aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-12-03tag krb5-1.9-beta2krb5-1.9-beta2Tom Yu0-0/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/tags/krb5-1-9-beta2@24558 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-03README and patchlevel.h for krb5-1.9-beta2Tom Yu2-2/+14
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24557 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-03pull up r24555 from trunkTom Yu2-0/+47
------------------------------------------------------------------------ r24555 | tlyu | 2010-12-03 07:34:53 -0500 (Fri, 03 Dec 2010) | 6 lines ticket: 1219 target_version: 1.9 tags: pullup Test for key rollover for TGT, including purging old keys. ticket: 1219 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24556 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-03Fix svn:eol-style propertiesTom Yu0-0/+0
ticket: 6826 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24554 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-03pull up r24469, r24530, r24533, r24534, r24535, r24537 from trunkTom Yu196-3299/+2560
------------------------------------------------------------------------ r24537 | ghudson | 2010-11-30 12:46:10 -0500 (Tue, 30 Nov 2010) | 5 lines ticket: 6826 Install gssapi_ext.h on Windows. Include gssapi_ext.h in the header files considered by def-check.pl in verify-calling-conventions-gssapi. ------------------------------------------------------------------------ r24535 | ghudson | 2010-11-26 11:37:14 -0500 (Fri, 26 Nov 2010) | 5 lines ticket: 6826 Supply static ordinals for new symbols in gssapi32.def and krb5_32.def, for consistency with KFW 3.x. ------------------------------------------------------------------------ r24534 | ghudson | 2010-11-25 15:34:06 -0500 (Thu, 25 Nov 2010) | 5 lines ticket: 6826 Fix how gssapi.h is rebuilt on Windows; accidentally omitted from r24533. ------------------------------------------------------------------------ r24533 | ghudson | 2010-11-25 15:28:30 -0500 (Thu, 25 Nov 2010) | 29 lines ticket: 6826 subject: Fix Windows build target_version: 1.9 tags: pullup Repair the Windows build. Tested with the prepare-on-Unix method. Some specific changes include: * Removed the IPC finalizer (no longer used after r20787) from ccapi/lib/ccapi_ipc.c, as it was creating a difficult dependency chain for the pingtest build in ccapi/test. Also updated pingtest to use the k5_ipc_stream interfaces since cci_stream is gone. * Reverted the apparently non-functional r20277. * klist -V prints just "Kerberos for Windows", since it has no access to PACKAGE_NAME and PACKAGE_VERSION from autoconf. This should be addressed correctly. * krb5, telnet, gssftp, and NIM are removed from the build. * Some files had CRLFs; these were replaced with LFs and the svn:eol-style property set on the files. Otherwise the CRLFs became CRCRLFs after the zip transfer. * Windows does not have opendir/readdir, so added Windows code to prof_parse.c for includedir. Probable fodder for a libkrb5support portability shim. ------------------------------------------------------------------------ r24530 | ghudson | 2010-11-23 13:50:12 -0500 (Tue, 23 Nov 2010) | 3 lines Set svn:eol-style on some Windows files and remove the CRs from their repository representations. ------------------------------------------------------------------------ r24469 | ghudson | 2010-10-21 20:01:56 -0400 (Thu, 21 Oct 2010) | 3 lines Make it possible to override CRYPTO_IMPL_CFLAGS and CRYPTO_IMPL_LIBS at make time. ticket: 6826 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24553 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-01pull up r24550 from trunkTom Yu1-2/+2
------------------------------------------------------------------------ r24550 | ghudson | 2010-12-01 17:36:38 -0500 (Wed, 01 Dec 2010) | 4 lines ticket: 6829 Correct typo in admin documentation for restrict_anonymous_to_tgt. ticket: 6829 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24552 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-01pull up r24539 from trunkTom Yu1-0/+1
------------------------------------------------------------------------ r24539 | hartmans | 2010-11-30 17:46:54 -0500 (Tue, 30 Nov 2010) | 7 lines ticket: 6828 Subject: Install kadm5_hook_plugin.h target_version: 1.9 tags: pullup Install the kadm5 hook plugin header ticket: 6828 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24551 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-01pull up r24547 from trunkTom Yu10-8/+85
