Commit Graph

653 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
bf37778dbd make ipropd_slave tell its status in a status file
The ipropd_slave will log its status to /var/heimdal/ipropd-slave-status
if its connecting, up to date, or disconnected.

The master will now also confirm to slaves that are are in fact up to date
if they just restart, before there was no confirmation, the slave just didn't
get any deltas.
2012-02-15 20:59:54 -08:00
Nicolas Williams
f4ba41ebdd Pluggable libheimbase interface for DBs and misc libheimbase enhancements
[Code reviewed by Love Hörnquist Åstrand <lha@kth.se>]

    Added heim_db_*() entry points for dealing with databases, and
    make krb5_aname_to_localname() use it.

    The following enhancements to libheimbase are included:

     - Add heim_data_t and heim_string_t "reference" variants to
       avoid memory copies of potentially large data/strings.

       See heim_data_ref_create() and heim_string_ref_create().

     - Added enhancements to heim_array_t to allow their use for
       queues and stacks, and to improve performance.  See
       heim_array_insert_value().

     - Added XPath-like accessors for heim_object_t.  See
       heim_path_get(), heim_path_copy(), heim_path_create(), and
       heim_path_delete().  These are used extensively in the DB
       framework's generic composition of ACID support and in the
       test_base program

     - Made libheimbase more consistent with Core Foundation naming
       conventions.  See heim_{dict, array}_{get, copy}_value() and
       heim_path_{get, copy}().

     - Added functionality to and fixed bugs in base/json.c:
        - heim_serialize();
        - depth limit for JSON parsing (for DoS protection);
        - pretty-printing;
        - JSON compliance (see below);
        - flag options for parsing and serializing; these are needed
          because of impedance mismatches between heim_object_t and
          JSON (e.g., heim_dict_t allows non-string keys, but JSON
          does not; heimbase supports binary data, while JSON does
          not).

     - Added heim_error_enomem().

     - Enhanced the test_base program to test new functionality and
       to use heim_path*() to better test JSON encoding.  This
       includes some fuzz testing of JSON parsing, and running the
       test under valgrind.

     - Started to add doxygen documentation for libheimbase (but doc
       build for libheimbase is still incomplete).

    Note that there's still some incomplete JSON support:

     - JSON string quoting is not fully implemented;

     - libheimbase lacks support for real numbers, while JSON has
       it -- otherwise libheimbase is a superset of JSON,
       specifically in that any heim_object_t can be a key for an
       associative array.

    The following DB backends are supported natively:

     - "sorted-text", a binary search of sorted (in C locale), flat
       text files;

     - "json", a backend that stores DB contents serialized as JSON
       (this is intended for configuration-like contents).

    The DB framework supports:

     - multiple key/value tables per-DB
     - ACID transactions

    The DB framework also natively implements ACID transactions for
    any DB backends that a) do not provide transactions natively, b)
    do provide lock/unlock/sync methods (even on Windows).  This
    includes autocommit of DB updates outside transactions.

    Future DB enhancements may include:

     - add backends for various DB types (BDB, CDB, MDB, ...);

     - make libhdb use heim_db_t;

     - add a command-line tool for interfacing to databases via
       libheimbase (e.g., to get/set/delete values, create/copy/
       backup DBs, inspect history, check integrity);

     - framework-level transaction logging (with redo and undo
       logging), for generic incremental replication;

     - framework-level DB integrity checking.

