summaryrefslogtreecommitdiff
path: root/server/providers/krb5
AgeCommit message (Collapse)AuthorFilesLines
2009-10-12fix a wrong argument to unpack_bufferSumit Bose1-18/+40
- the patch to handle short read introduced a new variable len to store the amount of data read. Instead of using this variable unpack_buffer was called with the old variable ret. Thanks to mnagy@redhat.com for finding this. - this patch also fixes a potential error when the message size is equal to the buffer size.
2009-10-09use the correct kerberos context for each targetSumit Bose1-4/+33
- when the kerberos provider was used as a chpass_provider but not as auth_provider the backend died
2009-10-05handle expired password during authenticationSumit Bose1-2/+25
2009-09-25remove krb5_try_simple_upn option and make it a default fallbackSumit Bose2-9/+1
2009-09-25fix possible short reads in kerberos providerSumit Bose2-15/+46
2009-09-25Upgrade confdb to version 2Stephen Gallagher1-7/+10
This converts a great many configuration options to the new standard format.
2009-09-24added support for older MIT kerberos versionssbose3-7/+37
- make the build of the locator plugin optional - added a man page for the locator plugin - use krb5.h if krb5/krb5.h cannot be found - added alternatives for missing functions - set -DDBUS_API_SUBJECT_TO_CHANGE if libdbus version is lesser than 1.0.0
2009-09-23Revert "Use syslog for logging error conditions in SSSD"Stephen Gallagher1-2/+2
This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d. Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made use of the SYSLOG_ERROR() macro, so those portions of that code also needed to be reverted.
2009-09-21Use syslog for logging error conditions in SSSDJakub Hrozek1-2/+2
This is just a band-aid until ELAPI is fully functional and ready to use.
2009-09-14added child timeout handlerSumit Bose2-6/+90
2009-09-14fix the wrong usage of an offsetSumit Bose1-1/+1
2009-09-14add krb5ccache_dir and krb5ccname_template optionSumit Bose5-50/+356
The configuration options krb5ccache_dir and krb5ccname_template are added to the Kerberos provider to create the user's credential caches the same way as pam_krb5 does. Due to the design of the sssd and the supported ccache types of MIT Kerberos only files are allowed.
2009-09-14Make the offline status backend-globalSimo Sorce1-4/+13
Add helpers functions to query/set the offline status per backend. Now all providers share the same offline status.
2009-09-11use fork+exec for kerberos helperSumit Bose3-193/+463
2009-09-11add change password target to krb5 backendSumit Bose4-207/+447
2009-08-28send SSSD_REALM and SSSD_KDCIP environment to the clientSumit Bose1-2/+31
Currently the kerberos locator plugin needs these two variables to be set to find a KDC which is configured in sssd but not in /etc/krb5.conf.
2009-08-24some UPN handling fixesSumit Bose2-23/+12
- making the realm part upper case is now optional and done in the LDAP backend - using a username@realm UPN is now optional
2009-08-21use stored upn if availableSumit Bose1-20/+101
If a user principle name (upn) can be found in sysdb the krb5 backend will use this otherwise is build as username@realm. It is checked that the realm is upper case only.
2009-08-11Make socket paths a compile-time optionStephen Gallagher1-1/+0
Previously, we had hardcoded the paths for the NSS, PAM and private PAM sockets to /var/lib/sss/pipes. With this patch, we will specify the sockets with --with-pipe-path.
2009-08-05Consolidate tevent helpersJakub Hrozek1-16/+0
2009-07-20add infrastructure to handle new backend targetsSumit Bose1-4/+5
2009-07-10let krb5 backend safe valid credentials for offline authenticationSumit Bose1-0/+43
2009-07-08fix return code of krb5 child to indicate that the kdc is unavailableSumit Bose1-1/+5
2009-07-03Cleanup warnings in client and server codeSimo Sorce1-3/+0
2009-07-02added kerberos backend with tevent_req event handlingSumit Bose3-0/+837