------------------------------------------------------------------------ r24547 | ghudson | 2010-12-01 15:01:46 -0500 (Wed, 01 Dec 2010) | 10 lines ticket: 6829 subject: Implement restrict_anonymous_to_tgt realm flag target_version: 1.9 tags: pullup Implement a new realm flag to reject ticket requests from anonymous principals to any principal other than the local TGT. Allows FAST to be deployed using anonymous tickets as armor in realms where the set of authenticatable users must be constrained. ticket: 6829 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24549 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-01Apply ported patchTom Yu1-1/+7
If kdb5_util load (without -update) fails--say, due to an invalid dump file--it calls krb5_db_destroy to destroy the temporary DB. Unfortunately, this results in the destruction of the real DB instead. Luckily, this bug only applies to krb5 1.9, which hasn't been released yet. In krb5 1.8 the destroy operation fails before it does any damage. ticket: 6815 version_fixed: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24548 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-01pull up r24529, r24532 from trunkTom Yu3-6/+6
------------------------------------------------------------------------ r24532 | tlyu | 2010-11-23 18:51:50 -0500 (Tue, 23 Nov 2010) | 6 lines ticket: 6825 Update krb5_gic_opt_private and related code to reflect the change of krb5_expire_callback_func from a function typedef to a function pointer typedef. This was causing segfaults. ------------------------------------------------------------------------ r24529 | ghudson | 2010-11-22 23:50:40 -0500 (Mon, 22 Nov 2010) | 9 lines ticket: 6825 subject: Add missing KRB5_CALLCONV in callback declaration target_version: 1.9 tags: pullup krb5_get_init_creds_opt_set_expire_callback was correctly tagged with KRB5_CALLCONV but the corresponding callback type was not. Add that in. ticket: 6825 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24546 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-01pull up r24528 from trunkTom Yu1-0/+1
------------------------------------------------------------------------ r24528 | ghudson | 2010-11-22 23:41:08 -0500 (Mon, 22 Nov 2010) | 7 lines ticket: 6824 subject: Export krb5_tkt_creds_get target_version: 1.9 tags: pullup krb5_tkt_creds_get was overlooked in the export list; add it. ticket: 6824 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24545 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-01pull up r24526, r24527 from trunkTom Yu1-0/+1
------------------------------------------------------------------------ r24527 | ghudson | 2010-11-21 22:58:15 -0500 (Sun, 21 Nov 2010) | 4 lines ticket: 6823 Correct typo in r24526. ------------------------------------------------------------------------ r24526 | hartmans | 2010-11-21 22:33:22 -0500 (Sun, 21 Nov 2010) | 9 lines ticket: 6823 subject: getdate.y: declare yyparse target_version: 1.9 tags: pullup At least on lucid, byacc doesn't declare yyparse, which creates problems because lucid treats calls to unprototyped functions as errors. ticket: 6823 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24544 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-01pull up r24524 from trunkTom Yu43-1552/+2486
------------------------------------------------------------------------ r24524 | ghudson | 2010-11-19 19:31:46 -0500 (Fri, 19 Nov 2010) | 8 lines ticket: 6822 subject: Implement Camellia-CTS-CMAC instead of Camellia-CCM target_verion: 1.9 tags: pullup Replace the Camellia-CCM enctypes with Camellia-CTS-CMAC. Still not compiled in by default since we don't have enctype assignments yet. ticket: 6822 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24543 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-01pull up r24519 from trunkTom Yu1-1/+3
------------------------------------------------------------------------ r24519 | ghudson | 2010-11-15 21:54:26 -0500 (Mon, 15 Nov 2010) | 8 lines ticket: 6820 subject: Read KDC profile settings in kpropd target_version: 1.9 tags: pullup kpropd can modify the KDB with ulog_replay(), so it should read the KDC profile settings in case the KDB configuration is in there. ticket: 6820 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24542 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-01pull up r24518 from trunkTom Yu1-3/+17
------------------------------------------------------------------------ r24518 | ghudson | 2010-11-15 21:30:16 -0500 (Mon, 15 Nov 2010) | 12 lines ticket: 6819 subject: Handle referral realm in kprop client principal target_version: 1.9 tags: pullup kprop uses krb5_sname_to_principal() to determine its client principal. If the local hostname cannot be mapped to a realm based on the profile's domain_realm section, krb5_sname_to_principal() will (as of 1.6) return a principal with the referral realm (""), which does not work in a client principal. Handle this by substituting the default realm. ticket: 6819 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24541 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-01pull up r24538 from trunkTom Yu12-81/+82
