aboutsummaryrefslogtreecommitdiff
path: root/doc
AgeCommit message (Collapse)AuthorFilesLines
2011-04-07Merge branch 'master' into users/lhoward/moonshot-mechglue-fixesLuke Howard2-3/+43
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24854 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-03Merge branch 'master' into users/lhoward/moonshot-mechglue-fixesLuke Howard1-0/+37
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24813 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-01Merge branch 'master' into users/lhoward/moonshot-mechglue-fixesLuke Howard2-0/+36
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24778 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-15Remove the Yarrow copyright notice since the code is goneGreg Hudson1-28/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24704 dc483132-0cff-0310-8789-dd5450dbe970
2011-02-07Improve acceptor name flexibilityGreg Hudson1-0/+9
Be more flexible about the principal names we will accept for a given GSS acceptor name. Also add support for a new libdefaults profile variable ignore_acceptor_hostname, which causes the hostnames of host-based service principals to be ignored when passed by server applications as acceptor names. Note that we still always invoke krb5_sname_to_principal() when importing a gss-krb5 mechanism name, even though we won't always use the result. This is an unfortunate waste of getaddrinfo/getnameinfo queries in some situations, but the code surgery necessary to defer it appears too risky at this time. The project proposal for this change is at: http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names ticket: 6855 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24616 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-20Document rdns libdefault settingTom Yu1-0/+7
ticket: 6794 tags: pullup target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24584 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-01Correct typo in admin documentation for restrict_anonymous_to_tgtGreg Hudson1-2/+2
ticket: 6829 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24550 dc483132-0cff-0310-8789-dd5450dbe970
2010-12-01Implement restrict_anonymous_to_tgt realm flagGreg Hudson1-1/+14
Implement a new realm flag to reject ticket requests from anonymous principals to any principal other than the local TGT. Allows FAST to be deployed using anonymous tickets as armor in realms where the set of authenticatable users must be constrained. ticket: 6829 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24547 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-16Fix a typo in install.texinfoGreg Hudson1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24517 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-19Remove KDC replay cacheGreg Hudson1-5/+3
Now that SAM1 support has been removed, the KDC does not need a replay replay cache. Remove all code within USE_RCACHE and associated support. Rename --disable-kdc-replay-cache to --disable-kdc-lookaside-cache. ticket: 6804 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24464 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-18Adjust copyright.texinfo to fix some TeX output issues. Also do minorTom Yu1-126/+137
cleanup. ticket: 6802 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24462 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-14copyright notice updatesTom Yu7-209/+806
Update copyright.texinfo. Move full copyright notices to appendices of documentation. New rules to generate top-level NOTICE file from copyright.texinfo. Regenerate NOTICE file. ticket: 6802 tags: pullup target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24455 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-08Add a kadm5 RPC for purging old keys from the KDB (e.g., fromTom Yu1-12/+9
change_password -keepold), and add a kadmin CLI command for it. Keeping ticket open because an automated test needs to be added. Long-term future work includes start/expire dates on keys, or not-yet-valid flags. ticket: 1219 status: open target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24442 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-05Document kadm5_hook interfaceSam Hartman1-1/+12
* krb5.conf * admin.texinfo * kadm5_hook_plugin.h: document initvt requirement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24422 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-01Implement k5login_directory and k5login_authoritative optionsGreg Hudson1-0/+14
Add and document two new options for controlling k5login behavior. ticket: 6792 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24402 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-30Correct the admin documentation for auth_to_localGreg Hudson1-15/+14
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24387 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-01Password quality pluggable interfaceGreg Hudson2-2/+65
