summaryrefslogtreecommitdiff
path: root/source4/heimdal/kdc
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11310: Free the 'if_relevent' portion of the PAC when we build it.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit ede638c00b574bf4149d11844c0adf8e0f5c4efb)
2007-10-10r11294: Update Heimdal in Samba4 to lorikeet-heimdal (which is in turn updatedAndrew Bartlett3-214/+91
to CVS of 2005-10-24). Andrew Bartlett (This used to be commit 939d4f340feaad15d0a6a5da79feba2b2558f174)
2007-10-10r10386: Merge current lorikeet-heimdal into Samba4.Andrew Bartlett2-48/+86
Andrew Bartlett (This used to be commit 4d2a9a9bc497eae269c24cbf156b43b8588e2f73)
2007-10-10r10191: Return the right error code in the case of a time skew. Windows will nowJelmer Vernooij1-1/+1
ignore Kerberos and fallback to NTLMSSP when joining. Thanks to Andrew Bartlett for the assistence. (This used to be commit 3b6bfbe8cf555f4144ed06044d3ecb8044f86bca)
2007-10-10r10066: This is the second in my patches to work on Samba4's kerberos support,Andrew Bartlett1-4/+27
with an aim to make the code simpiler and more correct. Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over all keytypes)' code in gensec_krb5, we now follow the approach used in gensec_gssapi, and use a keytab. I have also done a lot of work in the GSSAPI code, to try and reduce the diff between us and upstream heimdal. It was becoming hard to track patches in this code, and I also want this patch (the DCE_STYLE support) to be in a 'manageable' state for when lha considers it for merging. (metze assures me it still has memory leak problems, but I've started to address some of that). This patch also includes a simple update of other code to current heimdal, as well as changes we need for better PAC verification. On the PAC side of things we now match windows member servers by checking the name and authtime on an incoming PAC. Not generating these right was the cause of the PAC pain, and so now both the main code and torture test validate this behaviour. One thing doesn't work with this patch: - the sealing of RPC pipes with kerberos, Samba -> Samba seems broken. I'm pretty sure this is related to AES, and the need to break apart the gss_wrap interface. Andrew Bartlett (This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
2007-10-10r9680: Update Heimdal to current lorikeet-heimdal (which was itself updatedAndrew Bartlett1-1/+2
to Heimdal CVS as of 2005-08-27). Andrew Bartlett (This used to be commit 913924a4997f5e14c503f87510cbd8e4bfd965a9)
2007-10-10r9648: this fixes the krb5 based login with the pac. The key to this whole ↵Andrew Tridgell1-0/+3
saga was that the logon_time field in the pac must match the authtime field in the ticket we gave the client in the AS-REP (and thus also the authtime field in the ticket we get back in the TGS-REQ). Many thanks to Andrew Bartlett for his patience in showing me the basic ropes of all this code! This was a joint effort. (This used to be commit 7bee374b3ffcdb0424a83f909fe5ad504ea3882e)
2007-10-10r9413: Bring Samba4 back up to date with lorikeet-heimdal.Andrew Bartlett4-26/+77
Delete test_crypto_wrapping.c, previously included but unbuilt. Andrew Bartlett (This used to be commit d5fb30fb0cef330e0947969f0c9afc1f58fc4c7d)
2007-10-10r9221: Try to merge Heimdal across from lorikeet-heimdal to samba4.Andrew Bartlett2-42/+85
This is my first attempt at this, so there may be a few rough edges. Andrew Bartlett (This used to be commit 9a1d2f2fec67930975da856a2d365345cec46216)
2007-10-10r8302: import mini HEIMDAL into the treeHeimdal Import User14-0/+6949
(This used to be commit 118be28a7aef233799956615a99d1a2a74dac175)