - you *really* need to review this :-).
Jeremy.
(This used to be commit 017e7e14958d29246a1b221e33755bb91e96b08f)
|
|
(This used to be commit 05268d7a731861b10ce8556fd32a004808383923)
|
|
Solaris found this one that needs to go into 3.0.23, actually munlock the
password memory.
Volker
(This used to be commit 6fa928f96a70b7b063dd1bdbb08c6a3f5d942229)
|
|
swapped to disc using mlock(). (patch was reviewed by Jeremy).
Guenther
(This used to be commit 206cdbb8e9a4a0900060d56510e58b85a2b8aec5)
|
|
we have a reason to do so.
Guenther
(This used to be commit 4da79bd10c17277171aad26ee0278f8e5b64abdb)
|
|
directly in winbindd.
Jeremy.
(This used to be commit 2e65fcc9def5f1386a33ca4a76e494838e3a0632)
|
|
Guenther
(This used to be commit 7420b095077689fee4b5c9fb76cdb6533be1d465)
|
|
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
(This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
|
|
kerberos_kinit_password_ext provides access to more options.
Guenther
(This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
|
|
over --with-kcm. No time to look after it for the moment.
Guenther
(This used to be commit 7ec2b31a8790db1466ffafeab533c11ab7ea801a)
|
|
macro which sets the freed pointer to NULL.
(This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|