Included is a default plugin that searches a sorted text file where
every line is of the form:
<unparsed-principal>[<whitespace><username>]
If the username is missing in a matching line then an error is
returned. If a matching line is not found then the next plugin will
be allowed to run, if any.
Different ticket session key enctype selection options should
distinguish between target principal type (krbtgt vs. not), not
between KDC request types.
NOTE: The test runs and succeeds, but the client seems to be getting
a new x-realm TGT after we set the kvno to 0 or remove the
kvno from the tickets. This means we're not really testing
the TGS paths! So this test is not yet ready.
Application developers have a tendency to use krb5_get_error_message()
as a drop in replacement for error_message() and under various
circumstances they pass in a NULL context. This method works fine
for MIT's implementation which ignores the context but in Heimdal
passing in a NULL context would dump core.
This patch set modifies krb5_get_error_message() in order to
permit the passing of a NULL context. First, if the context
is NULL, an attempt will be made to allocate one locally for
the purpose of evaluating the error code. Second, if a local
context cannot be allocated, fall back on calling error_message().
If error_message() fails to return a string, then generate an
"unknown error" response.
Only if all of the above fails is NULL returned.
Change-Id: If4baf7d6c428cf0baf11c044b8dfd5c2b3cdf7e4
Add _krb5_set_default_cc_name_to_registry() function and
call use it on Windows to set the user's default credential cache.
Change-Id: Ib59ff218a098a841bc61846abf873736380b5c6c
The new _krb5_store_string_to_reg_value() function permits
the caller to create REG_SZ, REG_EXPAND_SZ, REG_DWORD, and
REG_MULTI_SZ entries in the registry.
Change-Id: Ib5740ad07209618d8ea4c0bf3c75615f27e98b4e
commit 0ed83cebd3 removed the
weak enctypes from the default enctype list. This is a change
in behavior from 1.5.x which permitted the use of weak enctypes
if "allow_weak_crypto" is set to true. This patchset creates
two default enctype lists. One with weak enctypes and the other
without. The weak version is used if "allow_weak_crypto" is set
to true.
Change-Id: Ide5cce0645836249031350bfaf619d970635e579