Merge branches/plugins2 to trunk. Adds a password quality pluggable interface described in this project page: http://k5wiki.kerberos.org/wiki/Projects/Password_quality_pluggable_interface ticket: 6765 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24284 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-25Revise the profile include design so that included files areGreg Hudson1-2/+3
syntactically independent of parent files. ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24256 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-24add profile include supportGreg Hudson1-0/+14
Add support for "include" and "includedir" directives in profile files. See http://k5wiki.kerberos.org/wiki/Projects/Profile_Includes for more details. ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24253 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-21Document the disable_last_success and disable_lockout variables inGreg Hudson1-2/+2
krb5.conf.M. Also document database_name in krb5.conf.M and slightly adjust the wording in admin.texinfo. ticket: 6719 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24078 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-18When parsing a KDC or admin server string, allow the name or addressGreg Hudson1-6/+8
to be enclosed in brackets so that IPv6 addresses can be represented. (IPv6 addresses contain colons, which look like port separators.) ticket: 6562 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24055 dc483132-0cff-0310-8789-dd5450dbe970
2010-05-10Add lockout-related performance tuning variablesGreg Hudson1-4/+17
The account lockout feature of krb5 1.8 came at a cost in database accesses for principals requiring preauth, even if lockout is not used. Add dbmodules variables disable_last_success and disable_lockout for the DB2 and LDAP back ends, allowing the admin to recover the lost performance at the cost of new functionality. (Unrelated documentation fix: document database_name as a DB2-specific dbmodules variable instead of the realm variable it used to be.) ticket: 6719 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24003 dc483132-0cff-0310-8789-dd5450dbe970
2010-03-19Document the ticket_lifetime libdefaults setting (which was added inGreg Hudson1-7/+5
r16656, #2656). Based on a patch from nalin@redhat.com. ticket: 6680 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23820 dc483132-0cff-0310-8789-dd5450dbe970
2010-02-25Updated documentation with information about --with-crypto-impl=IMPL ↵Zhanna Tsitkov1-0/+6
configuration flag git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23752 dc483132-0cff-0310-8789-dd5450dbe970
2010-02-25doc updates for allow_weak_cryptoTom Yu1-2/+5
Update documentation to be more helpful about allow_weak_crypto. ticket: 6669 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23750 dc483132-0cff-0310-8789-dd5450dbe970
2010-02-11Minimal support for updating history keyGreg Hudson1-1/+27
Add minimal support for re-randomizing the history key: * cpw -randkey kadmin/history now works, but creates only one key. * cpw -randkey -keepold kadmin/history still fails. * libkadm5 no longer caches the history key. Performance impact is minimal since password changes are not common. * randkey no longer checks the newly randomized key against old keys, and the disabled code to do so in setkey/setv4key is gone, so now only kadm5_chpass_principal_3 accesses the password history. ticket: 6660 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23716 dc483132-0cff-0310-8789-dd5450dbe970
2010-01-05README, copyright, patchlevel for krb5-1.8 branchTom Yu1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23587 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-28Fixing minorly grammatical badKen Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23522 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-28Note last real update was a while back; delete listings of libraries no ↵Ken Raeburn1-11/+2
longer in tree git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23521 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-24Remove appl man pages from the list of pages to convert in the docGreg Hudson1-6/+1
build system. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23341 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-22Remove discussion of the unbundled applications from the installGreg Hudson1-153/+10
guide. ticket: 6583 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23310 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-22Update the build system documentation:Greg Hudson1-35/+11
* The test suite no longer requires root. * appl no longer contains what it used to contain. * Mention --disable-rpath as an alternative for make check. ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23309 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-30Update the kadm5 design documentation slightly to reflect that MITGreg Hudson1-6/+17
doesn't commit to a stable libkadm5 C API. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23095 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-07Remove an outdated parenthetical comment about master_kdc; we actuallyGreg Hudson1-3/+1
