A typo in LDAP__lookup_princ makes using existing LDAP entries broken,
a new entry is always created even if an entry with proper uid and
structural objectclass can be found.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Support for manipulating srvtabs was previously removed, but there
were still remnants in command documentation in the ktutil man page
and some declared and exported variables for the keytab ops
definitions for srvtab manipulation. Remove these additional
remnants.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
The output from this print is considered an error message which makes
kpasswdd reject a password even though "APPROVED" is printed afterwards.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Kpasswdd supplies the principal name as an argument to the external
script which makes <> try to read from a file with that name.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
rand.h doesn't require any symbols defined in bn.h, so don't
include bn.h in the header file. This makes it easier for applications
to include only the symmetric portions of libhcrypto.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Rephrase and reword the PKINIT setup documentation to be in somewhat
more idiomatic English. There should be no changes to the substance
of the documentation.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Expand the transit policy section considerably, with additional
examples and explanation of the examples. Separate allowing
cross-realm transits from configuring clients to do cross-realm
transits. Add a separate example section for an Active Directory
forest.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
