Files
heimdal/lib/krb5
Nicolas Williams dc74e9d00c kdc: Add Heimdal cert ext for ticket max_life
This adds support for using a Heimdal-specific PKIX extension to derive
a maximum Kerberos ticket lifetime from a client's PKINIT certificate.

KDC configuration parameters:

 - pkinit_max_life_from_cert_extension
 - pkinit_max_life_bound

If `pkinit_max_life_from_cert_extension` is set to true then the
certificate extension or EKU will be checked.

If `pkinit_max_life_bound` is set to a positive relative time, then that
will be the upper bound of maximum Kerberos ticket lifetime derived from
these extensions.

The KDC config `pkinit_ticket_max_life_from_cert` that was added earlier
has been renamed to `pkinit_max_life_from_cert`.

See lib/hx509 and lib/krb5/krb5.conf.5.
2021-03-24 19:12:00 -05:00
..
2011-05-21 11:57:31 -07:00
2020-08-30 13:44:19 +10:00
2018-09-10 14:42:18 -04:00
2017-04-29 01:05:59 -04:00
2019-07-09 12:34:26 -05:00
2016-04-16 16:58:08 -05:00
2018-10-08 08:46:37 -04:00
2012-01-10 22:54:50 +01:00
2012-07-02 11:33:18 -04:00
2020-05-28 00:02:36 -05:00
2014-06-09 23:36:23 +02:00
2011-07-24 16:02:22 -07:00
2014-04-25 02:42:17 +02:00
2011-05-21 11:57:31 -07:00
2014-04-25 02:42:17 +02:00
2011-05-21 11:57:31 -07:00
2018-09-10 14:42:18 -04:00
2011-05-21 11:57:31 -07:00
2011-05-21 11:57:31 -07:00
2009-05-04 06:17:40 +00:00
2020-09-08 00:25:40 -05:00
2020-05-26 11:48:45 -05:00
2020-10-27 13:30:57 -05:00
2014-03-24 23:07:49 -05:00
2011-05-21 11:57:31 -07:00
2018-09-10 14:42:18 -04:00
2016-02-26 01:04:31 -06:00
2016-11-20 17:43:51 -06:00
2016-02-26 01:04:31 -06:00
2016-11-28 17:34:44 -06:00
2017-04-29 13:55:24 -04:00
2017-04-29 01:05:59 -04:00
2016-12-14 22:05:46 -06:00
2020-04-15 09:00:20 +10:00
2016-02-26 00:55:30 -06:00
2012-05-28 13:14:55 +01:00
2011-05-21 11:57:31 -07:00
2019-01-02 13:56:04 -05:00
2010-09-18 14:45:33 -07:00
2011-05-21 11:57:31 -07:00
2011-05-21 11:57:31 -07:00
2009-05-04 06:17:40 +00:00
2014-04-29 11:04:21 -06:00
2009-05-04 06:17:40 +00:00
2011-05-21 11:57:31 -07:00
2009-05-04 06:17:40 +00:00
2011-05-21 11:57:31 -07:00
2009-05-04 06:17:40 +00:00
2011-05-21 11:57:31 -07:00
2009-05-04 06:17:40 +00:00
2019-01-03 20:06:27 -06:00
2009-05-04 06:17:40 +00:00
2010-05-30 13:37:07 -07:00
2009-05-04 06:17:40 +00:00
2016-02-26 01:04:31 -06:00
2011-05-21 11:57:31 -07:00
2019-11-02 18:49:42 -05:00