summaryrefslogtreecommitdiff
path: root/src/providers/krb5/krb5_auth.h
AgeCommit message (Collapse)AuthorFilesLines
2012-12-04Fix tevent_req style for krb5_authSimo Sorce1-3/+3
No functionality changes, just make the code respect the tevent_req style and naming conventions and enhance readability by adding some helper functions.
2012-10-26Use find_or_guess_upn() where neededSumit Bose1-1/+1
2012-10-26krb5_child: send back the client principalSumit Bose1-0/+1
In general Kerberos is case sensitive but the KDC of Active Directory typically handles request case in-sensitive. In the case where we guess a user principal by combining the user name and the realm and are not sure about the cases of the letters used in the user name we might get a valid ticket from the AD KDC but are not able to access it with the Kerberos client library because we assume a wrong case. The client principal in the returned credentials will always have the right cases. To be able to update the cache user principal name the krb5_child will return the principal for further processing.
2012-10-26krb5_auth: check if principal belongs to a different realmSumit Bose1-0/+1
Add a flag if the principal used for authentication does not belong to our realm. This can be used to act differently for users from other realms.
2012-06-14Add a credential cache back end structureJakub Hrozek1-0/+1
To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
2012-06-14Split parse_krb5_child_response so it can be reusedJakub Hrozek1-0/+11
krb5-child-test will be another consumer. It also makes the code more readable by splitting a huge function.
2011-12-19Move child_common routines to utilStephen Gallagher1-1/+1
2010-12-20Serialize requests of the same user in the krb5 providerSumit Bose1-0/+6
2010-12-20Fixes for automatic ticket renewalSumit Bose1-1/+2
- do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes
2010-12-03Add support for automatic Kerberos ticket renewalSumit Bose1-0/+5
2010-11-04Make handle_child_* request publicSumit Bose1-6/+8
I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit.
2010-11-04Make krb5_setup() publicSumit Bose1-0/+3
2010-11-04Add infrastructure for Kerberos access providerSumit Bose1-0/+8
2010-06-14Remove krb5_changepw_principal optionJakub Hrozek1-1/+0
Fixes: #531
2010-05-27Add callback to remove krb5 info files when going offlineSumit Bose1-40/+0
2010-05-26Fix handling of ccache file when going offlineSumit Bose1-0/+1
The ccache file was removed too early if system is offline but the backend was not already marked offline. Now we remove the ccache file only if the successfully got a new one and it is not the same as the old one.
2010-05-26Add support for delayed kinit if offlineSumit Bose1-0/+10
If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
2010-05-16Make Kerberos authentication a tevent_reqSumit Bose1-1/+6
To allow other providers to include Kerberos authentication the main part is put into a tevent request.
2010-03-12Add krb5_kpasswd optionSumit Bose1-0/+2
2010-03-11Add expandable sequences to krb5_ccachedirSumit Bose1-0/+6
As with krb5_ccname_template sequences like %u can be used in the krb5_ccachedir parameter which are expanded at runtime. If the directory does not exist, it will be created. Depending on the used sequences it is created as a public or private directory.
2010-02-19Remove unneeded items from struct pam_dataSumit Bose1-0/+3
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+91
Also update BUILD.txt