summaryrefslogtreecommitdiff
path: root/source4/libcli/auth/gensec_krb5.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r2054: Fix compile warnings/build failures on non-gcc.Andrew Bartlett1-1/+2
Andrew Bartlett (This used to be commit 2cbbf123d26081687a15eb7b82738e8187153ba4)
2007-10-10r1794: fix the build MIT krb5Stefan Metzmacher1-2/+4
metze (This used to be commit fe655d047434422eae77486e5fd7fa51eb942677)
2007-10-10r1790: a few updates on krb5 PAC...Stefan Metzmacher1-10/+30
metze (This used to be commit 5a3a10c004ee2c94c42f08d52b36c75b413bdb79)
2007-10-10r1784: a few minor changes and debug the decoded PAC_DATAStefan Metzmacher1-8/+10
metze (This used to be commit 250485b69fbdd494bfd6c69bae94662e24fb0117)
2007-10-10r1770: here's the krb5 server code,Stefan Metzmacher1-7/+257
there're some cleanups needed and we need to verify the PAC correctly and create the auth_session_info correctly... metze (This used to be commit d8fe497097ee49611bb05c4a2fed36912d8e16b4)
2007-10-10r1605: GENSEC krb5 updates - fix a valgrind found uninitialised variable, andAndrew Bartlett1-2/+6
allow tests for 'unwrapped' krb5, allowed by Win2k3. SPENGO changes, trying to get the logic right (when and what sub-mechanisms to wrap). Andrew Bartlett (This used to be commit 8a0f7bf5e282d021afe93994a91fd76fa9c05f42)
2007-10-10r1521: Updates to our SMB signing code.Andrew Bartlett1-1/+3
- This causes our client and server code to use the same core code, with the same debugs etc. - In turn, this will allow the 'mandetory/fallback' signing algorithms to be shared, and only written once. Updates to the SPNEGO code - Don't wrap an empty token to the server, if we are actually already finished. Andrew Bartlett (This used to be commit 35b83eb329482ac1b3bc67285854cc47844ff353)
2007-10-10r1476: Don't print messages about the CCACHE not being found - this is normal.Andrew Bartlett1-2/+6
Andrew Bartlett (This used to be commit 30d88580efe45dc792f8d5c04f4abe0497d1551c)
2007-10-10r1475: More kerberos workAndrew Bartlett1-19/+95
- We can now connect to hosts that follow the SPNEGO RFC, and *do not* give us their principal name in the mechListMIC. - The client code now remembers the hostname it connects to - We now kinit for a user, if there is not valid ticket already - Re-introduce clock skew compensation TODO: - See if the username in the ccache matches the username specified - Use a private ccache, rather then the global one, for a 'new' kinit - Determine 'default' usernames. - The default for Krb5 is the one in the ccache, then $USER - For NTLMSSP, it's just $USER Andrew Bartlett (This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0)
2007-10-10r1462: GENSEC Kerberos and SPENGO work:Andrew Bartlett1-6/+7
- Spelling - it's SPNEGO, not SPENGO - SMB signing - Krb5 logins are now correctly signed - SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not. Andrew Bartlett (This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)
2007-10-10r1457: Add the GSSAPI layer to our gensec_krb5 code.Andrew Bartlett1-33/+54
Andrew Bartlett (This used to be commit 893a9a3865d7046d8b1cb0418aaf48b88beefa05)
2007-10-10r1437: Intermediate commit of krb5 for GENSEC.Andrew Bartlett1-0/+351
The session key in the client is wrong, we don't do signing/sealing and we are sending raw Kerberos, not GSSAPI. But it's a start, and if we continue to have to call Krb5 directly, this will be the basis. I also intend to provide an alternate implementation, using just GSSAPI. Andrew Bartlett (This used to be commit eb0dd4a821dc3dbe370aea9a9c9fb05cf2592e4d)