------------------------------------------------------------------------ r24538 | ghudson | 2010-11-30 16:20:49 -0500 (Tue, 30 Nov 2010) | 27 lines ticket: 6827 subject: SA-2010-007 Checksum vulnerabilities (CVE-2010-1324 and others) Fix multiple checksum handling bugs, as described in: CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021 * Return the correct (keyed) checksums as the mandatory checksum type for DES enctypes. * Restrict simplified-profile checksums to their corresponding etypes. * Add internal checks to reduce the risk of stream ciphers being used with simplified-profile key derivation or other algorithms relying on the block encryption primitive. * Use the mandatory checksum type for the PKINIT KDC signature, instead of the first-listed keyed checksum. * Use the mandatory checksum type when sending KRB-SAFE messages by default, instead of the first-listed keyed checksum. * Use the mandatory checksum type for the t_kperf test program. * Use the mandatory checksum type (without additional logic) for the FAST request checksum. * Preserve the existing checksum choices (unkeyed checksums for DES enctypes) for the authenticator checksum, using explicit logic. * Ensure that SAM checksums received from the KDC are keyed. * Ensure that PAC checksums are keyed. ticket: 6827 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24540 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-02krb5-1.9-beta1-postreleaseTom Yu1-2/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24504 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-02README and patchlevel.h for krb5-1.9-beta1Tom Yu2-5/+16
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24502 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-01pull up r24488 from trunkTom Yu1-10/+4
------------------------------------------------------------------------ r24488 | ghudson | 2010-10-27 13:05:05 -0400 (Wed, 27 Oct 2010) | 5 lines ticket: 6812 Don't fail out from krb5_get_credentials() if we can't store a ticket into the ccache. ticket: 6812 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24501 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-01pull up r24486 from trunkTom Yu1-0/+3
------------------------------------------------------------------------ r24486 | ghudson | 2010-10-26 13:34:41 -0400 (Tue, 26 Oct 2010) | 8 lines ticket: 6811 subject: Mark Camellia-CCM code as experimental target_version: 1.9 tags: pullup Add a comment noting that the Camellia-CCM code in 1.9 is experimental. ticket: 6811 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24500 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-01pull up r24481 from trunkTom Yu1-2/+4
------------------------------------------------------------------------ r24481 | ghudson | 2010-10-25 16:17:54 -0400 (Mon, 25 Oct 2010) | 7 lines ticket: 6796 target_version: 1.9 tags: pullup Use safer output parameter handling in krb5_gss_acquire_cred_impersonate_name and its subsidiary helpers. ticket: 6796 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24499 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-01pull up r24483 from trunkTom Yu1-0/+2
------------------------------------------------------------------------ r24483 | ghudson | 2010-10-26 10:17:38 -0400 (Tue, 26 Oct 2010) | 8 lines ticket: 6809 target_version: 1.9 tags: pullup Set *conf_state on successful return from gss_krb5int_make_seal_token_v3_iov, fixing a case where it wasn't always set by gss_wrap_iov. Patch from aberry@likewise.com. ticket: 6809 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24498 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-01pull up r24482 from trunkTom Yu5-3/+10
------------------------------------------------------------------------ r24482 | ghudson | 2010-10-25 17:55:54 -0400 (Mon, 25 Oct 2010) | 8 lines ticket: 6787 target_version: 1.9 tags: pullup When we create a temporary memory ccache for use within a krb5_gss_cred_id_rec, set a flag to indicate that the ccache should be destroyed rather than closed. Patch from aberry@likewise.com. ticket: 6787 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24497 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-01pull up r24480 from trunkTom Yu1-4/+2
------------------------------------------------------------------------ r24480 | ghudson | 2010-10-25 15:37:03 -0400 (Mon, 25 Oct 2010) | 8 lines ticket: 6793 target_version: 1.9 tags: pullup In acquire_init_cred in the GSS krb5 mech, don't intern cred->name, since it's not used as an output parameter. Fixes a memory leak. Reported by aberry@likewise.com. ticket: 6793 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24496 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-01pull up r24470 from trunkTom Yu4-10/+141
