oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,327 Commits 2 Branches 2 Tags
a7f8732d79cb6601d24f21a290ccdb070d94b51e
Commit Graph

31 Commits

Author SHA1 Message Date
Nicolas Williams
9e2b696190 Make kdc name type strictness configurable 2016-11-14 21:29:47 -06:00
Roland C. Dowdeswell
352a7e94a3 Make the KDC use a multi-process model. 
We now fork(2) a number of separate KDC processes rather than a single
process.  By default, the number is selected by asking how many CPUs
the machine has.  We also have a master process which monitors all
of the children (which do the actual work) and it will restart kids
who die for any reason.  The children will die when the parent dies.

In the case of MacOS X, we also move the bonjour code into another
separate child as it creates threads and this is known to play
rather poorly with fork(2).  We could move this logic into a
designated child at some point in the future.

We slow down the spawning to one every 25ms to prevent instant crashes
and restarts from consuming all available system time.  This approach
may want to be revisited in the future.
 2015-11-06 15:39:30 -05:00
Nicolas Williams
c757eb7fb0 Rename and fix as/tgs-use-strongest-key config parameters 
Different ticket session key enctype selection options should
    distinguish between target principal type (krbtgt vs. not), not
    between KDC request types.
 2011-11-25 17:21:04 -06:00
Nicolas Williams
256cf6ea12 This patch adds support for a use-strongest-server-key krb5.conf kdc parameter that controls how the KDC (AS and TGS) selects a long-term key from a service principal's HDB entry. If TRUE the KDC picks the strongest supported key from the service principal's current keyset. If FALSE the KDC picks the first supported key from the service principal's current keyset. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
481fe133b2 Also added preauth-use-strongest-session-key krb5.conf kdc parameter, similar to {as, tgs}-use-strongest-session-key. The latter two control ticket session key enctype selection in the AS and TGS cases, respectively, while the former controls PA-ETYPE-INFO2 enctype selection in the AS case. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
a7a8a7e95c Initial patch to add as-use-strongest-session-key and same for tgs krb5.conf parameters for the KDC. These control the session key enctype selection algorithm for the AS and TGS respectively: if TRUE then they prefer the strongest enctype supported by the client, the KDC and the target principal, else they prefer the first enctype fromt he client's list that is also supported by the KDC and the target principal. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
657297a738 clean the last bits of KRB4 support in KDC 2011-05-07 11:44:15 -07:00
Jelmer Vernooij
e380769729 kdc.h: Include hdb.h first, so kdc.h can be included standalone. 
This makes it a bit easier to find libhdb in e.g. configure tests and
is consistent with the main header files for the other Heimdal
libraries, none of which has any prerequisite other headers.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-02-26 13:06:15 -08:00
Love Hornquist Astrand
847161193c constify pkinit conf 2009-11-22 00:28:33 -08:00
Love Hörnquist Åstrand
1d0eb4dad8 add proxy bit 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24999 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 09:04:50 +00:00
Love Hörnquist Åstrand
9ec7eb49c4 force submodules to claim the package 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24531 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-26 01:30:59 +00:00
Love Hörnquist Åstrand
5ca7ee453e drop name 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24529 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-26 01:30:25 +00:00
Love Hörnquist Åstrand
c74df06f20 fix length bits 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24526 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-26 01:19:27 +00:00
Love Hörnquist Åstrand
2437f18d3b add krb5_kdc_service 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24492 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-26 01:08:35 +00:00
Love Hörnquist Åstrand
0c4d8d3a16 Add switch to select friendly_name of the certificate. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24195 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-15 04:31:22 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
ced5a6d55f rename pkinit_princ_in_cert and add pkinit_require_binding 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21287 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-25 14:09:03 +00:00
Love Hörnquist Åstrand
95d9226959 add kx509 config 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19907 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-14 23:10:24 +00:00
Love Hörnquist Åstrand
95207976c0 add enable_kx509 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19549 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-28 21:06:56 +00:00
Love Hörnquist Åstrand
450b14e4e3 add digests_allowed 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19506 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-26 14:24:27 +00:00
Love Hörnquist Åstrand
6e093638af (krb5_kdc_config): Add max_datagram_reply_length. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18382 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-09 15:34:07 +00:00
Love Hörnquist Åstrand
7ae6f1fbd6 (krb5_kdc_configuration): Add enable_digest 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17910 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-08-24 08:51:15 +00:00
Love Hörnquist Åstrand
8e6754870a Add enable_v4_per_principal 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17646 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-14 18:26:18 +00:00
Love Hörnquist Åstrand
b5cc2fa7aa (krb5_kdc_configuration): add pkinit_kdc_ocsp_file 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17413 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-03 12:03:29 +00:00
Love Hörnquist Åstrand
2e2d62a9e5 Add pkinit_dh_min_bits to krb5_kdc_configuration. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16208 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-21 17:11:21 +00:00
Love Hörnquist Åstrand
7a3fc5e663 Don't pollute namespace, generate public headerfile 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15532 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-06-30 01:54:49 +00:00
Love Hörnquist Åstrand
7132a9b084 Merge in the libkdc/kdc configuration split from Andrew Bartlet <abartlet@samba.org> 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15529 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-06-30 01:03:35 +00:00
Johan Danielsson
d0e11d855b Not used anymore. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1397 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-03-14 01:58:36 +00:00
Johan Danielsson
69816ce6c5 The beginnings of a kdc. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1305 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-03-08 10:39:43 +00:00