Age | Commit message (Collapse) | Author | Files | Lines |
|
not output
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21689 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Confirm that copy succeeds before freeing ticket principal.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21688 dc483132-0cff-0310-8789-dd5450dbe970
|
|
context times
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21687 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Tom indicates he has a similar patch that has been tested.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21686 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21685 dc483132-0cff-0310-8789-dd5450dbe970
|
|
where it believed that changes had been merged onto the branch
when they had in fact not been merged.
This re-applies these changes.
This reverts commit d2f51f02bac81d852f6f020373718d08b6abd02f.
Conflicts:
src/lib/crypto/Makefile.in
src/lib/crypto/arcfour/Makefile.in
src/lib/crypto/des/Makefile.in
src/lib/crypto/enc_provider/Makefile.in
src/lib/crypto/keyhash_provider/Makefile.in
src/lib/krb5/krb/rd_req_dec.c
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21684 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21680 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21679 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Conflicts:
src/Makefile.in
src/kadmin/server/misc.h
src/kdc/do_as_req.c
src/kdc/do_tgs_req.c
src/kdc/kdc_util.c
src/kdc/kdc_util.h
src/lib/crypto/Makefile.in
src/lib/crypto/des/Makefile.in
src/lib/crypto/enc_provider/Makefile.in
src/lib/kdb/kdb5.c
src/lib/krb5/krb/chk_trans.c
src/lib/krb5/krb/walk_rtree.c
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21678 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Set up the replay cache here because we have the server principal
krb5_rd_req: Don't set server to ticket->server
krb5_rd_rec_decoded: change ticket->server to the principal we actually match from the keytab; this produces
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21677 dc483132-0cff-0310-8789-dd5450dbe970
|
|
symbol.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21676 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21675 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21674 dc483132-0cff-0310-8789-dd5450dbe970
|
|
more
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21673 dc483132-0cff-0310-8789-dd5450dbe970
|
|
completely tested yet
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21672 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21671 dc483132-0cff-0310-8789-dd5450dbe970
|
|
the KDC key to validate signatures
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21670 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21669 dc483132-0cff-0310-8789-dd5450dbe970
|
|
is inappropriate. The server name is a security constraint.
If set, it must constrain the principals
that can be authenticated to; otherwise applications may get behavior that breaks security policy.
It is a goal that applications need to change to take advantage of any server search.
Remove dead code
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21668 dc483132-0cff-0310-8789-dd5450dbe970
|
|
to look up service principal
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21667 dc483132-0cff-0310-8789-dd5450dbe970
|
|
supports des-cbc-crc.
Among other things, the test suite depends on this.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21666 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Works around test instability problem
but not desirable for iprop
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21665 dc483132-0cff-0310-8789-dd5450dbe970
|
|
gss_verify_mic(), rather than the other way around. Mechanisms should
export a V2 interface.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21664 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21663 dc483132-0cff-0310-8789-dd5450dbe970
|
|
received a TGT
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21662 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21661 dc483132-0cff-0310-8789-dd5450dbe970
|
|
TGT, and the client requested one
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21660 dc483132-0cff-0310-8789-dd5450dbe970
|
|
PAC_CREDENTIAL_DATA
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21658 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21657 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21656 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21655 dc483132-0cff-0310-8789-dd5450dbe970
|
|
gssapi_krb5.c.
That way, a vendor can build krb5_gss_glue.c as libgssapi_krb5.so, the
mechglue as libgssapi.so, and the rest of the Kerberos mech as
mech_krb5.so (this is essentially what Novell did).
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21654 dc483132-0cff-0310-8789-dd5450dbe970
|
|
when building mech_krb5 today, it will help anyone that wants to
correctly build it dynamically.
(By correctly, I mean that mechanism-specific API should go in
libgssapi_krb5 and the mechanism itself in mech_krb5; one cannot assume
that one can link against loadable modules on all platforms. I notice in
OpenSolaris Sun link against mech_krb5 directly to get mech-specific
API, but this won't work on Darwin.)
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21653 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21652 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21651 dc483132-0cff-0310-8789-dd5450dbe970
|
|
key)
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21650 dc483132-0cff-0310-8789-dd5450dbe970
|
|
mechanisms that are dynamically loaded (in which case the mechanism
would provide a separate library with mechanism-specific APIs that
wrapped gsspi_mech_invoke())
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21649 dc483132-0cff-0310-8789-dd5450dbe970
|
|
be indirected through gssspi_mech_invoke()
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21648 dc483132-0cff-0310-8789-dd5450dbe970
|
|
successfully, as otherwise it will contain a dangling FD reference
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21647 dc483132-0cff-0310-8789-dd5450dbe970
|
|
the other way around. Mechanisms should export V2 interfaces.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21646 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Don't send EtypeList unless most preferred enctype is different to
ticket session key enctype
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21645 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21643 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21641 dc483132-0cff-0310-8789-dd5450dbe970
|
|
lengths, in case they may be different (if a stronger CFX enctype was
negotiated by RFC 4537)
Fix kg_translate_iov_v3() to handle EC correctly when a trailer is
present
CFX header validation was broken: we were comparing the plaintext copy
to itself rather than the copy in the trailer.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21640 dc483132-0cff-0310-8789-dd5450dbe970
|
|
disabling AS-REP canonicalization, because in Windows kadmin/changepw is
an alias for the TGS. This was to avoid a client asking for a changepw
service ticket getting a TGT by setting the canonicalize flag, something
particularly problematic for a user who is only allowed to reset an
expired password.
The correct fix, however, is to disable AS-REP server name
canonicalization for any alias of the TGS (unless the user is requesting
a TGT, in which case we enable it, because that allows us to deal with
realm aliases for Windows interop).
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21638 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21630 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21629 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21628 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21626 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21617 dc483132-0cff-0310-8789-dd5450dbe970
|