       We could store a MAC of the XOR of a hash function applied to
       {key, value} for every entry in the DB, then use this to check
       DB integrity incrementally during incremental replication, as
       well as for the whole DB.
2012-02-05 16:26:32 -06:00
Patrik Lundin
10bca3892d Add missing "Debugging Kerberos problems" to menu.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2012-01-15 21:56:37 +01:00
Love Hörnquist Åstrand
c8f1a6f0a0 don't install hcrypto unless we build them 2011-10-30 19:51:59 -07:00
Love Hörnquist Åstrand
1a1bd736c0 merge support for FAST in as-req codepath 2011-10-28 19:25:48 -07:00
Love Hornquist Astrand
587cf45846 add @anchor 2011-10-20 22:09:40 +02:00
Love Hornquist Astrand
f7efe9516f more references 2011-10-14 14:58:29 +02:00
Love Hornquist Astrand
7b77de50a0 kadmin modify --pkinit-acl example 2011-10-14 14:53:50 +02:00
Love Hornquist Astrand
28563373a8 more documentation about pkinit 2011-10-14 14:49:00 +02:00
Love Hornquist Astrand
d6474982e5 document kdc options 2011-10-12 15:37:24 +02:00
Love Hornquist Astrand
c2be6a8580 we have @subsection Configure the KDC, let remove the XXX 2011-10-12 15:29:59 +02:00
Love Hornquist Astrand
f574312ce1 remove kaserver ref 2011-10-12 12:41:00 +02:00
Love Hornquist Astrand
a061e7b22f remove kaserver ref 2011-10-12 12:40:59 +02:00
Love Hornquist Astrand
8192b9ed35 remove refernces to kerberos 4 and kaserver 2011-10-12 12:40:59 +02:00
Love Hornquist Astrand
8aceafc430 moved to lib/gssapi/oid.txt 2011-10-11 20:28:29 +02:00
Love Hornquist Astrand
b76f6f1e93 add more people 2011-09-29 13:58:23 +02:00
Love Hornquist Astrand
0595af118e document KRB5_CONFIG 2011-09-26 14:59:30 +02:00
Love Hornquist Astrand
ca060554fb x 2011-07-24 20:24:36 -07:00
Love Hörnquist Åstrand
7aaba443bc add NTMakefile and windows directories 2011-07-17 12:16:59 -07:00
Love Hornquist Astrand
cb7cbbb906 add more people that have contributed 2011-05-21 12:23:47 -07:00
Love Hornquist Astrand
9af798f09f sort, add Roland and Christos. 2011-05-18 21:57:46 -07:00
Love Hornquist Astrand
35652e4a03 drop libeditline 2011-05-07 19:02:23 -07:00
Love Hornquist Astrand
c5e6aa34dc add Tom Payerle 2011-04-23 19:32:23 -07:00
Luke Howard
fedd232ee4 update PADL copyright information 2011-04-13 13:07:52 +02:00
Love Hornquist Astrand
de8c4b4797 update (c) 2011-03-13 16:55:02 -07:00
Love Hornquist Astrand
9ef071c94e replace libeditline with libedit 2011-03-13 14:18:14 -07:00
Love Hornquist Astrand
9c7c6eadd3 add Jaideep Padhye and sort 2011-02-02 21:38:02 -08:00
Love Hornquist Astrand
fbf5673e77 add Donald Norwood, our wiki master 2010-12-19 22:46:43 -08:00
Love Hornquist Astrand
ca1b7bfcc3 initial drop of gss-mo 2010-11-25 11:48:02 -08:00
Asanka C. Herath
aaeef50199 Windows: Optionally disable building compiled HTML documentation 2010-11-24 15:33:18 -05:00
Asanka C. Herath
502360ef2d Mention kpasswrd_server setting for krb5.conf 2010-11-24 15:33:01 -05:00
Asanka C. Herath
d98e72bc62 Windows: Build Texinfo documentation as compiled HTML 2010-11-24 15:32:30 -05:00
Love Hornquist Astrand
9ee7dd24d9 support kswitch -i, interactive mode 2010-11-22 13:19:27 -08:00
Love Hornquist Astrand
34c3c2ab40 add Credential cache server - KCM 2010-11-22 12:13:59 -08:00
Love Hornquist Astrand
e457e87726 add Patrik Lundin 2010-10-27 19:35:04 -07:00
Love Hornquist Astrand
bf1f62b0a8 Document KCM 2010-10-10 18:18:46 -04:00
Love Hornquist Astrand
c6fb9428dd Drop imath for ltm for speed reasons 2010-10-02 12:28:27 -07:00
Love Hornquist Astrand
686f2abe61 x 2010-09-19 01:14:07 -07:00
Love Hornquist Astrand
4bd153432f This is a modified version of libeditline and the bugs we introduced are our own 2010-09-08 11:35:45 -07:00
Love Hornquist Astrand
0de5a6d613 add libtommath 2010-07-18 14:14:09 -07:00
Love Hornquist Astrand
5240043542 use kadmin -l for check, use add instead of add, fix verify-password-quality sub-command
Reported by David Boldt
2010-07-08 16:19:32 -07:00
Love Hornquist Astrand
ae9088c375 test_dh 2010-06-16 12:24:45 -07:00
Russ Allbery
bf9ee30c44 Rephrase the PKINIT setup instructions
Rephrase and reword the PKINIT setup documentation to be in somewhat
more idiomatic English.  There should be no changes to the substance
of the documentation.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-06-11 09:49:58 -07:00
Russ Allbery
cd1f1dd75e Rewrite the transit policy section
Expand the transit policy section considerably, with additional
examples and explanation of the examples.  Separate allowing
cross-realm transits from configuring clients to do cross-realm
transits.  Add a separate example section for an Active Directory
forest.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-06-11 09:25:57 -07:00
Love Hornquist Astrand
b59734d941 add TomsFastMath 2010-05-26 10:13:13 -05:00
Love Hornquist Astrand
de6da2f212 add people 2010-03-21 22:09:54 -07:00
Harald Barth
a06a40dd77 dont use modern syntax to please old makeinfo 2010-03-15 05:05:10 -07:00
Russ Allbery
3441bbb98e Clarify documentation of password quality check modules
Be clearer in the info documentation that the part of the policy
name before the colon is the name of the module, not the static
string "module".  State explicitly that "builtin" can be used as the
module name to identify built-in policies.

Use the same terminology in kadm5_pwcheck(3) as the info documentation,
changing test-name to policy-name and vendor to module-name.  State
explicitly how the module name and policy name are used to select which
policies to run.

Rephrase a few sentences, add a paragraph break, and fix a few typos
for clarity.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-01-15 23:33:25 +00:00
Love Hornquist Astrand
ef30147831 Add Secure Endpoints, Inc 2010-01-05 19:23:38 +01:00
Love Hornquist Astrand
5d76236458 Kerberos library tracing 2009-12-23 17:07:16 +01:00