Age | Commit message (Collapse) | Author | Files | Lines |
|
Major points of interest:
* Figure the DES salt based on the domain functional level
and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
keys
* Remove all the case permutations in the keytab entry
generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
in AD
The resulting keytab looks like:
ktutil: list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value. The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.
Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
(This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4)
|
|
being used.
Jeremy.
(This used to be commit 441c289fd21d00398fb7c4c7c0338b03129a7545)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
Thanks to Bjoern Jacke for the report and test-case.
Guenther
(This used to be commit f2ebc0e3de396f44f49dabbfe42cb3ad1c1a7ec1)
|
|
Guenther
(This used to be commit df10448e2c6166d1c129c2d9a9a74c5b4a42555f)
|
|
Guenther
(This used to be commit 4121ccfc3e39001d5b7b8288e3bc27d919f79167)
|
|
(This used to be commit 84913caebdb461fed2c94fadfa0039b32a83cb6d)
|
|
this is
what svn is for.
The idea is that we fall back to a pure unix user with S-1-22 SIDs in the
token in case anything weird is going on with the 'force user'.
Volker
(This used to be commit 9ec5ccfe851ac8a1f88b88c8c8461a5cf75b4c57)
|
|
sid_check_is_in_our_domain cases.
Volker
(This used to be commit dc403cec88d91fdeb09cbd04321d88bbdc0f490c)
|
|
Guenther
(This used to be commit 6257f9af93f2391940b2c60fe39c0bf106de15dd)
|
|
Guenther
(This used to be commit 863aeb621afa7dcec1bfef8e503ef8ed363e3742)
|
|
(This used to be commit ef6e9ca5276586c081fcf18bb178a2326309b539)
|
|
netbios domain name in server affinity cache.
Guenther
(This used to be commit 08958411eeff430fb523d9b73e0259d060bac17b)
|
|
info for our own domain.
Guenther
(This used to be commit ebd3c547e508e191d5e1b5bb001797666db7b269)
|
|
(This used to be commit c139a2293bfb66554e1be09c6824d04381de58e1)
|
|
dfs_Enum.
Guenther
(This used to be commit 4e5ea585c3482c38f2624e45f1268d3864a99faa)
|
|
Guenther
(This used to be commit 6bf350895a648ef9b824c94b894e8d7a8989eb97)
|
|
Guenther
(This used to be commit 48ab7f46814dfbd777f142cdd8f59e6c1962eb15)
|
|
read ea's from an msdfs link. Stop it from doing that.
Jerry please merge to 3.0.23.
Jeremy.
(This used to be commit 95e5ace6b4f348a3244b6a3ea0fd8badf55271f5)
|
|
password changes
Jeremy, please review.
(This used to be commit 154e4a281503f0cbc2e654640f1dfa4b4d35a3cd)
|
|
there are
vasprintf implementations that don't like a NULL format.
Volker
(This used to be commit 03c665c307e518c9ff66096904873266b145637c)
|
|
Solaris found this one that needs to go into 3.0.23, actually munlock the
password memory.
Volker
(This used to be commit 6fa928f96a70b7b063dd1bdbb08c6a3f5d942229)
|
|
not the $(srcdir) to allow multiple concurrent compiles when the
source tree is shared via nfs.
(This used to be commit b79e1c011d577581eebb90b95dbdee11f8a96c3b)
|
|
checking for the builtin Administrators group membership.
security = server has no domain info in secrets.tdb
(This used to be commit fa477969fbbcd9f707461a2d9015bebf719ddfbb)
|
|
Jeremy.
(This used to be commit 0606c954668a7bbc08e2338e268405981aa0ad04)
|
|
metze
(This used to be commit a558abb40d9a0bcce568a336ce7e9f4ae5e066db)
|
|
(This used to be commit 9ae1d016d44492327d180fe5e629f3a81ddfe6e4)
|
|
realm name in ads_init() in nt_printer_publish().
(This used to be commit a25e75e78db092b3992dfc6f7e2737023d43e2c3)
|
|
signing bug.
Jeremy.
(This used to be commit 3b7fbe856cea7cbb5bf91844f94f221be0a2c627)
|
|
Jeremy
(This used to be commit c4896b17faa6802f18cc1cec7fcc6168bde2eef0)
|
|
Jeremy.
(This used to be commit d48655d9c0b31d15327655140c021de29873d2c5)
|
|
Jeremy.
(This used to be commit 8c7e40f2a469df34aff0e63270a78e669d240b59)
|
|
Jeremy.
(This used to be commit 1cd9a0ef834f8062500d1aea6183e147fc5e42f4)
|
|
Jeremy.
(This used to be commit 5c5ea3152f8dbdfd7717b65e035191ffed3ec548)
|
|
for AIX.
Fix a configure.in output line
Volker
(This used to be commit 1a80266d77bb95edaa221c14652b2c6fa9932ab6)
|
|
closer at the wins server code. Firstly, it needs
to do the searches on the SELF_NAMES correctly,
secondly it needs to flush the in-memory cache
out before returning the 1b names - else it might
get duplicates returned if many 1b queries are
done in quick succession. Jerry, I hate to say
this but you might want to consider this for 3.0.23....
Jeremy.
(This used to be commit b36b9befbbc4ac318168b7788d3722710ecbf10f)
|
|
Jeremy.
(This used to be commit dfdb4ce89155dc1528b455252751616cc2c6708c)
|
|
bad cast warning.
Jeremy.
(This used to be commit d60e6e0abc17361fe180d6723b970552dc377741)
|
|
Jeremy.
(This used to be commit ddf35ad69201cf9a0aa45ff25e17eddef60d75ad)
|
|
Jeremy.
(This used to be commit 787539489897e79d43eb1833db6f5969b130c934)
|
|
Jeremy.
(This used to be commit 9b0df8d008bc5574526d68628f351eb4dbf98e8a)
|
|
Jeremy.
(This used to be commit 590b58cb507e5a6e459ff0c975beb9056336f233)
|
|
Jeremy.
(This used to be commit 2eefe9b6f52e64927c0ae23adce111a42d821206)
|
|
Jeremy.
(This used to be commit 433d7a1bc91ff479934a256ff84e6866e16d1f85)
|
|
by converting the lookup_XX functions to correctly
return SID_NAME_TYPE enums.
Jeremy.
(This used to be commit ee2b2d96b60c668e37592c79e86c2fd851e15f69)
|
|
server code. Jerry please merge for 3.0.23.
Jeremy.
(This used to be commit d354b430ff0473764db8ea492a68d10946dadc23)
|
|
Jeremy.
(This used to be commit 76cc25a37e145fb48a8a81df37e790690b5dceac)
|
|
the correct enumerated type in the macro.
Jeremy.
(This used to be commit 63ad19f71c6b9474042f4ea9d5859e2849a73da8)
|
|
Jeremy.
(This used to be commit 7580eb947cdeb786be00efa5da727e32b28c99d6)
|
|
Jeremy.
(This used to be commit d04462f1d8cf009985b9112f093306a64689af64)
|