summaryrefslogtreecommitdiff
path: root/src/providers/krb5/krb5_common.h
AgeCommit message (Collapse)AuthorFilesLines
2012-10-26Add new call find_or_guess_upn()Sumit Bose1-1/+2
With the current approach the upn was either a pointer to a const string in a ldb_message or a string created with the help of talloc. This new function always makes it a talloc'ed value. Additionally krb5_get_simple_upn() is enhanced to handle sub-domains as well.
2012-10-26krb5_auth: check if principal belongs to a different realmSumit Bose1-0/+4
Add a flag if the principal used for authentication does not belong to our realm. This can be used to act differently for users from other realms.
2012-08-01Primary server support: new options in krb5 providerJan Zeleny1-0/+2
This patch adds support for new config options krb5_backup_server and krb5_backup_kpasswd. The description of this option's functionality is included in man page in one of previous patches.
2012-08-01Primary server support: krb5 adaptationJan Zeleny1-1/+3
This patch adds support for the primary server functionality into krb5 provider. No backup servers are added at the moment, just the basic support is in place.
2012-07-06AD: Add AD auth and chpass providersStephen Gallagher1-0/+4
These new providers take advantage of existing code for the KRB5 provider, providing sensible defaults for operating against an Active Directory 2008 R2 or later server.
2012-07-06KRB5: Drop memctx parameter of krb5_try_kdcipStephen Gallagher1-3/+2
This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels.
2012-06-14Add a credential cache back end structureJakub Hrozek1-0/+3
To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
2011-11-02Add support to request canonicalization on krb AS requestsJan Zeleny1-0/+2
https://fedorahosted.org/sssd/ticket/957
2011-07-13Remove unused krb5_service structure memberJakub Hrozek1-1/+0
2011-04-25Allow new option to specify principal for FASTJan Zeleny1-0/+2
https://fedorahosted.org/sssd/ticket/700
2010-12-20Serialize requests of the same user in the krb5 providerSumit Bose1-0/+2
2010-12-07Replace krb5_kdcip by krb5_server in LDAP providerSumit Bose1-1/+2
2010-12-07Add support for FAST in krb5 providerSumit Bose1-1/+5
2010-12-03Add support for automatic Kerberos ticket renewalSumit Bose1-0/+3
2010-12-03krb5_child returns TGT lifetimeSumit Bose1-0/+7
2010-12-03Add krb5_lifetime optionSumit Bose1-0/+2
2010-12-03Add krb5_renewable_lifetime optionSumit Bose1-0/+2
2010-11-04Add krb5_get_simple_upn()Sumit Bose1-0/+2
2010-10-19Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.Jan Zeleny1-0/+3
For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
2010-10-13Initialize kerberos service for GSSAPIJakub Hrozek1-0/+6
2010-06-14Remove krb5_changepw_principal optionJakub Hrozek1-2/+0
Fixes: #531
2010-05-27Refactor krb5 SIGTERM handler installationSumit Bose1-0/+3
2010-05-27Add callback to remove krb5 info files when going offlineSumit Bose1-0/+52
2010-05-27Revert "Create kdcinfo and kpasswdinfo file at startup"Sumit Bose1-1/+0
This reverts commit f3c31d11bf365eb6a79c4f698667915a4c81eeb7.
2010-05-26Add support for delayed kinit if offlineSumit Bose1-0/+1
If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
2010-05-07Use service discovery in backendsJakub Hrozek1-2/+2
Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
2010-05-07Create kdcinfo and kpasswdinfo file at startupSumit Bose1-0/+1
2010-05-07Clean up kdcinfo and kpasswdinfo files when exitingStephen Gallagher1-0/+7
2010-03-12Add krb5_kpasswd optionSumit Bose1-1/+7
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+72
Also update BUILD.txt