summaryrefslogtreecommitdiff
path: root/src/providers/krb5
AgeCommit message (Collapse)AuthorFilesLines
2011-04-25Allow new option to specify principal for FASTJan Zeleny3-4/+55
https://fedorahosted.org/sssd/ticket/700
2011-04-25Extend and move function for finding principal in keytabJan Zeleny1-80/+2
The function now supports finding principal in keytab not only based on realm, but based on both realm and primary/instance parts. The function also supports * wildcard at the beginning or at the end of primary principal part. The function for finding principal has been moved to util/sss_krb5.c, so it can be used in other parts of the code.
2011-04-19Always generate kpasswdinfo fileStephen Gallagher1-2/+1
Previously, we only generated it when performing a password change, but this didn't play nicely with kpasswd.
2011-03-08Remove unused sysdb_attrs objectJan Zeleny1-8/+0
2011-02-22Check ccache file for renewable TGTs at startupSumit Bose3-0/+241
2011-02-18Remove renewal item if it is not re-addedSumit Bose1-1/+34
2010-12-21Fix potential NULL-dereference in krb5_auth_done()Sumit Bose1-3/+3
https://fedorahosted.org/sssd/ticket/745
2010-12-20Serialize requests of the same user in the krb5 providerSumit Bose4-0/+239
2010-12-20Fixes for automatic ticket renewalSumit Bose4-44/+100
- do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes
2010-12-14Fix incorrect return value on failure in check_and_export_options()Sumit Bose1-0/+1
https://fedorahosted.org/sssd/ticket/722
2010-12-08Fix build issue with older Kerberos librarySumit Bose1-2/+2
2010-12-07Replace krb5_kdcip by krb5_server in LDAP providerSumit Bose2-7/+10
2010-12-07Add support for FAST in krb5 providerSumit Bose5-13/+344
2010-12-07Refactor krb5_child to make helpers more flexibleSumit Bose1-20/+36
2010-12-03Allow krb5 lifetime values without a unitSumit Bose1-36/+65
2010-12-03Add support for automatic Kerberos ticket renewalSumit Bose7-1/+420
2010-12-03krb5_child returns TGT lifetimeSumit Bose3-0/+57
2010-12-03Add krb5_lifetime optionSumit Bose3-2/+38
2010-12-03Add krb5_renewable_lifetime optionSumit Bose3-2/+42
2010-12-03Check authtok type for krb5 auth and chpassSumit Bose1-0/+12
2010-12-03Add a renew task to krb5_childSumit Bose1-0/+87
2010-12-03Send authtok_type to krb5_childSumit Bose2-2/+6
2010-12-01Allow protocol fallback for SRV queriesJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/691
2010-11-04Call krb5_child to check access permissionsSumit Bose1-4/+121
2010-11-04Make handle_child_* request publicSumit Bose3-325/+429
I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit.
2010-11-04Add krb5_kuserok() access check to krb5_childSumit Bose1-17/+73
2010-11-04Make krb5_setup() publicSumit Bose3-6/+8
2010-11-04Add krb5_get_simple_upn()Sumit Bose3-6/+30
2010-11-04Add infrastructure for Kerberos access providerSumit Bose4-26/+184
2010-11-04Store krb5 auth context for other targetsSumit Bose1-1/+2
2010-11-01Fix two return value checksSumit Bose1-2/+2
2010-11-01Fix incorrect free of req in krb5_auth.cStephen Gallagher1-1/+1
2010-10-19Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.Jan Zeleny3-2/+48
For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
2010-10-13Initialize kerberos service for GSSAPIJakub Hrozek2-1/+7
2010-09-28Suppress some 'may be used uninitialized' warningsSumit Bose1-6/+12
Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
2010-09-23Use new MIT krb5 API for better password expiration warningsSumit Bose1-0/+51
2010-09-08Dead assignments cleanup in providers codeJan Zeleny1-1/+0
Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586
2010-09-02Fixed potential comparison of undefined variableJan Zeleny1-0/+1
If the allocation on line 678 failed, the value of ret was undefined in following comparison. ENOMEM is now assigned before the comparison. Ticket: #578
2010-06-30Add dns_discovery_domain optionJakub Hrozek1-1/+1
The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
2010-06-16Standardize on correct spelling of "principal" for krb5Stephen Gallagher2-4/+4
https://fedorahosted.org/sssd/ticket/542
2010-06-14Remove krb5_changepw_principal optionJakub Hrozek4-42/+22
Fixes: #531
2010-06-10Properly handle read() and write() throughout the SSSDStephen Gallagher1-7/+18
We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
2010-06-09Add a missing initializerSumit Bose1-1/+1
2010-06-06Initialize pam_data in Kerberos child.Sumit Bose1-1/+1
2010-05-27Refactor krb5 SIGTERM handler installationSumit Bose3-14/+39
2010-05-27Add callback to remove krb5 info files when going offlineSumit Bose4-40/+156
2010-05-27Refactor krb5_finalize()Sumit Bose1-12/+27
2010-05-27Revert "Create kdcinfo and kpasswdinfo file at startup"Sumit Bose2-41/+1
This reverts commit f3c31d11bf365eb6a79c4f698667915a4c81eeb7.
2010-05-26Fix handling of ccache file when going offlineSumit Bose2-32/+76
The ccache file was removed too early if system is offline but the backend was not already marked offline. Now we remove the ccache file only if the successfully got a new one and it is not the same as the old one.
2010-05-26Add support for delayed kinit if offlineSumit Bose6-27/+425
If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.