heimdal

oysteikt/heimdal

Fork 0

Commit Graph

Author	SHA1	Message	Date
Luke Howard	971648b71e	kdc: correct logic error in altsecid_gss_preauth_authorizer check for the absence, not presence, of a GSS credential before acquiring one	2021-08-31 11:06:32 +00:00
Luke Howard	01ef38b743	kdc: add sample GSS preauth authorization plugin Add a sample GSS preauth authorization plugin, which will be built and installed if OpenLDAP is available, but otherwise not enabled (by virtue of not being installed into the plugin directory). The plugin authorizes federated GSS preauth clients by querying an Active Directory domain controller for the altSecurityIdentities attribute. Once the user entry is found, the name is canonicalized by reading the sAMAccountName attribute and concatenating it with the KDC realm.	2021-08-31 11:00:13 +00:00

Author

SHA1

Message

Date

Luke Howard

971648b71e

kdc: correct logic error in altsecid_gss_preauth_authorizer

check for the absence, not presence, of a GSS credential before acquiring one

2021-08-31 11:06:32 +00:00

Luke Howard

01ef38b743

kdc: add sample GSS preauth authorization plugin

Add a sample GSS preauth authorization plugin, which will be built and
installed if OpenLDAP is available, but otherwise not enabled (by virtue of not
being installed into the plugin directory).

The plugin authorizes federated GSS preauth clients by querying an Active
Directory domain controller for the altSecurityIdentities attribute.

Once the user entry is found, the name is canonicalized by reading the
sAMAccountName attribute and concatenating it with the KDC realm.

2021-08-31 11:00:13 +00:00

2 Commits