| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This fixes a long-standing documentation bug where we claimed that
a domain_realm mapping for a host name would not affect entries
under that domain name. The code has always had the behavior where
a host name mapping implies the corresponding domain name mapping,
since the 1.0 release.
While here, replace media-lab with csail in example files, as the
media lab realm is no longer in use. Also strip port 88 from KDC
specifications, and drop the harmful default_{tgs,tkt}_enctypes
lines from src/util/profile/krb5.conf.
Further cleanup on these files to remove defunct realms may be in order.
ticket: 7690 (new)
tags: pullup
target_version: 1.11.4
|
|
The old man pages are gone, so we can't install them anymore.
Also clean up install and install-unix targets that were installing
the old man pages by hand.
|
|
We generate man pages from RST sources now; they are checked into
the tree in src/man/.
The gen-manpages directory is no longer needed.
|
|
The admin keytab hasn't been needed or used by kadmind since 1.4
(except possibly by legacy admin daemons which we no longer ship).
Eliminate remaining references to it in code, test cases, and
documentation.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25729 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Install sphinx-generated manpages. Original nroff manpages remain for
reference until proofreading is complete. Modify
doc/rst_source/conf.py to better deal with shadow manpages -- sphinx
will now build k5login.5 instead of .k5login.5, and kadmin.1 instead
of both kadmin.1 and kadmin.local.8.
Proofreaders should ensure that the original nroff manpages (and
associated Makefile rules) are deleted once their reST format
equivalents have been proofread.
ticket: 7064
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25625 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Break out the encrypted timestamp code from kdc_preauth.c and
preauth2.c into built-in modules, allowing admins to disable it and
reducing the size of the framework code.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25319 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6968
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25290 dc483132-0cff-0310-8789-dd5450dbe970
|
|
database_name, disable_last_success, and disable_lockout should be
under dbmodules, not dbdefaults.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25067 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6929
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25027 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25001 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24991 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24982 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24969 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Be more flexible about the principal names we will accept for a given
GSS acceptor name. Also add support for a new libdefaults profile
variable ignore_acceptor_hostname, which causes the hostnames of
host-based service principals to be ignored when passed by server
applications as acceptor names.
Note that we still always invoke krb5_sname_to_principal() when
importing a gss-krb5 mechanism name, even though we won't always use
the result. This is an unfortunate waste of getaddrinfo/getnameinfo
queries in some situations, but the code surgery necessary to defer
it appears too risky at this time.
The project proposal for this change is at:
http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names
ticket: 6855
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24616 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6794
tags: pullup
target_version: 1.9
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24584 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* krb5.conf
* admin.texinfo
* kadm5_hook_plugin.h: document initvt requirement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24422 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Add and document two new options for controlling k5login behavior.
ticket: 6792
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24402 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Merge branches/plugins2 to trunk. Adds a password quality pluggable
interface described in this project page:
http://k5wiki.kerberos.org/wiki/Projects/Password_quality_pluggable_interface
ticket: 6765
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24284 dc483132-0cff-0310-8789-dd5450dbe970
|
|
syntactically independent of parent files.
ticket: 6761
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24256 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Add support for "include" and "includedir" directives in profile files.
See http://k5wiki.kerberos.org/wiki/Projects/Profile_Includes for more
details.
ticket: 6761
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24253 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5.conf.M. Also document database_name in krb5.conf.M and slightly
adjust the wording in admin.texinfo.
ticket: 6719
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24078 dc483132-0cff-0310-8789-dd5450dbe970
|
|
The kdc.conf setting kdc_tcp_ports was not documented in kdc.conf.M,
though it was documented in doc/admin.texinfo. Copy text from there
for now. The setting defaults to an empty string at the moment,
causing the KDC to not listen on TCP by default, confusing some users.
Changing this behavior is a separate issue.
ticket: 6730
target_version: 1.8.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24074 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r16656, #2656). Based on a patch from nalin@redhat.com.
ticket: 6680
target_version: 1.8.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23820 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Update documentation to be more helpful about allow_weak_crypto.
ticket: 6669
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23750 dc483132-0cff-0310-8789-dd5450dbe970
|
|
kdc_supported_enctypes does nothing. Remove all mention of it from
documentation and test suites.
ticket: 6620
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23578 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Fix spelling errors in man pages detected by Debian's Lintian program.
Also escape some -'s that are intended to be literal ASCII dashes and
not Unicode hyphens so that groff won't change them into true hyphens.
ticket: 6616
component: krb5-doc
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23554 dc483132-0cff-0310-8789-dd5450dbe970
|
|
configure script:
$(SRCTOP) --> $(top_srcdir)
$(srcdir)/$(thisconfigdir) --> $(top_srcdir)
$(thisconfigdir) --> $(BUILDTOP)
$(myfulldir) --> $(mydir)
ticket: 6583
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
|
|
it uses the wrong API and wrong key usage. So, if the auth_context
has an explicit checksum type set, then respect that. kcmd sets such
a checksum type. Also, because other applications may have the same
problem, allow the config file variable if set to override the default
checksum.
