summaryrefslogtreecommitdiff
path: root/src/providers/krb5/krb5_common.c
AgeCommit message (Collapse)AuthorFilesLines
2011-12-19Securely set umask when using mkstempStephen Gallagher1-0/+3
Coverity 12394, 12395, 12396, 12397 and 12398
2011-11-22Fixed unchecked value of setenv() in check_and_export_options()Jan Zeleny1-2/+5
https://fedorahosted.org/sssd/ticket/1080
2011-11-02Add support to request canonicalization on krb AS requestsJan Zeleny1-1/+8
https://fedorahosted.org/sssd/ticket/957
2011-07-21Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek1-1/+1
2011-07-13Remove unused krb5_service structure memberJakub Hrozek1-4/+1
2011-07-11Escape IP address in kdcinfoJakub Hrozek1-4/+26
https://fedorahosted.org/sssd/ticket/909
2011-06-15Switch resolver to using resolv_hostent and honor TTLJakub Hrozek1-1/+1
2011-06-02Add utility function to return IP address as stringJakub Hrozek1-9/+2
2011-04-25Allow new option to specify principal for FASTJan Zeleny1-1/+11
https://fedorahosted.org/sssd/ticket/700
2010-12-14Fix incorrect return value on failure in check_and_export_options()Sumit Bose1-0/+1
https://fedorahosted.org/sssd/ticket/722
2010-12-07Replace krb5_kdcip by krb5_server in LDAP providerSumit Bose1-6/+8
2010-12-07Add support for FAST in krb5 providerSumit Bose1-2/+22
2010-12-03Allow krb5 lifetime values without a unitSumit Bose1-36/+65
2010-12-03Add support for automatic Kerberos ticket renewalSumit Bose1-1/+2
2010-12-03Add krb5_lifetime optionSumit Bose1-1/+21
2010-12-03Add krb5_renewable_lifetime optionSumit Bose1-1/+23
2010-12-01Allow protocol fallback for SRV queriesJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/691
2010-11-04Add krb5_get_simple_upn()Sumit Bose1-0/+25
2010-10-19Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.Jan Zeleny1-1/+44
For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
2010-10-13Initialize kerberos service for GSSAPIJakub Hrozek1-1/+1
2010-09-28Suppress some 'may be used uninitialized' warningsSumit Bose1-6/+12
Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
2010-06-30Add dns_discovery_domain optionJakub Hrozek1-1/+1
The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
2010-06-14Remove krb5_changepw_principal optionJakub Hrozek1-27/+0
Fixes: #531
2010-06-10Properly handle read() and write() throughout the SSSDStephen Gallagher1-7/+18
We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
2010-05-27Refactor krb5 SIGTERM handler installationSumit Bose1-0/+33
2010-05-27Add callback to remove krb5 info files when going offlineSumit Bose1-0/+97
2010-05-27Refactor krb5_finalize()Sumit Bose1-12/+27
2010-05-27Revert "Create kdcinfo and kpasswdinfo file at startup"Sumit Bose1-40/+1
This reverts commit f3c31d11bf365eb6a79c4f698667915a4c81eeb7.
2010-05-26Add support for delayed kinit if offlineSumit Bose1-1/+2
If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
2010-05-16New version of IPA auth and password migrationSumit Bose1-2/+2
The current version modified some global structures to be able to use Kerberos and LDAP authentication during the IPA password migration. This new version only uses tevent requests. Additionally the ipaMigrationEnabled attribute is read from the IPA server to see if password migration is allowed or not.
2010-05-07Use service discovery in backendsJakub Hrozek1-0/+21
Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
2010-05-07Create kdcinfo and kpasswdinfo file at startupSumit Bose1-1/+40
2010-05-07Clean up kdcinfo and kpasswdinfo files when exitingStephen Gallagher1-0/+40
2010-03-12Add krb5_kpasswd optionSumit Bose1-17/+95
2010-03-11Write the IP address of the KDC to the kdcinfo fileSumit Bose1-16/+10
2010-03-11Add expandable sequences to krb5_ccachedirSumit Bose1-13/+0
As with krb5_ccname_template sequences like %u can be used in the krb5_ccachedir parameter which are expanded at runtime. If the directory does not exist, it will be created. Depending on the used sequences it is created as a public or private directory.
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+356
Also update BUILD.txt