diff options
author | Matt Rogers <mrogers@redhat.com> | 2017-02-28 15:55:24 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2017-03-23 13:11:09 -0400 |
commit | b619ce84470519bea65470be3263cd85fba94f57 (patch) | |
tree | 697178fa4f7eb7c1b2e1ccb6de6503fb7cf7ad13 /src/configure.in | |
parent | 7027788ae6adbd06d5a16de6ee62e489a4dca68b (diff) | |
download | krb5-b619ce84470519bea65470be3263cd85fba94f57.zip krb5-b619ce84470519bea65470be3263cd85fba94f57.tar.gz krb5-b619ce84470519bea65470be3263cd85fba94f57.tar.bz2 |
Add certauth pluggable interface
Add the header include/krb5/certauth_plugin.h, defining a pluggable
interface to control authorization of PKINIT client certificates.
Add the "pkinit_san" and "pkinit_eku" builtin certauth modules and
related PKINIT crypto X.509 helper functions. Add authorize_cert() as
the entry function for certauth plugin module checks called in
pkinit_server_verify_padata(). Modify kdcpreauth_moddata to hold the
list of certauth module handles, and load the modules when the PKINIT
kdcpreauth server plugin is initialized. Change
crypto_retrieve_X509_sans() to return ENOENT when no SAN is found.
Add test modules in plugins/certauth/test. Create t_certauth.py with
basic certauth tests. Add plugin interface documentation in
doc/plugindev/certauth.rst and doc/admin/krb5_conf.rst.
[ghudson@mit.edu: simplified code, edited docs]
ticket: 8561 (new)
Diffstat (limited to 'src/configure.in')
-rw-r--r-- | src/configure.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/configure.in b/src/configure.in index 853e7bb..fa4bc84 100644 --- a/src/configure.in +++ b/src/configure.in @@ -1458,6 +1458,7 @@ dnl ccapi ccapi/lib ccapi/lib/unix ccapi/server ccapi/server/unix ccapi/test kdc slave config-files build-tools man doc include + plugins/certauth/test plugins/hostrealm/test plugins/localauth/test plugins/kadm5_hook/test |