------------------------------------------------------------------------ r24470 | ghudson | 2010-10-22 20:38:17 -0400 (Fri, 22 Oct 2010) | 10 lines ticket: 6810 subject: Better libk5crypto NSS fork safety target_version: 1.9 tags: pullup Use SECMOD_RestartModules() from the forthcoming NSS 3.12.9 release to make the libk5crypto back end work after a fork. Add a test program to exercise fork detection in the NSS back end. Add a configure-time version check to ensure that we're using NSS 3.12.9 or later. ticket: 6810 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24495 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-01pull up r24467 from trunkTom Yu4-2/+30
------------------------------------------------------------------------ r24467 | hartmans | 2010-10-19 15:50:48 -0400 (Tue, 19 Oct 2010) | 8 lines ticket: 6807 subject: SecurID build support target_version: 1.9 tags: pullup Integrate SecurID into the build if libaceclnt is found. Add a README file with an example of how to build it. ticket: 6807 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24494 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-01pull up r24466 from trunkTom Yu2-29/+29
------------------------------------------------------------------------ r24466 | hartmans | 2010-10-19 15:50:42 -0400 (Tue, 19 Oct 2010) | 8 lines ticket: 6806 subject: securID error handling fix target_version: 1.9 tags: pullup In porting forward, I incorrectly used krb5_set_error_message instead of com_err. This commit reverts that change. ticket: 6806 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24493 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-01pull up r24465 from trunkTom Yu4-18/+36
------------------------------------------------------------------------ r24465 | hartmans | 2010-10-19 15:50:37 -0400 (Tue, 19 Oct 2010) | 19 lines ticket: 6805 subject: securID code fixes target_version: 1.9 tags: pullup Fixes to get securID preauth plugin working. A separate patch will address error handling and build issues. * Permit a preauth plugin to return KRB5KDC_ERR_PREAUTH_REQUIRED from the verify entry point. * If verify_securid2 fails, save the return value and return that rather than success after dealing with encoding the out_edata * Use the client key not the securid principal key for the sam checksum * indicate that securID is hardware authentication ticket: 6805 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24492 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-01pull up r24464 from trunkTom Yu8-134/+12
------------------------------------------------------------------------ r24464 | ghudson | 2010-10-19 15:08:38 -0400 (Tue, 19 Oct 2010) | 9 lines ticket: 6804 subject: Remove KDC replay cache target_version: 1.9 tags: pullup Now that SAM1 support has been removed, the KDC does not need a replay replay cache. Remove all code within USE_RCACHE and associated support. Rename --disable-kdc-replay-cache to --disable-kdc-lookaside-cache. ticket: 6804 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24491 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-01Update README and patchlevel.hTom Yu2-1/+85
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24490 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-18pull up r24462 from trunkTom Yu2-861/+914
------------------------------------------------------------------------ r24462 | tlyu | 2010-10-18 18:52:28 -0400 (Mon, 18 Oct 2010) | 5 lines ticket: 6802 Adjust copyright.texinfo to fix some TeX output issues. Also do minor cleanup. ticket: 6802 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24463 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-15pull up r24455 from trunkTom Yu8-482/+1541
------------------------------------------------------------------------ r24455 | tlyu | 2010-10-14 18:49:11 -0400 (Thu, 14 Oct 2010) | 9 lines ticket: 6802 tags: pullup subject: copyright notice updates target_version: 1.9 Update copyright.texinfo. Move full copyright notices to appendices of documentation. New rules to generate top-level NOTICE file from copyright.texinfo. Regenerate NOTICE file. ticket: 6802 version_fixed: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24457 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-15pull up r24452, r24453, r24454 from trunkTom Yu2-4/+12
