oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
Files
dc74e9d00c15e178eaed6128d4d93e6a7c652eef
heimdal/tests/kdc
History
Nicolas Williams dc74e9d00c kdc: Add Heimdal cert ext for ticket max_life 
This adds support for using a Heimdal-specific PKIX extension to derive
a maximum Kerberos ticket lifetime from a client's PKINIT certificate.

KDC configuration parameters:

 - pkinit_max_life_from_cert_extension
 - pkinit_max_life_bound

If `pkinit_max_life_from_cert_extension` is set to true then the
certificate extension or EKU will be checked.

If `pkinit_max_life_bound` is set to a positive relative time, then that
will be the upper bound of maximum Kerberos ticket lifetime derived from
these extensions.

The KDC config `pkinit_ticket_max_life_from_cert` that was added earlier
has been renamed to `pkinit_max_life_from_cert`.

See lib/hx509 and lib/krb5/krb5.conf.5.
2021-03-24 19:12:00 -05:00
..
k5login
spnego: Also use mechglue names
2020-04-25 21:22:32 -05:00
an2ln-db.txt
spnego: Also use mechglue names
2020-04-25 21:22:32 -05:00
check-authz.in
tests/kdc/check-authz still fails
2019-07-09 15:47:12 -05:00
check-bx509.in
bx509: Fix minor test issues
2020-09-08 00:25:24 -05:00
check-canon.in
Minor typo/grammar fixes
2017-03-10 15:47:43 -05:00
check-cc.in
kinit: Make default-for-princ behavior optional
2020-05-25 14:07:05 -05:00
check-delegation.in
Minor typo/grammar fixes
2017-03-10 15:47:43 -05:00
check-des.in
Minor typo/grammar fixes
2017-03-10 15:47:43 -05:00
check-digest.in
Minor typo/grammar fixes
2017-03-10 15:47:43 -05:00
check-fast.in
Minor typo/grammar fixes
2017-03-10 15:47:43 -05:00
check-hdb-mitdb.in
Minor typo/grammar fixes
2017-03-10 15:47:43 -05:00
check-httpkadmind.in
httpkadmind: Fix error clobbering
2020-09-29 16:25:12 -05:00
check-iprop.in
iprop: Support hierarchical iprop
2020-09-18 14:31:43 -05:00
check-kadmin.in
Add new kadmin/ktutil --keep* and --enctypes opts
2019-01-02 17:29:08 -06:00
check-kdc-weak.in
remove $Id$
2009-09-21 10:36:37 -07:00
check-kdc.in
tgs-req: strip forwardable and proxiable if the server is disallowed
2020-02-11 02:49:36 -05:00
check-keys.in
Minor typo/grammar fixes
2017-03-10 15:47:43 -05:00
check-kinit.in
Minor typo/grammar fixes
2017-03-10 15:47:43 -05:00
check-kpasswdd.in
Minor typo/grammar fixes
2017-03-10 15:47:43 -05:00
check-pkinit.in
kdc: Add Heimdal cert ext for ticket max_life
2021-03-24 19:12:00 -05:00
check-referral.in
Separate enterprise and canonicalize flags
2018-12-26 16:55:13 -06:00
check-tester.in
Minor typo/grammar fixes
2017-03-10 15:47:43 -05:00
check-uu.in
Minor typo/grammar fixes
2017-03-10 15:47:43 -05:00
donotexists.txt
missing file.
2007-07-28 19:57:50 +00:00
hdb-mitdb
Add very large MIT KDB princ entry for testing
2013-11-20 01:08:22 -06:00
hdb-mitdb.kadm5
Add very large MIT KDB princ entry for testing
2013-11-20 01:08:22 -06:00
hdb-mitdb.mkey
Update KDB in tests/kdc so check-hdb-mitdb passes
2012-05-03 14:24:19 -05:00
heimdal.acl
kdc: Add httpkadmind
2020-09-08 14:34:08 -05:00
iprop-acl
use full hostname to avoid realm resolving errors
2008-06-01 22:28:32 +00:00
kdc-tester1.json
use no-store
2012-01-10 22:54:16 +01:00
kdc-tester2.json
support keytab testing (and use it)
2011-11-22 11:00:51 -08:00
kdc-tester3.json
handle new syntax for ccache's
2011-11-22 17:57:49 -08:00
kdc-tester4.json.in
test rsa mode too
2011-11-23 09:43:56 -08:00
krb5-authz2.conf.in
Tests: set db-dir so tests don't use /var/heimdal
2016-02-26 01:04:31 -06:00
krb5-authz.conf.in
Tests: set db-dir so tests don't use /var/heimdal
2016-02-26 01:04:31 -06:00
krb5-bx509.conf.in
bx509: Fix minor test issues
2020-09-08 00:25:24 -05:00
krb5-canon2.conf.in
Test RODC interop fix
2016-11-14 21:29:47 -06:00
krb5-canon.conf.in
Test RODC interop fix
2016-11-14 21:29:47 -06:00
krb5-cccol.conf.in
krb5: Improve cccol sub naming; add gss_store_cred_into2()
2020-03-02 17:48:04 -06:00
krb5-hdb-mitdb.conf.in
Test RODC interop fix
2016-11-14 21:29:47 -06:00
krb5-httpkadmind.conf.in
kdc: Add httpkadmind
2020-09-08 14:34:08 -05:00
krb5-pkinit.conf.in
kdc: Add Heimdal cert ext for ticket max_life
2021-03-24 19:12:00 -05:00
krb5.conf.in
iprop: Support hierarchical iprop
2020-09-18 14:31:43 -05:00
krb5.conf.keys.in
Test RODC interop fix
2016-11-14 21:29:47 -06:00
leaks-kill.sh
Make leaks-kill.sh a no-op for now
2016-12-07 19:52:54 -06:00
Makefile.am
kdc: Add param to derive max_life from client cert
2021-03-23 16:44:50 -05:00
ntlm-user-file.txt
remove $Id$
2009-09-21 10:36:37 -07:00
NTMakefile
First drop of Windows build infrastructure from Secure Endpoints
2009-11-24 12:12:53 -08:00
pki-mapping
remove $Id$
2009-09-21 10:36:37 -07:00
uuserver.txt
add user2user test
2007-01-10 20:14:59 +00:00
wait-kdc.sh
For issue#381
2018-12-18 06:21:07 +13:00