oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
Files
bad07f7738c977786f06b3c50a43f65912f9dea8
heimdal/lib/kadm5
History
Nicolas Williams f90f055659 iprop: Enable secondary KDC bootstrapping w/ PKINIT 
With this change it's possible to bootstrap a KDC using a client
certificate with a PKINIT SAN for iprop/fqdn.  Given such a certificate
one could run ipropd-slave via kinit to pull down the initial copy of
the HDB, then start the KDC services using the HDBGET: keytab.

That should make bootstrapping new secondary KDCs very easy.

One could bootstrap the KDC with such a certificate using, e.g.,
Safeboot (https://github.com/osresearch/safeboot), enrolling the host as
a KDC.
2022-10-02 22:46:37 -05:00
..
acl.c
hdb: Move virtual principals into HDB layer
2020-09-08 00:25:36 -05:00
ad.c
kadm5: Correctly set userAccountControl bits
2022-09-16 15:43:44 -04:00
admin.h
hdb: add no-auth-data-reqd flag to HDB entry
2021-12-23 13:52:12 +11:00
bump_pw_expire.c
remove trailing whitespace
2008-09-13 09:21:03 +00:00
ChangeLog
switch to utf8 encoding of all files
2008-09-13 08:53:55 +00:00
check-cracklib.pl
Remove print that fools kpasswdd.
2010-07-23 10:42:34 -07:00
chpass_c.c
kadm5/kadmin: Add read-only mode
2020-09-08 00:25:40 -05:00
chpass_s.c
hdb: eliminate hdb_entry_ex
2022-01-15 18:54:57 +11:00
client_glue.c
remove trailing whitespace
2008-09-13 09:21:03 +00:00
common_glue.c
kadm5: Add online kadm5_iter_principals()
2022-03-20 18:27:03 -05:00
context_s.c
kadm5: Add online kadm5_iter_principals()
2022-03-20 18:27:03 -05:00
create_c.c
kadm5/kadmin: Add read-only mode
2020-09-08 00:25:40 -05:00
create_s.c
kadm5: Tolerate missing default principal
2022-03-14 13:41:47 -05:00
default_keys.c
Reverse order of n_ks_tuple and ks_tuple in hdb_generate_key_set().
2011-11-29 14:47:37 -06:00
delete_c.c
kadm5/kadmin: Add read-only mode
2020-09-08 00:25:40 -05:00
delete_s.c
hdb: eliminate hdb_entry_ex
2022-01-15 18:54:57 +11:00
destroy_c.c
kadm5: Avoid close(-1)
2020-09-18 14:31:43 -05:00
destroy_s.c
kadm5: Add online kadm5_iter_principals()
2022-03-20 18:27:03 -05:00
ent_setup.c
hdb: eliminate hdb_entry_ex
2022-01-15 18:54:57 +11:00
error.c
remove trailing whitespace
2008-09-13 09:21:03 +00:00
flush_c.c
remove trailing whitespace
2008-09-13 09:21:03 +00:00
flush_s.c
remove trailing whitespace
2008-09-13 09:21:03 +00:00
flush.c
remove trailing whitespace
2008-09-13 09:21:03 +00:00
free.c
Fix kadm5 error cleanup
2016-11-11 01:38:41 -05:00
get_c.c
kadm5: Add missing kadm5_ret_principal_ent() check
2022-03-22 17:07:34 -05:00
get_princs_c.c
kadmin: LIST interrupt message needs no reply
2022-03-22 17:07:34 -05:00
get_princs_s.c
kadm5: Add online kadm5_iter_principals()
2022-03-20 18:27:03 -05:00
get_s.c
kadm5: Add missing error checks
2022-01-19 16:57:06 -06:00
init_c.c
kadm5: Fix leak in kadm5_c_dup_context()
2022-03-23 23:39:34 -05:00
init_s.c
kadm5: Add online kadm5_iter_principals()
2022-03-20 18:27:03 -05:00
iprop-commands.in
Two-phase HDB commit via iprop log, + GC for log
2016-02-26 00:55:33 -06:00
iprop-log-version.rc
Windows: Version information for binaries
2010-08-20 13:06:54 -04:00
iprop-log.8
Misc fixes to man pages
2017-03-13 18:39:41 -04:00
iprop-log.c
iprop-log: Add missing error checks
2022-01-19 13:59:04 -06:00
iprop.8
iprop: Enable secondary KDC bootstrapping w/ PKINIT
