oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
27,092 Commits 2 Branches 2 Tags
5b2d65fa2bc4cee683531c4d23c25349f8cc7b19
Commit Graph

82 Commits

Author SHA1 Message Date
Nicolas Williams
35e28dcd5d Fix incomplete sentence in krb5.conf.5 2011-12-10 14:27:46 -06:00
Nicolas Williams
27ba7a5982 Address code review comments (use .Xr and .Pa macros in krb5.conf.5) 2011-12-10 14:06:16 -06:00
Nicolas Williams
b9f8e6d956 Add DENY rule for krb5_kuserok() and update manpage 2011-12-08 13:34:02 -06:00
Nicolas Williams
8e63cff2cc Document krb5_kuserok() configuration parameters 2011-12-08 13:34:01 -06:00
Nicolas Williams
f468ed4759 Make krb5_aname_to_localname() use the libheimbase binary search functions 2011-12-02 01:03:08 -06:00
Nicolas Williams
aea02876e7 Initial aname2lname plugin patch based on code from Love 
Included is a default plugin that searches a sorted text file where
    every line is of the form:
	<unparsed-principal>[<whitespace><username>]
    If the username is missing in a matching line then an error is
    returned.  If a matching line is not found then the next plugin will
    be allowed to run, if any.
 2011-12-02 00:58:26 -06:00
Nicolas Williams
c757eb7fb0 Rename and fix as/tgs-use-strongest-key config parameters 
Different ticket session key enctype selection options should
    distinguish between target principal type (krbtgt vs. not), not
    between KDC request types.
 2011-11-25 17:21:04 -06:00
Nicolas Williams
c764ad95e5 Document name canonicalization rules 2011-10-22 14:54:26 -05:00
Love Hornquist Astrand
8192b9ed35 remove refernces to kerberos 4 and kaserver 2011-10-12 12:40:59 +02:00
Nicolas Williams
016193ac6a Added manpage documentation for krb5_{as, tgs}_enctypes. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
256cf6ea12 This patch adds support for a use-strongest-server-key krb5.conf kdc parameter that controls how the KDC (AS and TGS) selects a long-term key from a service principal's HDB entry. If TRUE the KDC picks the strongest supported key from the service principal's current keyset. If FALSE the KDC picks the first supported key from the service principal's current keyset. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
481fe133b2 Also added preauth-use-strongest-session-key krb5.conf kdc parameter, similar to {as, tgs}-use-strongest-session-key. The latter two control ticket session key enctype selection in the AS and TGS cases, respectively, while the former controls PA-ETYPE-INFO2 enctype selection in the AS case. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
a7a8a7e95c Initial patch to add as-use-strongest-session-key and same for tgs krb5.conf parameters for the KDC. These control the session key enctype selection algorithm for the AS and TGS respectively: if TRUE then they prefer the strongest enctype supported by the client, the KDC and the target principal, else they prefer the first enctype fromt he client's list that is also supported by the KDC and the target principal. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
9a1a5e5da6 Mandoc and spelling fixes from Thomas Klausner 2011-04-29 20:37:33 -07:00
Love Hornquist Astrand
d893207413 add check-rd-req-server 2010-09-01 21:56:17 -07:00
Love Hornquist Astrand
b00e010309 spelling, from Remi Ferrand 2010-08-19 21:31:10 -07:00
Love Hornquist Astrand
45158c861e document allow_weak_crypto 2010-06-02 08:14:47 -07:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
893cb35381 Document default_cc_type. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23133 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-28 18:01:53 +00:00
Björn Sandell
d43a2bc1af A few words on digests 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23125 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-28 10:55:49 +00:00
Love Hörnquist Åstrand
b1f75c5100 Documentation for password quality control. From: "James F. Hranicky" <jfh@cise.ufl.edu> 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15514 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-06-23 18:43:34 +00:00
Love Hörnquist Åstrand
084b3b2d2a change format for expantion variables in default_cc_name to 
%{variable} to not confuse them with shell ditto


