| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
These fixes aim particularly at allowing PAC-less logins, as I don't
yet generate a PAC in the lorikeet-heimdal KDC.
This is for the benifit of a Kerbeors-enabled domain join, which seems
to be progressing quite well!
Andrew Bartlett
(This used to be commit f5a381094dd5bcbd795a134bc4b8b89901b5e3eb)
|
|
there're some cleanups needed and we need to verify the PAC correctly
and create the auth_session_info correctly...
metze
(This used to be commit d8fe497097ee49611bb05c4a2fed36912d8e16b4)
|
|
- We can now connect to hosts that follow the SPNEGO RFC, and *do not*
give us their principal name in the mechListMIC.
- The client code now remembers the hostname it connects to
- We now kinit for a user, if there is not valid ticket already
- Re-introduce clock skew compensation
TODO:
- See if the username in the ccache matches the username specified
- Use a private ccache, rather then the global one, for a 'new' kinit
- Determine 'default' usernames.
- The default for Krb5 is the one in the ccache, then $USER
- For NTLMSSP, it's just $USER
Andrew Bartlett
(This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0)
|
|
Andrew Bartlett
(This used to be commit b97ea8a63f044d2c20781c876575978cc4725285)
|
|
Andrew Bartlett
(This used to be commit 310a570936c0d2d5af168aeca1b33206622d8355)
|
|
Andrew Bartlett
(This used to be commit 159c234589e8e148180217f9ef4853b3031877db)
|
|
The kerberos context is now tied in life to the GENSEC context.
Andrew Bartlett
(This used to be commit 64e99170c3b53a14d7f8d29cf78283f2bc22c1f7)
|
|
I have moved the SPNEGO and Kerberos code into libcli/auth, and intend
to refactor them into the same format as NTLMSSP.
Andrew Bartlett
(This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b)
|
