Dump formats 5 and 6 differ from the supported version 4 dump format
only in that they include policy information for each principal in an
extension that the dump parsing code already knows how to ignore and
that they include policy lines. Ignore the policy information, since
there isn't a corresponding concept in Heimdal, and accept the new
dump format versions.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
If the MIT dump file includes a last password change date, allocate
a database extension structure to hold that information and include
it in the corresponding Heimdal database entry.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
hprop may be decrypting an old database encrypted with a DES master
key, in which case it shouldn't fail because DES is disabled by default.
This could permit weak enctypes to be used when authenticating to a
remote hpropd, although stronger enctypes are still preferred.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Add krb5_allow_weak_crypto parallel to the API introduced in MIT
Kerberos 1.8. Enables or disables all enctypes marked as weak.
Add a new enctype flag marking weak enctypes (all of the ones that
are disabled by default).
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
krb5_principal_get_num_comp was prototyped as a public function but
not exported from libkrb5. Add it to the export version map.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Be clearer in the info documentation that the part of the policy
name before the colon is the name of the module, not the static
string "module". State explicitly that "builtin" can be used as the
module name to identify built-in policies.
Use the same terminology in kadm5_pwcheck(3) as the info documentation,
changing test-name to policy-name and vendor to module-name. State
explicitly how the module name and policy name are used to select which
policies to run.
Rephrase a few sentences, add a paragraph break, and fix a few typos
for clarity.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Pass the path to the external password quality program as the first
argument to the program and the principal as the second argument, as is
conventional, rather than passing only the principal.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
