oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,652 Commits 2 Branches 2 Tags
c89d3f3b8c1a908c7bb4573f93258d2d469a7fe8
Commit Graph

133 Commits

Author SHA1 Message Date
Luke Howard
c89d3f3b8c kadmin: allow enforcing password quality on admin password change 
This patch adds the "enforce_on_admin_set" configuration knob in the
[password_quality] section. When this is enabled, administrative password
changes via the kadmin or kpasswd protocols will be subject to password quality
checks. (An administrative password change is one where the authenticating
principal is different to the principal whose password is being changed.)

Note that kadmin running in local mode (-l) is unaffected by this patch.
 2018-12-26 15:38:48 +11:00
Matt Selsky
a2822719e6 Fix typos in setup documentation 2018-04-19 15:54:31 -04:00
Nicolas Williams
fe43be8558 Add include/includedir directives for krb5.conf 2017-02-27 18:15:59 -06:00
Nicolas Williams
7eb9b46f5b Document HDB backends 2016-02-26 00:55:33 -06:00
Jelmer Vernooij
70e43e9808 Fix some typos. 2014-04-25 02:42:17 +02:00
Harald Barth
7b4b415fa0 spell-and-gram-proxy-certs 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-26 00:06:07 -07:00
Landon Fuller
6fb9bc86b7 Add a configuration option to enable LDAP Start TLS. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:21:15 -07:00
Landon Fuller
64341e9ec6 Document the new hdb-ldap* configuration options. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:21:15 -07:00
Love Hörnquist Åstrand
bf37778dbd make ipropd_slave tell its status in a status file 
The ipropd_slave will log its status to /var/heimdal/ipropd-slave-status
if its connecting, up to date, or disconnected.

The master will now also confirm to slaves that are are in fact up to date
if they just restart, before there was no confirmation, the slave just didn't
get any deltas.
 2012-02-15 20:59:54 -08:00
Love Hornquist Astrand
587cf45846 add @anchor 2011-10-20 22:09:40 +02:00
Love Hornquist Astrand
f7efe9516f more references 2011-10-14 14:58:29 +02:00
Love Hornquist Astrand
7b77de50a0 kadmin modify --pkinit-acl example 2011-10-14 14:53:50 +02:00
Love Hornquist Astrand
28563373a8 more documentation about pkinit 2011-10-14 14:49:00 +02:00
Love Hornquist Astrand
d6474982e5 document kdc options 2011-10-12 15:37:24 +02:00
Love Hornquist Astrand
c2be6a8580 we have @subsection Configure the KDC, let remove the XXX 2011-10-12 15:29:59 +02:00
Love Hornquist Astrand
a061e7b22f remove kaserver ref 2011-10-12 12:40:59 +02:00
Love Hornquist Astrand
8192b9ed35 remove refernces to kerberos 4 and kaserver 2011-10-12 12:40:59 +02:00
Love Hornquist Astrand
0595af118e document KRB5_CONFIG 2011-09-26 14:59:30 +02:00
Asanka C. Herath
502360ef2d Mention kpasswrd_server setting for krb5.conf 2010-11-24 15:33:01 -05:00
Love Hornquist Astrand
9ee7dd24d9 support kswitch -i, interactive mode 2010-11-22 13:19:27 -08:00
Love Hornquist Astrand
bf1f62b0a8 Document KCM 2010-10-10 18:18:46 -04:00
Love Hornquist Astrand
5240043542 use kadmin -l for check, use add instead of add, fix verify-password-quality sub-command 
Reported by David Boldt
 2010-07-08 16:19:32 -07:00
Russ Allbery
bf9ee30c44 Rephrase the PKINIT setup instructions 
Rephrase and reword the PKINIT setup documentation to be in somewhat
more idiomatic English.  There should be no changes to the substance
of the documentation.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-06-11 09:49:58 -07:00
Russ Allbery
cd1f1dd75e Rewrite the transit policy section 
Expand the transit policy section considerably, with additional
examples and explanation of the examples.  Separate allowing
cross-realm transits from configuring clients to do cross-realm
transits.  Add a separate example section for an Active Directory
forest.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-06-11 09:25:57 -07:00
Russ Allbery
3441bbb98e Clarify documentation of password quality check modules 
Be clearer in the info documentation that the part of the policy
name before the colon is the name of the module, not the static
string "module".  State explicitly that "builtin" can be used as the
module name to identify built-in policies.

