Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit a02e07739781eb00b521d050ab06d6b0aedf47bc)
|
|
should allow us to ditch the local static storage for OIDs, as well as
fix the build on non-heimdal platforms.
Andrew Bartlett
(This used to be commit a7e2ecfac9aaacd673e3583b62139e4f4e114429)
|
|
Andrew Bartlett
(This used to be commit c8e8fa129ed0c80bcd289445935047c28d48da64)
|
|
Finally remove the distinction between 'krb5' and 'ms_krb5'. We now
don't do kerberos stuff twice on failure. The solution to this is
slightly more general than perhaps was really required (as this is a
special case), but it works, and I'm happy with the cleanup I achived
in the process. All modules have been updated to supply a
NULL-terminated list of OIDs.
In that process, SPNEGO code has been generalised, as I realised that
two of the functions should have been identical in behaviour.
Over in the actual modules, I have worked to remove the 'kinit' code
from gensec_krb5, and placed it in kerberos/kerberos_util.c.
The GSSAPI module has been extended to use this, so no longer requires
a manual kinit at the command line. It will soon loose the
requirement for a on-disk keytab too.
The general kerberos code has also been updated to move from
error_message() to our routine which gets the Heimdal error string
(which may be much more useful) when available.
Andrew Bartlett
(This used to be commit 0101728d8e2ed9419eb31fe95047944a718ba135)
|
|
rafal
(This used to be commit 0f9a2aef6c87bd53c962b33bf78bf773d2319b97)
|
|
(This used to be commit 46509eb89980bfe6dabd71264d570ea356ee5a22)
|
|
(This used to be commit f5956d150154cb4393dc323ae8ae1f936adee355)
|
|
kerberos, and how Microsoft constructs their kerberos implementation.
Andrew Bartlett
(This used to be commit 5fa9be75d987af106fd798f6d5379b637a170b00)
|
|
This patch allows a suitably patched Heimdal GSSAPI library (detected
in configure) to supply to us the session keys, and further compleats
the gensec_gssapi module. This is tested for CIFS, but fails for LDAP
at this point (that is what I'll work on next).
We currently fill out the 'session info' from the SAM, like
gensec_krb5 does, but both will need to use the PAC extraction
functions in the near future.
Andrew Bartlett
(This used to be commit 937ee361615a487af9e0279145e75b6c27720a6b)
|
|
code, which is certainly not in the form of machine$.
Rework the default salt to match what I just added to the heimdal
server (Samba4 is back on speaking terms with lorikeet heimdal now),
from Luke Howard's post to samba-technical in Nov 2004.
Now to test compatability with MS...
Andrew Bartlett
(This used to be commit d719a0093bfe37fc62f28c7c02f17f93eec16abf)
|
|
metze
(This used to be commit 333f9bdf585db3df455009667d94deae568be02a)
|
|
client credentials code to read the secrets.ldb.
Also clean up error handling, and ensure to always set the
last_error_message stuff.
Andrew Bartlett
(This used to be commit 435d229e5d1da349f00d80a36b599ae70468e99d)
|
|
(This used to be commit 45383f6cec3c380043be59f1e1c5bf82f3095abb)
|
|
weeks ago - weird.
(This used to be commit 1738761d895461260dcba0dd81630cfa0ec43ae8)
|
|
auth/gensec and auth/kerberos.
This also pulls the kerberos configure code out of libads (which is
otherwise dead), and into auth/kerberos/kerberos.m4
Andrew Bartlett
(This used to be commit e074d63f3dcf4f84239a10879112ebaf1cfa6c4f)
|