* kcmd.c: Force use of rsa_md5
* init_ctx.c: do not default to md5
* mk_req_ext.c: allow auth_context to override
ticket: 1624
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22160 dc483132-0cff-0310-8789-dd5450dbe970
|
|
all the time in the ap_req checksum path. This breaks code to support
DCE versions prior to 1.1 but uses the correct checksum for protocol
compatibility.
ticket: 1624
Target_version: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22154 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Our sample krb5.conf has obsolete info on the GNU.ORG realm; the DNS
entries named don't exist, and AFAIK this hasn't been accurate in
years. (I don't even know if they're currently running a Kerberos
realm.)
ticket: 6398
target_version: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22038 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21818 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Move automatically-generated dependencies into separate files in the
source tree, and take the data out of Makefile.in.
Keep the "make depend" rules for stripping out the dependencies from
Makefile.in, in case some optional directories were missed, but
everything that builds on my UNIX build has been converted.
(Converting a directory just requires creating an empty "deps" file so
that config.status can build the makefile, and then later running
"make depend" in that directory to get the correct content for it.)
Change configure scripts to incorporate the "deps" file when building
each Makefile. This change requires the existence of a file "deps" in
each source directory where we build a makefile, even if there are no
sources for which to compute dependencies; a switch to GNU make would
let us conditionalize that, but we can assess that later.
Update dependencies for the generate Makefile itself to list the deps
file.
This will also require some minor tweaking of the Windows build, to
make it incorporate the new deps file.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
|
|
The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244
In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.
This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.
Merge commit 'mskrb-integ' into trunk
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
|
|
hostname as domains. The heuristic is off by default and is controlled
by the realm_try_domains variable under libdefaults.
Based on a patch submitted by Mark Phalan from Sun.
ticket: 6031
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21588 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20465 dc483132-0cff-0310-8789-dd5450dbe970
|
|
latter is what the LDAP KDB plugin looks for.
Ticket: 5544
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20316 dc483132-0cff-0310-8789-dd5450dbe970
|
|
that the valid values for v4_mode are the valid arguments to the -4 flag
to krb5kdc.
Ticket: 2724
Component: krb5-doc
Target_Version: 1.6.1
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19139 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Patch from Nalin Dahyabhai at Redhat to implement a preauthentication
framework based on the plugin architecture. Currently. the API is
considered internal and the header is not installed.
See src/include/krb5/preauth_plugin.h for the interface.
ticket: new
Tags: enhancement
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18641 dc483132-0cff-0310-8789-dd5450dbe970
|
|
- LDAP URI support for specifying server and port
- support for ldapi interface
- updated to newer LDAP APIs
- updated documentation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18592 dc483132-0cff-0310-8789-dd5450dbe970
|
|
svn+ssh://svn.mit.edu/krb5/branches/ldap-integ@18333.
* plugins/kdb/ldap: New directory.
* aclocal.m4 (WITH_LDAP): New macro.
(CONFIG_RULES): Invoke it.
* configure.in: Test ldap option, maybe configure and generate makefiles for
new directories, and set and substitute ldap_plugin_dir.
* Makefile.in (SUBDIRS): Add @ldap_plugin_dir@.
* kdc/krb5kdc.M, kadmin/server/kadmind.M, kadmin/cli/kadmin.M,
config-files/krb5.conf.M: Document LDAP changes (new options, config file
entries, etc).
* lib/kdb/kdb5.c (kdb_load_library): Put more info in error message.
* lib/kadm5/admin.h (KADM5_CPW_FUNCTION, KADM5_RANDKEY_USED,
KADM5_CONFIG_PASSWD_SERVER): New macros, disabled for now.
(struct _kadm5_config_params): New field kpasswd_server, commented out for now.
* lib/krb5/error_tables/kdb5_err.et: Add error codes KRB5_KDB_ACCESS_ERROR,
KRB5_KDB_INTERNAL_ERROR, KRB5_KDB_CONSTRAINT_VIOLATION.
ticket: 2935
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18334 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Ticket: 3468
Version_Reported: 1.4.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18108 dc483132-0cff-0310-8789-dd5450dbe970
|
|
subversion commit log entry needs to include information that would
have been in the changelog.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17893 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17888 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 249
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16810 dc483132-0cff-0310-8789-dd5450dbe970
|
|
subdirs only for the makefile in the directory with the configure
script, and will have only $(LOCAL_SUBDIRS) elsewhere. Drop the use
of "MY_SUBDIRS=." to override SUBDIRS in favor of this way of keeping
SUBDIRS empty. Drop other uses of MY_SUBDIRS in favor of
LOCAL_SUBDIRS or (in one case, the top level) overriding the SUBDIRS
setting from pre.in.
One less thing to keep tweaking as configure scripts get reorganized
and merged.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16158 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15661 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 1085
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15641 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15538 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15537 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Replace CLUB.CC.CMU.EDU info with ANDREW.CMU.EDU, which has SRV records and
thus doesn't need KDC specs. Provide a commented-out example of a [logging]
spec.
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15536 dc483132-0cff-0310-8789-dd5450dbe970
|