Use the same terminology in kadm5_pwcheck(3) as the info documentation,
changing test-name to policy-name and vendor to module-name.  State
explicitly how the module name and policy name are used to select which
policies to run.

Rephrase a few sentences, add a paragraph break, and fix a few typos
for clarity.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-01-15 23:33:25 +00:00
Love Hornquist Astrand
5d76236458 Kerberos library tracing 2009-12-23 17:07:16 +01:00
Love Hornquist Astrand
b7bee62e48 Show IPv4 and IPv6 adresses too as examples 2009-08-14 04:36:23 +02:00
Love Hörnquist Åstrand
f825704b06 More documentation about pkinit_principal_in_certificate 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25211 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-19 05:29:26 +00:00
Love Hörnquist Åstrand
f850b7ddfb some more iprop 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24260 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-11 21:45:17 +00:00
Love Hörnquist Åstrand
d8efe514fb add slave example. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23852 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-22 06:31:47 +00:00
Love Hörnquist Åstrand
9362e5d20b hx509 now includes a pkcs11 implementation. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23067 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-21 11:18:27 +00:00
Love Hörnquist Åstrand
5ac80005d3 @xref{AFS} better 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22962 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-12 09:39:53 +00:00
Love Hörnquist Åstrand
10d789ee02 Add text about smbk5pwd overlay from Buchan Milne. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22921 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-08 10:51:54 +00:00
Love Hörnquist Åstrand
d9cf4a930f More text about OpenLDAP. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22802 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-04 17:09:55 +00:00
Love Hörnquist Åstrand
04058a6184 sasl-regexp is now authz-regexp, from Quanah Gibson-Mount. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22801 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-04 17:07:36 +00:00
Love Hörnquist Åstrand
c47245b50c No patching of OpenLDAP is needed, from Buchan Milne. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22797 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-01 07:48:12 +00:00
Love Hörnquist Åstrand
c228c7bc0a Fix sasl-regexp, from Howard Chu. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22698 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-20 08:46:02 +00:00
Love Hörnquist Åstrand
f28d7a22e0 use variables for paths in info docs 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22191 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-12-06 17:26:30 +00:00
Love Hörnquist Åstrand
5fed824f37 its vs it\'s etc. From Bjorn Sandell 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22071 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-11-14 20:04:50 +00:00
Love Hörnquist Åstrand
db733da88d sprinkle @kbd{} 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21991 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-10-19 13:28:07 +00:00
Love Hörnquist Åstrand
d5cba4b5e4 Spelling, from Mark Peoples via Bjorn Sandell. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21951 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-10-07 19:10:03 +00:00
Love Hörnquist Åstrand
fbb90f5445 Add example for pkinit_win2k_require_binding in [kdc] section. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21298 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-25 14:50:03 +00:00
Love Hörnquist Åstrand
2c9fc4063c Salting is really Encryption types and salting. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20632 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-08 14:35:00 +00:00
Love Hörnquist Åstrand
b51b82994b spelling, from Ronny Blomme 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20591 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-08 01:05:06 +00:00
Love Hörnquist Åstrand
174f00f993 prune trailing space 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20217 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-02-09 22:28:39 +00:00
Love Hörnquist Åstrand
81f9c0b588 Spelling, from Guido Guenther 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20208 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-02-09 06:33:10 +00:00
Love Hörnquist Åstrand
daf521e1d2 Hint about hxtool validate. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19821 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-10 22:14:51 +00:00
Love Hörnquist Åstrand
c792a0e800 Update to new hxtool issue-certificate usage 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19781 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-09 10:58:15 +00:00
Love Hörnquist Åstrand
d5a4dea1e1 Change --key argument to --out-key. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19728 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-05 18:38:32 +00:00
Love Hörnquist Åstrand
7c89d23c2c fix quoting for texinfo. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19712 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-04 22:48:14 +00:00