5dcf3ffa3aa228701a79556dc0b889dba0aac535 |
|
07-Dec-2014 |
Sumit Bose <sbose@redhat.com> |
krb5: add wrapper for krb5_kt_have_content()
krb5_kt_have_content() was introduced in MIT Kerberos 1.11. For older
platforms this patch adds sss_krb5_kt_have_content() as a wrapper.
Resolves https://fedorahosted.org/sssd/ticket/2518
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
8a5e793a0576250da80371e53aa3e7eba15cdb63 |
|
02-Sep-2014 |
Sumit Bose <sbose@redhat.com> |
Add conditional build for MIT Kerberos localauth plugin
This patch adds everything what is needed to build the MIT Kerberos
localauth plugin if the used version of MIT Kerberos supports it. It
does not implement the plugin.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
22091abbe7b4a5667f62603dfd875e9ec6adf789 |
|
19-Feb-2014 |
Alexey Shabalin <shaba@altlinux.ru> |
Use KRB5_CFLAGS where appropriate
There are cases when MIT Kerberos is installed with includes in a subdirectory of /usr/include (or /usr/local/include).
In such case we have to properly use KRB5_CFLAGS to reach them.
https://fedorahosted.org/sssd/ticket/2226
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
36ccdecd053a9ad88dce86b8c84770dc2aa11d21 |
|
09-Sep-2013 |
Simo Sorce <simo@redhat.com> |
tests: Add dlopen test to make sure modules works
This tests dlopens and resolves all symbols to make sure there are no missing
symbols in our provider modules. |
711f8acc0f520487060c308870f70dbbfa84f272 |
|
09-Sep-2013 |
Lukas Slebodnik <lslebodn@redhat.com> |
AUTOTOOLS: Add missing AC_MSG_RESULT
AC_MSG_RESULT was not used everywhere after AC_MSG_CHECKING.
Therefore two lines from configure output was mixed in some cases. |
edaa983d094c239c3e1ba667bcd20ed3934be3b8 |
|
22-Apr-2013 |
Sumit Bose <sbose@redhat.com> |
Allow usage of enterprise principals
Enterprise principals are currently most useful for the AD provider and
hence enabled here by default while for the other Kerberos based
authentication providers they are disabled by default.
If additional UPN suffixes are configured for the AD domain the user
principal stored in the AD LDAP server might not contain the real
Kerberos realm of the AD domain but one of the additional suffixes which
might be completely randomly chooses, e.g. are not related to any
existing DNS domain. This make it hard for a client to figure out the
right KDC to send requests to.
To get around this enterprise principals (see
http://tools.ietf.org/html/rfc6806 for details) were introduced.
Basically a default realm is added to the principal so that the Kerberos
client libraries at least know where to send the request to. It is not
in the responsibility of the KDC to either handle the request itself,
return a client referral if he thinks a different KDC can handle the
request or return and error. This feature is also use to allow
authentication in AD environments with cross forest trusts.
Fixes https://fedorahosted.org/sssd/ticket/1842 |
b40583c6d52b72e41bf01106534535e54b4fba4f |
|
08-Mar-2013 |
Nathaniel McCallum <npmccallum@redhat.com> |
Add support for krb5 1.11's responder callback.
krb5 1.11 adds support for a new method for responding to
structured data queries. This method, called the responder,
provides an alternative to the prompter interface.
This patch adds support for this method. It takes the password
and provides it via a responder instead of the prompter. In the
case of OTP authentication, it also disables the caching of
credentials (since the credentials are one-time only). |
4e78fab6a1b2e9653a7959cbdb7d54bb750041d0 |
|
11-Feb-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
krb5: include backwards compatible declaration of krb5_trace_info
krb5-1.10 used to include "struct krb5_trace_info", now krb5-1.11
includes a "krb5_trace_info" typedefed from "struct _krb5_trace_info".
Do the same in the SSSD to allow compiling with both 1.10 and 1.11. |
7219ef88751bb05edd77629b8068330bb6d9b117 |
|
26-Oct-2012 |
Sumit Bose <sbose@redhat.com> |
Add replacement for krb5_find_authdata()
krb5_find_authdata() is only available in MIT Kerberos 1.10 or higher.
To allow sssd to be compiled on platform with lower version of MIT
Kerberos a replacement call is added. Please note that on those
platform the replacement call will only return an error. If the
krb5_find_authdata functionality is really needed on those platform it
must be implemented by a different patch. |
c5e4d4e9a3f6896f0f3c631ea26bb49a79b5cd8e |
|
12-Oct-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
Only call krb5_set_trace_callback on platforms that support it |
5dc9860a9f0aa626687281eed62c8af1986c2b99 |
|
09-Jul-2012 |
Rambaldi <gentoo@xs4me.net> |
heimdal: fix compile error in krb5-child-test |
6ca87e797982061576885f944e2ccfaba9573897 |
|
15-Jun-2012 |
Stephen Gallagher <sgallagh@redhat.com> |
KRB5: Auto-detect DIR cache support in configure
We can't support the DIR cache features in systems with kerberos
libraries older than 1.10. Make sure we don't build it on those
systems. |
7efbb82f43d5b7c17c4f7a4bfc363e6bf0291281 |
|
07-May-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
Kerberos locator: Include the correct krb5.h header file
https://fedorahosted.org/sssd/ticket/1325 |
768591607fc89d3a14fa00c9c8f78e83f3f6b565 |
|
22-Dec-2011 |
Stephen Gallagher <sgallagh@redhat.com> |
Add compatibility layer for Heimdal Kerberos implementation |
20c187339201a95558a9b237af37b461665d9340 |
|
02-Nov-2011 |
Jan Zeleny <jzeleny@redhat.com> |
Add wrapper for krb5_get_init_creds_opt_set_canonicalize |
628187049e815ee54637398c8011883d762c8a64 |
|
05-May-2011 |
Jan Zeleny <jzeleny@redhat.com> |
Added some kerberos functions for building on RHEL5 |
5843ad321944a028f6dee7e1fd4f9381c4953d07 |
|
07-Dec-2010 |
Sumit Bose <sbose@redhat.com> |
Add support for FAST in krb5 provider |
047332ebbe8397a70c92e5e3a5fbd40a9d00d0b5 |
|
23-Sep-2010 |
Sumit Bose <sbose@redhat.com> |
Use new MIT krb5 API for better password expiration warnings |
c8b9cf339e84576293113df914498a80ec1989dc |
|
21-May-2010 |
Petter Reinholdtsen <pere@hungry.com> |
Remove bash-isms from configure macros |
1c48b5a62f73234ed26bb20f0ab345ab61cda0ab |
|
18-Feb-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Rename server/ directory to src/
Also update BUILD.txt |