Must export hdb_generate_key_set_password_with_ks_tuple() on Windows
which was introduced in 4303174a49.
Change-Id: Iea2993a17aba44c7cb0360716138c26239254e05
The change to the signature of hdb_generate_key_set_password() in
Heimdal 7.1 broke API/ABI compatibility with previous releases. We
fix this by renaming it hdb_generate_key_set_password_with_ks_tuple()
and creating a new hdb_generate_key_set_password() which calls our
new function with zeroes for the added arguments.
Issue #246https://github.com/heimdal/heimdal/issues/246
Each KDC is a kx509 server. The service principal must be of the
form
kca_service/<localhost.domain>@<DEFAULT_REALM>
where localhost.domain is the hostname returned by gethostname()
and <DEFAULT_REALM> is one of the realms for which the KDC has a service
principal "kca_service/<localhost.domain>".
The matching code was broken by a5e77c578e
when krb5_sname_to_principal() began to always return a referral
principal.
Since the second component is a host name update the default principal
type for service "kca_service" to be KRB5_NT_SRV_HST.
Change-Id: I6bd5f90b674ebb7220d8efafa6d339fdc21e1a07
Commit 7dc4481ed2 which changed from
pidfile -> rk_pidfile was incomplete. Must handle the NO_PIDFILE case.
Change-Id: Ifc0b135e1fa7abdf4e370ad4b8fe2eb1305760f5
In _kdc_do_kx509() do not free 'principal' until after its last
use. Move declaration to top of function and free it during the
common exit processing.
Introduced by 10a5976e45.
Change-Id: Iaf000eb090b0fa523f04a4864c6b17058d922995
If some external library lives in a directory in which Heimdal is
already installed, we may pick up LD_LIBRARY_PATH Heimdal objects
from a different release. Move the external deps to the end, to
ensure a more appropriate LD_LIBRARY_PATH.
cf/make-proto.pl copies Doxygen docs to -private and -protos headers.
We need to either extract these from those files but not source files,
or only from source files but not the generated headers. This commit
does the latter.
We should really check whether pthread_once() is in libc so that then we
don't have to add an unnecessary dependency on -lpthread.
Also, we have a proper once implementation that we could use when we
don't have pthread_once(), so we should fallback on that if we detect
that we have neither pthread_once() in libc and --disable-pthread is
given.
The kdc nowadays forks and restarts worker children. This is nice, but
for leak checking in tests on OS X with leak(1) we really need the
worker to be the one process.
