summaryrefslogtreecommitdiff
path: root/src/util/sss_krb5.c
AgeCommit message (Collapse)AuthorFilesLines
2012-04-05Clean up log messages about keytab_nameStephen Gallagher1-11/+19
There were many places where we were printing (null) to the logs because a NULL keytab name tells libkrb5 to use its configured default instead of a particular path. This patch should clean up all uses of this to print "default" in the logs. https://fedorahosted.org/sssd/ticket/1288
2012-03-29Fix off-by-one error in principal selectionJakub Hrozek1-3/+3
https://fedorahosted.org/sssd/ticket/1269
2012-03-26Always initialize the returned data in sss_krb5_princ_realm()Sumit Bose1-0/+3
2012-01-17Raise the debug level of two very noisy statementsStephen Gallagher1-2/+3
2011-12-22Add compatibility layer for Heimdal Kerberos implementationStephen Gallagher1-12/+58
2011-11-02Add wrapper for krb5_get_init_creds_opt_set_canonicalizeJan Zeleny1-0/+10
2011-05-16Fixed unitialized pointer in select_principal_from_keytabJan Zeleny1-1/+1
https://fedorahosted.org/sssd/ticket/857
2011-05-16Fixed unitialized return value in match_principalJan Zeleny1-2/+1
https://fedorahosted.org/sssd/ticket/858
2011-05-05Added some kerberos functions for building on RHEL5Jan Zeleny1-5/+178
2011-04-25Modify principal selection for keytab authenticationJan Zeleny1-2/+172
Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-25Extend and move function for finding principal in keytabJan Zeleny1-0/+155
The function now supports finding principal in keytab not only based on realm, but based on both realm and primary/instance parts. The function also supports * wildcard at the beginning or at the end of primary principal part. The function for finding principal has been moved to util/sss_krb5.c, so it can be used in other parts of the code.
2010-12-17Fix unchecked return value in sss_krb5_verify_keytab_exStephen Gallagher1-1/+8
https://fedorahosted.org/sssd/ticket/711
2010-12-07Add support for FAST in krb5 providerSumit Bose1-0/+48
2010-11-18Add missing error codeSumit Bose1-0/+1
2010-09-23Use new MIT krb5 API for better password expiration warningsSumit Bose1-1/+14
2010-08-03Validate keytab at startupJakub Hrozek1-0/+153
In addition to validating the keytab everytime a TGT is requested, we also validate the keytab on back end startup to give early warning that the keytab is not usable. Fixes: #556
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+196
Also update BUILD.txt