summaryrefslogtreecommitdiff
path: root/src/external/krb5.m4
AgeCommit message (Collapse)AuthorFilesLines
2013-04-22Allow usage of enterprise principalsSumit Bose1-0/+1
Enterprise principals are currently most useful for the AD provider and hence enabled here by default while for the other Kerberos based authentication providers they are disabled by default. If additional UPN suffixes are configured for the AD domain the user principal stored in the AD LDAP server might not contain the real Kerberos realm of the AD domain but one of the additional suffixes which might be completely randomly chooses, e.g. are not related to any existing DNS domain. This make it hard for a client to figure out the right KDC to send requests to. To get around this enterprise principals (see http://tools.ietf.org/html/rfc6806 for details) were introduced. Basically a default realm is added to the principal so that the Kerberos client libraries at least know where to send the request to. It is not in the responsibility of the KDC to either handle the request itself, return a client referral if he thinks a different KDC can handle the request or return and error. This feature is also use to allow authentication in AD environments with cross forest trusts. Fixes https://fedorahosted.org/sssd/ticket/1842
2013-03-08Add support for krb5 1.11's responder callback.Nathaniel McCallum1-0/+1
krb5 1.11 adds support for a new method for responding to structured data queries. This method, called the responder, provides an alternative to the prompter interface. This patch adds support for this method. It takes the password and provides it via a responder instead of the prompter. In the case of OTP authentication, it also disables the caching of credentials (since the credentials are one-time only).
2013-02-11krb5: include backwards compatible declaration of krb5_trace_infoJakub Hrozek1-1/+1
krb5-1.10 used to include "struct krb5_trace_info", now krb5-1.11 includes a "krb5_trace_info" typedefed from "struct _krb5_trace_info". Do the same in the SSSD to allow compiling with both 1.10 and 1.11.
2012-10-26Add replacement for krb5_find_authdata()Sumit Bose1-0/+1
krb5_find_authdata() is only available in MIT Kerberos 1.10 or higher. To allow sssd to be compiled on platform with lower version of MIT Kerberos a replacement call is added. Please note that on those platform the replacement call will only return an error. If the krb5_find_authdata functionality is really needed on those platform it must be implemented by a different patch.
2012-10-12Only call krb5_set_trace_callback on platforms that support itJakub Hrozek1-0/+1
2012-07-09heimdal: fix compile error in krb5-child-testRambaldi1-0/+1
2012-06-15KRB5: Auto-detect DIR cache support in configureStephen Gallagher1-1/+3
We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
2012-05-07Kerberos locator: Include the correct krb5.h header fileJakub Hrozek1-2/+13
https://fedorahosted.org/sssd/ticket/1325
2011-12-22Add compatibility layer for Heimdal Kerberos implementationStephen Gallagher1-1/+9
2011-11-02Add wrapper for krb5_get_init_creds_opt_set_canonicalizeJan Zeleny1-0/+1
2011-05-05Added some kerberos functions for building on RHEL5Jan Zeleny1-1/+2
2010-12-07Add support for FAST in krb5 providerSumit Bose1-1/+3
2010-09-23Use new MIT krb5 API for better password expiration warningsSumit Bose1-1/+2
2010-05-21Remove bash-isms from configure macrosPetter Reinholdtsen1-1/+1
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+62
Also update BUILD.txt