2022-10-02 22:46:37 -05:00
iprop.h
ipropd-master/slave: enhancements and bug fixes
2016-02-26 00:59:04 -06:00
ipropd_common.c
ipropd: Initialize struct sigaction
2022-01-16 23:09:17 -06:00
ipropd_master.c
ipropd: Ignore setsockopt() result
2022-01-19 23:37:32 -06:00
ipropd_slave.c
iprop: Enable secondary KDC bootstrapping w/ PKINIT
2022-10-02 22:46:37 -05:00
ipropd-master-version.rc
Windows: Version information for binaries
2010-08-20 13:06:54 -04:00
ipropd-slave-version.rc
Windows: Version information for binaries
2010-08-20 13:06:54 -04:00
kadm5_err.et
kadm5: Add KADM5_PASS_Q_GENERIC, note MIT diffs
2021-12-16 10:40:01 +11:00
kadm5_locl.h
Disable Nagle in iprop master and slave
2019-10-03 15:52:15 -05:00
kadm5_pwcheck.3
Clarify documentation of password quality check modules
2010-01-15 23:33:25 +00:00
kadm5-hook.h
kadm5: add chpass_with_key hook (#397)
2019-01-10 15:18:10 +11:00
kadm5-pwcheck.h
remove trailing whitespace
2008-09-13 09:21:03 +00:00
keys.c
Fix incorrect key history check optimization. (NOT TESTED)
2011-07-22 16:07:07 -05:00
libkadm5srv-exports.def
kadm5: Add online kadm5_iter_principals()
2022-03-20 18:27:03 -05:00
libkadm5srv-version.rc
Windows: Version information for binaries
2010-08-20 13:06:54 -04:00
log.c
hdb: eliminate hdb_entry_ex
2022-01-15 18:54:57 +11:00
Makefile.am
krb5, kadm5: refactor plugin API
2019-01-03 20:06:27 -06:00
marshall.c
kadm5: Fix ENOMEM path leak
2022-01-20 12:41:39 -06:00
modify_c.c
kadm5/kadmin: Add read-only mode
2020-09-08 00:25:40 -05:00
modify_s.c
hdb: eliminate hdb_entry_ex
2022-01-15 18:54:57 +11:00
NTMakefile
krb5, kadm5: refactor plugin API
2019-01-03 20:06:27 -06:00
password_quality.c
always load plugins with RTLD_LOCAL/RTLD_GROUP if available
2019-01-03 20:06:27 -06:00
private.h
kadm5: Add online kadm5_iter_principals()
2022-03-20 18:27:03 -05:00
privs_c.c
kadm5/kadmin: Add read-only mode
2020-09-08 00:25:40 -05:00
privs_s.c
remove trailing whitespace
2008-09-13 09:21:03 +00:00
prune_c.c
kadm5/kadmin: Add read-only mode
2020-09-08 00:25:40 -05:00
prune_s.c
hdb: eliminate hdb_entry_ex
2022-01-15 18:54:57 +11:00
randkey_c.c
lib/kadm5: kadm5_c_randkey_principal check store_int return
2022-01-23 22:49:57 -05:00
randkey_s.c
hdb: eliminate hdb_entry_ex
2022-01-15 18:54:57 +11:00
rename_c.c
kadm5/kadmin: Add read-only mode
2020-09-08 00:25:40 -05:00
rename_s.c
kadm5: Add missing error checks
2022-01-19 16:57:06 -06:00
sample_hook.c
WIN32: fix calling conventions for 32-bit builds
2019-01-14 06:12:36 -05:00
sample_passwd_check.c
remove trailing whitespace
2008-09-13 09:21:03 +00:00
send_recv.c
lib/kadm5: use krb5_enomem() where possible
2018-12-25 16:57:55 -06:00
server_glue.c
remove trailing whitespace
2008-09-13 09:21:03 +00:00
server_hooks.c
Move some infra bits of lib/krb5/ to lib/base/ (2)
2020-03-02 10:56:13 -06:00
set_keys.c
kadm5: Fix warnings
2022-01-14 14:58:59 -06:00
set_modifier.c
lib/kadm5: use krb5_enomem() where possible
2018-12-25 16:57:55 -06:00
setkey3_s.c
hdb: eliminate hdb_entry_ex
2022-01-15 18:54:57 +11:00
test_pw_quality.c
krb5, kadm5: refactor plugin API
2019-01-03 20:06:27 -06:00
version-script-client.map
kadm5: Add online kadm5_iter_principals()
2022-03-20 18:27:03 -05:00
version-script.map
kadm5: Add online kadm5_iter_principals()
2022-03-20 18:27:03 -05:00