Age | Commit message (Collapse) | Author | Files | Lines |
|
Andrew Bartlett
(This used to be commit 40088b9566e8f63897958fc99d99dedb38e0cb69)
|
|
into krbtgt/DNS.DOMAIN.REALM too
with this a windows client asks for the correct ticket when you try to login
(but it's still not working correct, as some how we mess up the dns host name of the
client and it asks for the wrong service principal)
- fix some compiler wranings
- fix some debug messages
metze
(This used to be commit c4c93eeec20ceb062d37f392139a5ef8bbb626f5)
|
|
Andrew Bartlett
(This used to be commit 33dcbe938df532e63b9c02c2b6cef11090021481)
|
|
forms both differ only in case. We may need a better solution than
this later.
Andrew Bartlett
(This used to be commit a0ad13f5bceb17c1b856548825e5509921b409f0)
|
|
We now generate the PAC, and can verifiy both our own PAC and the PAC
from Win2k3.
This commit adds the PAC generation code, spits out the code to get
the information we need from the NETLOGON server back into a auth/
helper function, and adds a number of glue functions.
In the process of building the PAC generation code, some hints in the
Microsoft PAC specification shed light on other parts of the code, and
the updates to samr.idl and netlogon.idl come from those hints.
Also in this commit:
The Heimdal build package has been split up, so as to only link the
KDC with smbd, not the client utils.
To enable the PAC to be veified with gensec_krb5 (which isn't quite
dead yet), the keyblock has been passed back to the calling layer.
Andrew Bartlett
(This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
|
|
absense of an apparent AD flag to control this behaviour.
Andrew Bartlett
(This used to be commit 9886aa6f0e64cdb30774bfba3f2c683a3dbec9c4)
|
|
I missed one spot in moving from hdb_ent_type to the
internal-to-hdb-ldb hdb_ldb_ent_type, which results in a
Kerberos: Server has invalid flag set -- krbtgt/....@....
on kinit.
Andrew Bartlett
(This used to be commit 2358e0c0e4f2a3db78a8db360abc296f98bcb549)
|
|
hdb-ldb module. This removes the need for the KRBTGT case to exist in
the broader heimdal code.
Andrew Bartlett
(This used to be commit fb83465dbccae8af5eb26f735e60f3f40e944446)
|
|
Andrew Bartlett
(This used to be commit a948e743bbc691798e6a956b35d8e09cfc91f988)
|
|
Andrew Bartlett
(This used to be commit 7f6a7f7fc521f41c811c51fb692f408dc570f4cd)
|
|
- Remove (some) excess logging
- use samdb_connect() to hook into the right handling for multiple tdb handles
- move the connect to the server startup, rather than per-packet.
- Fix config.mk dependency
Tested with a WinXP domain join.
Andrew Bartlett
(This used to be commit 13cf51612d91385c6df5deadbf126bcc583f797d)
|
|
fill in the function pointers to handle the logging, and catch all the
kerberos warnings. (Currently at level 3).
To avoid a memory leak, this requries a new function: krb5_freelog(),
which I've added to lorikeet/heimdal.
This also required a revamp to how we handle the krb5_context, so as
to make it easier to handle with talloc destructors.
Andrew Bartlett
(This used to be commit 63272794c41231b335b73e7ccf349282f295c4d2)
|
|
be hard to do tcp as well.
(This used to be commit 7cbb95d3f55dbaf9ca606655377682841e4c534d)
|
|
Using current lorikeet/heimdal, and with the KDC module enabled (it is
disabled by default), I almost get the KDC to link.
(To enable the KDC for testing, comment out the only line in
smbd/config.m4, and add 'kdc' to the 'server services' line in
smb.conf).
(This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
|