do check if the response came from the master KDC now. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22864 dc483132-0cff-0310-8789-dd5450dbe970
2009-08-14In doc/Makefile, specify the new location of the kpasswd man page (theGreg Hudson1-2/+2
old one was removed in r22521. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22522 dc483132-0cff-0310-8789-dd5450dbe970
2009-07-29Enctype list configuration enhancementsGreg Hudson2-2/+20
In the processing code for enctype lists, add support for "DEFAULT" to indicate the default list, for families (des/des3/aes/rc4), and for removing entries from the current list (-foo). Also add unit tests and document. ticket: 6539 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22469 dc483132-0cff-0310-8789-dd5450dbe970
2009-06-01Fix a typo in the admin guide (with not keyword -> with no keyword)Greg Hudson1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22396 dc483132-0cff-0310-8789-dd5450dbe970
2009-05-03Fix formatting of ok_as_delegate documentation in admin guideGreg Hudson1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22304 dc483132-0cff-0310-8789-dd5450dbe970
2009-04-30Document ok_as_delegate in the admin guideGreg Hudson1-0/+15
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22293 dc483132-0cff-0310-8789-dd5450dbe970
2009-04-28Fix typoGreg Hudson1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22287 dc483132-0cff-0310-8789-dd5450dbe970
2009-04-22In the cross-realm setup example in the admin documentation, useGreg Hudson1-2/+2
"addprinc" instead of "add_princ" since the latter is not a recognized alias for add_principal. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22266 dc483132-0cff-0310-8789-dd5450dbe970
2009-04-10Document allow_weak_cryptoGreg Hudson2-6/+18
Also document which cryptosystems are defined to be weak, and add some enctype entries which weren't in the documentation. ticket: 6452 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22188 dc483132-0cff-0310-8789-dd5450dbe970
2009-04-09Update defaults in documentationGreg Hudson1-8/+8
doc/definitions.texinfo had, predictably, fallen out of date with respect to the code. Update a few of the out of date comments and defaults, particularly the default enctype lists. ticket: 6451 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22187 dc483132-0cff-0310-8789-dd5450dbe970
2009-04-03Unfortunately, pre-1.7 krshd fails to support keyed checksums becauseSam Hartman1-2/+2
it uses the wrong API and wrong key usage. So, if the auth_context has an explicit checksum type set, then respect that. kcmd sets such a checksum type. Also, because other applications may have the same problem, allow the config file variable if set to override the default checksum. * kcmd.c: Force use of rsa_md5 * init_ctx.c: do not default to md5 * mk_req_ext.c: allow auth_context to override ticket: 1624 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22160 dc483132-0cff-0310-8789-dd5450dbe970
2009-04-01Use the preferred checksum for non-DES keys in the kdc_req path andSam Hartman1-1/+2
all the time in the ap_req checksum path. This breaks code to support DCE versions prior to 1.1 but uses the correct checksum for protocol compatibility. ticket: 1624 Target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22154 dc483132-0cff-0310-8789-dd5450dbe970
2009-03-15Document alias support in LDAP back endGreg Hudson1-0/+20
Add a few paragraphs to the LDAP instructions on creating aliases through direct manipulation of the LDAP data, and briefly explain when aliases will be used. ticket: 6419 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22089 dc483132-0cff-0310-8789-dd5450dbe970
2009-03-14Improve LDAP admin documentationGreg Hudson1-86/+101
Use dc=example,dc=com as the example base DN instead of more archaic forms. Provide a little more cross-referencing of concepts and mechanisms. Add additional steps in the OpenLDAP setup instructions for choosing DNs for the Kerberos container, KDC service, and kadmin service. Explain a little bit about what the Kerberos container and realm container are. Be clearer that using separate subtrees from the realm container for principals is an option, not a necessity, and don't use the base DN as an example of a separate subtree (it's confusing). ticket: 6418 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22088 dc483132-0cff-0310-8789-dd5450dbe970
2009-01-05fix merge of new openldap noticeKen Raeburn1-3/+4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21698 dc483132-0cff-0310-8789-dd5450dbe970
2009-01-03Merge mskrb-integ onto trunkSam Hartman1-0/+63
The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
2008-12-18Remove documentation references to krb4 functionality we no longerGreg Hudson12-7086/+2
have. Remove the krb425 transition guide since we no longer have compatibility code to assist with a transition. ticket: 6303 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21545 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-09-09 15:49:40 +0000