| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2011-04-25 | Allow new option to specify principal for FAST | Jan Zeleny | 3 | -4/+55 | |
| https://fedorahosted.org/sssd/ticket/700 | |||||
| 2011-04-25 | Extend and move function for finding principal in keytab | Jan Zeleny | 1 | -80/+2 | |
| The function now supports finding principal in keytab not only based on realm, but based on both realm and primary/instance parts. The function also supports * wildcard at the beginning or at the end of primary principal part. The function for finding principal has been moved to util/sss_krb5.c, so it can be used in other parts of the code. | |||||
| 2011-04-19 | Always generate kpasswdinfo file | Stephen Gallagher | 1 | -2/+1 | |
| Previously, we only generated it when performing a password change, but this didn't play nicely with kpasswd. | |||||
| 2011-03-08 | Remove unused sysdb_attrs object | Jan Zeleny | 1 | -8/+0 | |
| 2011-02-22 | Check ccache file for renewable TGTs at startup | Sumit Bose | 3 | -0/+241 | |
| 2011-02-18 | Remove renewal item if it is not re-added | Sumit Bose | 1 | -1/+34 | |
| 2010-12-21 | Fix potential NULL-dereference in krb5_auth_done() | Sumit Bose | 1 | -3/+3 | |
| https://fedorahosted.org/sssd/ticket/745 | |||||
| 2010-12-20 | Serialize requests of the same user in the krb5 provider | Sumit Bose | 4 | -0/+239 | |
| 2010-12-20 | Fixes for automatic ticket renewal | Sumit Bose | 4 | -44/+100 | |
| - do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes | |||||
| 2010-12-14 | Fix incorrect return value on failure in check_and_export_options() | Sumit Bose | 1 | -0/+1 | |
| https://fedorahosted.org/sssd/ticket/722 | |||||
| 2010-12-08 | Fix build issue with older Kerberos library | Sumit Bose | 1 | -2/+2 | |
| 2010-12-07 | Replace krb5_kdcip by krb5_server in LDAP provider | Sumit Bose | 2 | -7/+10 | |
| 2010-12-07 | Add support for FAST in krb5 provider | Sumit Bose | 5 | -13/+344 | |
| 2010-12-07 | Refactor krb5_child to make helpers more flexible | Sumit Bose | 1 | -20/+36 | |
| 2010-12-03 | Allow krb5 lifetime values without a unit | Sumit Bose | 1 | -36/+65 | |
| 2010-12-03 | Add support for automatic Kerberos ticket renewal | Sumit Bose | 7 | -1/+420 | |
| 2010-12-03 | krb5_child returns TGT lifetime | Sumit Bose | 3 | -0/+57 | |
| 2010-12-03 | Add krb5_lifetime option | Sumit Bose | 3 | -2/+38 | |
| 2010-12-03 | Add krb5_renewable_lifetime option | Sumit Bose | 3 | -2/+42 | |
| 2010-12-03 | Check authtok type for krb5 auth and chpass | Sumit Bose | 1 | -0/+12 | |
| 2010-12-03 | Add a renew task to krb5_child | Sumit Bose | 1 | -0/+87 | |
| 2010-12-03 | Send authtok_type to krb5_child | Sumit Bose | 2 | -2/+6 | |
| 2010-12-01 | Allow protocol fallback for SRV queries | Jakub Hrozek | 1 | -1/+1 | |
| https://fedorahosted.org/sssd/ticket/691 | |||||
| 2010-11-04 | Call krb5_child to check access permissions | Sumit Bose | 1 | -4/+121 | |
| 2010-11-04 | Make handle_child_* request public | Sumit Bose | 3 | -325/+429 | |
| I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit. | |||||
| 2010-11-04 | Add krb5_kuserok() access check to krb5_child | Sumit Bose | 1 | -17/+73 | |
| 2010-11-04 | Make krb5_setup() public | Sumit Bose | 3 | -6/+8 | |
| 2010-11-04 | Add krb5_get_simple_upn() | Sumit Bose | 3 | -6/+30 | |
| 2010-11-04 | Add infrastructure for Kerberos access provider | Sumit Bose | 4 | -26/+184 | |
| 2010-11-04 | Store krb5 auth context for other targets | Sumit Bose | 1 | -1/+2 | |
| 2010-11-01 | Fix two return value checks | Sumit Bose | 1 | -2/+2 | |
| 2010-11-01 | Fix incorrect free of req in krb5_auth.c | Stephen Gallagher | 1 | -1/+1 | |
| 2010-10-19 | Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip. | Jan Zeleny | 3 | -2/+48 | |
| For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543 | |||||
| 2010-10-13 | Initialize kerberos service for GSSAPI | Jakub Hrozek | 2 | -1/+7 | |
| 2010-09-28 | Suppress some 'may be used uninitialized' warnings | Sumit Bose | 1 | -6/+12 | |
| Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c. | |||||
| 2010-09-23 | Use new MIT krb5 API for better password expiration warnings | Sumit Bose | 1 | -0/+51 | |
| 2010-09-08 | Dead assignments cleanup in providers code | Jan Zeleny | 1 | -1/+0 | |
| Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586 | |||||
| 2010-09-02 | Fixed potential comparison of undefined variable | Jan Zeleny | 1 | -0/+1 | |
| If the allocation on line 678 failed, the value of ret was undefined in following comparison. ENOMEM is now assigned before the comparison. Ticket: #578 | |||||
| 2010-06-30 | Add dns_discovery_domain option | Jakub Hrozek | 1 | -1/+1 | |
| The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479 | |||||
| 2010-06-16 | Standardize on correct spelling of "principal" for krb5 | Stephen Gallagher | 2 | -4/+4 | |
| https://fedorahosted.org/sssd/ticket/542 | |||||
| 2010-06-14 | Remove krb5_changepw_principal option | Jakub Hrozek | 4 | -42/+22 | |
| Fixes: #531 | |||||
| 2010-06-10 | Properly handle read() and write() throughout the SSSD | Stephen Gallagher | 1 | -7/+18 | |
| We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output. | |||||
| 2010-06-09 | Add a missing initializer | Sumit Bose | 1 | -1/+1 | |
| 2010-06-06 | Initialize pam_data in Kerberos child. | Sumit Bose | 1 | -1/+1 | |
| 2010-05-27 | Refactor krb5 SIGTERM handler installation | Sumit Bose | 3 | -14/+39 | |
| 2010-05-27 | Add callback to remove krb5 info files when going offline | Sumit Bose | 4 | -40/+156 | |
| 2010-05-27 | Refactor krb5_finalize() | Sumit Bose | 1 | -12/+27 | |
| 2010-05-27 | Revert "Create kdcinfo and kpasswdinfo file at startup" | Sumit Bose | 2 | -41/+1 | |
| This reverts commit f3c31d11bf365eb6a79c4f698667915a4c81eeb7. | |||||
| 2010-05-26 | Fix handling of ccache file when going offline | Sumit Bose | 2 | -32/+76 | |
| The ccache file was removed too early if system is offline but the backend was not already marked offline. Now we remove the ccache file only if the successfully got a new one and it is not the same as the old one. | |||||
| 2010-05-26 | Add support for delayed kinit if offline | Sumit Bose | 6 | -27/+425 | |
| If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used. | |||||
 |
index : sssd | |
| System Security Services Daemon | ben |
| summaryrefslogtreecommitdiff |