samba - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author	Files	Lines
2007-10-10	r11995: A big kerberos-related update.	Andrew Bartlett	1	-0/+12
	This merges Samba4 up to current lorikeet-heimdal, which includes a replacement for some Samba-specific hacks. In particular, the credentials system now supplies GSS client and server credentials. These are imported into GSS with gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY keytab, so we now create a FILE based keytab as provision and join time. Because the keytab is now created in advance, we don't spend .4s at negprot doing sha1 s2k calls. Also, because the keytab is read in real time, any change in the server key will be correctly picked up by the the krb5 code. To mark entries in the secrets which should be exported to a keytab, there is a new kerberosSecret objectClass. The new routine cli_credentials_update_all_keytabs() searches for these, and updates the keytabs. This is called in the provision.js via the ejs wrapper credentials_update_all_keytabs(). We can now (in theory) use a system-provided /etc/krb5.keytab, if krb5Keytab: FILE:/etc/krb5.keytab is added to the secrets.ldb record. By default the attribute privateKeytab: secrets.keytab is set, pointing to allow the whole private directory to be moved without breaking the internal links. (This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
2007-10-10	r10528: Add credentials.h back into includes.h as some compilers don't	Jelmer Vernooij	1	-1/+0
	seem to be able to handle incomplete enum types. (This used to be commit 540155fad3c8e3d79fb631bb3f14273f82130a73)
2007-10-10	r10510: Decrease the amount of data included by includes.h a bit	Jelmer Vernooij	1	-0/+1
	(This used to be commit 03647e1321cf6c9bd6ced3945265f635e9468973)
2007-10-10	r10402: Make the RPC-SAMLOGON test pass against Win2k3 SP0 again.	Andrew Bartlett	1	-1/+1
	I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own test for the moment, but I'm working on these issues :-) This required a change to the credentials API, so that the special case for NTLM logins using a principal was indeed handled as a special, not general case. Also don't set the realm from a ccache, as then it overrides --option=realm=. Andrew Bartlett (This used to be commit 194e8f07c0cb4685797c5a7a074577c62dfdebe3)
2007-10-10	r9728: A major update to the credentials system, to incorporate the	Andrew Bartlett	1	-1/+1
	Kerberos CCACHE into the system. This again allows the use of the system ccache when no username is specified, and brings more code in common between gensec_krb5 and gensec_gssapi. It also has a side-effect that may (or may not) be expected: If there is a ccache, even if it is not used (perhaps the remote server didn't want kerberos), it will change the default username. Andrew Bartlett (This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315)
2007-10-10	r9724: Rewrite samba3dump in JS. The summary works now, but the full output	Jelmer Vernooij	1	-5/+15
	is triggering some obscure EJS assert.. (This used to be commit 42605f4444998e3063ffd1bea17425ff825f6132)
2007-10-10	r9477: Convert popt options to an ejs object. Doesn't seem to break anything	Rafal Szczesniak	1	-11/+26
	except of popt help (-h) option (unexpected ?). rafal (This used to be commit 1990793b23d6198a85ce1bdf6ad43e12015db203)
2007-10-10	r9071: Set real and workstation fields in ejs credentials object.	Rafal Szczesniak	1	-0/+62
	rafal (This used to be commit eb7a5d09c7a469f94357434c6dadbdf54b52d5db)
2007-10-10	r9070: More fields in ejs credentials object.	Rafal Szczesniak	1	-0/+56
	rafal (This used to be commit e819c035f79477b5dd8ee62292a18c9e8532c9f7)
2007-10-10	r9059: add a basic credentials object for mimir	Andrew Tridgell	1	-0/+107
	(This used to be commit 36a9277e878d4db599fcfc02b96d2aaeac0b74dd)