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15254 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-29 13:15:58 +00:00
Love Hörnquist Åstrand
32ad0c150f spelling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15089 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-05 14:07:48 +00:00
Love Hörnquist Åstrand
1ef7caec57 expand on what "trailing component" means 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15087 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-04 12:44:34 +00:00
Love Hörnquist Åstrand
5d95fe0e1c document large_msg_size 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14550 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-02-03 08:39:57 +00:00
Love Hörnquist Åstrand
0a5afe8034 spelling, from openbsd 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14375 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-12-08 17:52:41 +00:00
Love Hörnquist Åstrand
4414774aa6 unbreak 2b entry 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14330 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-10-31 22:32:27 +00:00
Love Hörnquist Åstrand
1f5182ef5d time defaults to "s" 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14309 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-10-13 18:13:16 +00:00
Love Hörnquist Åstrand
84c67cadf0 assume minutes for time 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14276 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-09-30 11:27:20 +00:00
Love Hörnquist Åstrand
10f34a170b explain support for varibles in [libdefaults]default_cc_name 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14111 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-08-11 21:49:08 +00:00
Love Hörnquist Åstrand
292536b121 document default_cc_name 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14106 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-08-11 19:25:22 +00:00
Love Hörnquist Åstrand
17d2aa987a document [kdc]hdb-ldap-create-base 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13903 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-06-02 13:26:10 +00:00
Love Hörnquist Åstrand
06a97d5069 some text about dbname and realm 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13881 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-05-27 10:39:49 +00:00
Love Hörnquist Åstrand
883cd45992 default value for hdb-ldap-structural-object is account 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13880 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-05-27 09:11:01 +00:00
Love Hörnquist Åstrand
e8708cd380 document hdb-ldap-structural-object 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13704 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-13 12:32:23 +00:00
Love Hörnquist Åstrand
f5b17b4a81 update .Dd 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13613 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-22 08:49:11 +00:00
Johan Danielsson
4385cd757d add a bunch of Li and document [kadmin] password_lifetime; from Henry B. Hotz 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13535 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-18 07:22:44 +00:00
Love Hörnquist Åstrand
ed64621d8e document [libdefaults]fcc-mit-ticketflags=boolean 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13491 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-09 19:48:53 +00:00
Love Hörnquist Åstrand
310701f968 don't use path's in first .Nm, it confuses some locate.updatedb, use 
FILES section to describe where the file is instead.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13321 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-02-10 13:28:45 +00:00
Johan Danielsson
7448fcfe7c document capaths section 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13077 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-10-27 11:14:55 +00:00
Love Hörnquist Åstrand
b3ea5d4d2b add arcfour and aes as valid enctypes 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12890 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-20 00:10:33 +00:00
Johan Danielsson
6a621def0e document appdefaults/{forward,encrypt} 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12771 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-04 14:30:04 +00:00
Love Hörnquist Åstrand
3ee67f793f document tgs_require_subkey 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12559 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-08-16 20:00:28 +00:00
Love Hörnquist Åstrand
cb584f6348 pacify mdoclink 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12331 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-05-26 21:56:28 +00:00
Love Hörnquist Åstrand
0caadd8b18 pacify mdoclint 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12329 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-05-26 14:09:04 +00:00
Love Hörnquist Åstrand
617325e153 .Sh EXAMPLE -> .Sh EXAMPLES, from netbsd 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12289 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-05-14 22:11:04 +00:00
Love Hörnquist Åstrand
c8bd16b4b6 spelling, from Thomas Klausner <wiz@netbsd.org> 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12030 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-04-16 13:26:13 +00:00
Love Hörnquist Åstrand
62fb84849a s/kerberos/Kerberos/ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11981 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-04-06 17:53:05 +00:00
Love Hörnquist Åstrand
4e82382d40 . means new line 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11885 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-03-19 21:01:39 +00:00