------------------------------------------------------------------------ r24454 | ghudson | 2010-10-13 13:20:36 -0400 (Wed, 13 Oct 2010) | 2 lines Whitespace. ------------------------------------------------------------------------ r24453 | hartmans | 2010-10-12 21:19:20 -0400 (Tue, 12 Oct 2010) | 2 lines Adjust valgrind support to assume a modern valgrind that requires %p in log files. ------------------------------------------------------------------------ r24452 | hartmans | 2010-10-12 21:19:14 -0400 (Tue, 12 Oct 2010) | 14 lines ticket: 6801 target_version: 1.9 Subject: Fix leaks in get_init_creds interface In Debian Bug 598032, Bastian Blank points out that there are two leaks in the get_init_creds interface: * Free ctx->request->padata after sending the KDC request so it is not overwritten the next time around the loop. * If options is NULL passed into krb5_get_init_creds_init, then set up a non-extended options structure so that krb5_get_init_creds_free will free the options. ticket: 6801 version_fixed: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24456 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-11branch krb5-1-9Tom Yu0-0/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24450 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-11Interim update of README and NOTICETom Yu2-14/+173
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24449 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-11When returning KRB5_KT_NOTFOUND from krb5_ktfile_get_entry, set anGreg Hudson1-1/+8
extended error message indicating which principal was not found. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24448 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-09Plug a memory leak in gss_indicate_mechsGreg Hudson1-1/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24447 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-08Encoding cleanup: curly quotes to ASCII quotes, and some ISO-8859-1Tom Yu55-55/+55
files to UTF-8. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24446 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-08In gss_indicate_mechs, avoid setting the output pointer until successGreg Hudson1-17/+17
is guaranteed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24445 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-08In gss_inquire_attrs_for_mech, remove the assumption that mech_attrsGreg Hudson1-1/+2
!= NULL in a particular error case. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24444 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-08Remove duplicate code block in spnego_gss_set_cred_option()Greg Hudson1-17/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24443 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-08Add a kadm5 RPC for purging old keys from the KDB (e.g., fromTom Yu15-21/+272
change_password -keepold), and add a kadmin CLI command for it. Keeping ticket open because an automated test needs to be added. Long-term future work includes start/expire dates on keys, or not-yet-valid flags. ticket: 1219 status: open target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24442 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-07Fix a typo in kerberos.ldif. Reported by nalin@redhat.comGreg Hudson1-1/+1
ticket: 6701 target_version: 1.8.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24441 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-07Performance issue in LDAP policy fetchGreg Hudson3-10/+19
Instead of performing a tree search to fill in the refcnt field of a policy object whenever a policy is fetched, set the refcnt to 0 and perform a check when policies are deleted. ticket: 6799 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24440 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-06set NT-SRV-INST on TGS principal namesTom Yu1-1/+12
Set NT-SRV-INST on TGS principal names in get_in_tkt.c:build_in_tkt_name because Windows Server 2008 R2 RODC insists on it. Thanks to Bill Fellows for reporting this problem. ticket: 6798 tags: pullup target_version: 1.8.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24438 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-06Correct a miscarriage of justice committed by the style policeGreg Hudson1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24437 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-06Merge users/lhoward/sasl-gs2 to trunkGreg Hudson17-14/+1407
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24436 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-06Minor comments related changed. Zhanna Tsitkov5-6/+35
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24433 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-06Adjust prototype files for easier extraction of copyright/licenseGreg Hudson2-8/+8
statements, per mailing list discussion. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24432 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-05Document that krb5_get_error_message() never returns NULLGreg Hudson1-1/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24430 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-08-01 12:32:27 +0000