oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,217 Commits 2 Branches 2 Tags
a684e001ba77132cd5197602118da64245c4e77e
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Nicolas Williams a684e001ba gsskrb5: Check dst-TGT pokicy at store time 
Our initiator supports configuration-driven delegation of destination
TGTs.

This commit adds acceptor-side handling of destination TGT policy to
reject storing of non-destination TGTs when destination TGTs are
desired.

Currently we use the same appdefault for this.

Background:

    A root TGT is one of the form krbtgt/REALM@SAME-REALM.

    A destination TGT is a root TGT for the same realm as the acceptor
    service's realm.

    Normally clients delegate a root TGT for the client's realm.

    In some deployments clients may want to delegate destination TGTs as
    a form of constrained delegation: so that the destination service
    cannot use the delegated credential to impersonate the client
    principal to services in its home realm (due to KDC lineage/transit
    checks).  In those deployments there may not even be a route back to
    the KDCs of the client's realm, and attempting to use a
    non-destination TGT might even lead to timeouts.
2020-07-09 13:27:11 -05:00
.github/ISSUE_TEMPLATE
Create GitHub issue templates
2019-06-07 22:08:39 -04:00
admin
Fix ktutil weak password for principal creation
2019-01-09 00:14:11 -06:00
appl
libhcrypto: UI_UTIL_FLAG_VERIFY_SILENT
2018-12-30 15:39:49 -06:00
cf
roken: add mergesort_r()
2020-04-12 13:25:09 -05:00
doc
doc: update to draft-howard-gss-sanon-13.txt
2020-04-27 22:38:19 +10:00
etc
add NTMakefile and windows directories
2011-07-17 12:16:59 -07:00
include
Move some infra bits of lib/krb5/ to lib/base/ (2)
2020-03-02 10:56:13 -06:00
kadmin
kadmin: fix leak
2020-04-24 16:02:35 -05:00
kcm
krb5: Fix kcm
2020-05-28 00:08:43 -05:00
kdc
Check some error returns from *asprintf()
2020-05-27 21:54:26 -04:00
kpasswd
roken_detach_prep() should return fd
2019-10-03 13:09:18 -05:00
kuser
kinit: Restore get_switch_cache behavior from 5bbe7c8dc
2020-05-28 11:08:54 -04:00
lib
gsskrb5: Check dst-TGT pokicy at store time
2020-07-09 13:27:11 -05:00
packages
windows/installer: code sign all merge modules
2019-01-14 06:12:36 -05:00
po
Fix subject verb agreement in error message...
2018-03-09 17:04:29 -05:00
tests
Test including malformed krb5.conf file
2020-05-26 13:10:11 -04:00
tools
Improve coverage script a bit
2020-04-15 19:05:21 -05:00
windows
windows: revert change to ldebug
2020-05-26 11:48:45 -05:00
.gitignore
gss: SAnon - the Simple Anonymous GSS-API mechanism
2020-04-25 23:19:30 -05:00
.travis.yml
Fix (deliberately) unused variable warning in rsa-ltm.c
2020-05-28 11:10:57 -04:00
acinclude.m4
use m4_define, over-quote string
2004-02-12 14:19:16 +00:00
appveyor.yml
appveyor: Fix pacman zstd issue
2020-05-31 13:37:38 -05:00
autogen.sh
check for JSON perl module and if not found ask developer to install it
2014-08-22 21:17:16 -07:00
ChangeLog
We stop writing change logs, see the source code version control systems history log instead
2008-11-12 04:17:33 +00:00
ChangeLog.1998
changes upto 1998
2000-06-07 10:01:25 +00:00
ChangeLog.1999
move older stuff over to ChangeLog.1999
2000-11-17 01:27:17 +00:00
ChangeLog.2000
move older entries to ChangeLog.2000
2001-01-03 01:50:47 +00:00
ChangeLog.2001
changes from 2001
2002-08-21 13:29:08 +00:00
ChangeLog.2002
switch to utf8 encoding of all files
2008-09-13 08:53:55 +00:00
ChangeLog.2003
switch to utf8 encoding of all files
2008-09-13 08:53:55 +00:00
ChangeLog.2004
switch to utf8 encoding of all files
2008-09-13 08:53:55 +00:00
ChangeLog.2005
switch to utf8 encoding of all files
2008-09-13 08:53:55 +00:00
ChangeLog.2006
switch to utf8 encoding of all files
2008-09-13 08:53:55 +00:00
ChangeLog.2007
switch to utf8 encoding of all files
2008-09-13 08:53:55 +00:00
CODE_OF_CONDUCT.md
Create CODE_OF_CONDUCT.md
2019-06-07 22:03:05 -04:00
configure.ac
bx509: Tolerate older microhttpd versions
2019-12-20 15:59:21 -06:00
krb5.conf
Remove use of krb4 settings in example krb5.conf.
2014-04-28 00:56:18 +02:00
LICENSE
update (c)
2014-08-23 19:14:10 -07:00
Makefile.am
Make builds reproduceable (#336)
2017-09-29 12:37:30 -05:00
Makefile.am.common
move check-local target to cf/Makefile.am.common
2002-05-19 18:35:37 +00:00
NEWS
Fix transit path validation CVE-2017-6594
2017-04-13 18:06:39 -05:00
NTMakefile
Don't build the docs on appveyor
2019-11-20 18:14:44 -05:00
README
Update README mailing lists and links
2020-06-26 11:29:15 -04:00
README.fast
kdc bits
2011-07-24 22:45:55 -07:00
README.md
README: fix typo
2020-06-26 11:30:48 -04:00
SECURITY.md
Update SECURITY.md
2019-06-09 13:43:47 -04:00
TODO
need to fix lib/krb5/expand_path_w32.c
2010-01-05 19:21:45 +01:00

README.md

Travis-CI build (Linux, OS X) Appveyor-CI build (Windows) Coverage Status

Heimdal

Heimdal is an implementation of:

  • ASN.1/DER,
  • PKIX, and
  • Kerberos.

For information how to install see here.

There are man pages for most of the commands.

Bug reports and bugs are appreciated. Use GitHub issues.

For more information see the project homepage https://heimdal.software/heimdal/ or the mailing lists:

heimdal-announce@heimdal.software low-volume announcement heimdal-discuss@heimdal.software high-volume discussion

send mail to heimdal-announce-subscribe@heimdal.software and heimdal-discuss-subscribe@heimdal.software respectively to subscribe.

Build Status

Travis-CI build (Linux, OS X) Appveyor-CI build (Windows)

Reference in New Issue View Git Blame Copy Permalink
Description
Fork of https://github.com/heimdal/heimdal
Readme Multiple Licenses 57 MiB
Languages
C 92.1%
Roff 2.8%
Shell 2.3%
Makefile 0.7%
M4 0.5%
Other 1.4%