oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: add sample GSS preauth authorization plugin

Browse Source 
Add a sample GSS preauth authorization plugin, which will be built and
installed if OpenLDAP is available, but otherwise not enabled (by virtue of not
being installed into the plugin directory).

The plugin authorizes federated GSS preauth clients by querying an Active
Directory domain controller for the altSecurityIdentities attribute.

Once the user entry is found, the name is canonicalized by reading the
sAMAccountName attribute and concatenating it with the KDC realm.
This commit is contained in:
Luke Howard
2021-08-31 07:58:07 +00:00
parent 7818f44659
commit 01ef38b743
3 changed files with 501 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configure.ac
View File

@@ -129,6 +129,7 @@ rk_TEST_PACKAGE(openldap,
[#include <lber.h>
#include <ldap.h>],
[-lldap -llber],,,OPENLDAP)
AM_CONDITIONAL(OPENLDAP, test "$with_openldap" != "no")
AC_ARG_ENABLE(hdb-openldap-module,
AS_HELP_STRING([--enable-hdb-openldap-module],