2752bfb1d0
Fix FTBFS on ancient Heimdal versions
9 years ago
56c2b5fc9b
Add deactivated krb5 PKCS login line
9 years ago
7ebf958b10
Write out remaining appdefaults entries on client
9 years ago
53a442c926
Allow Kerberos ticket init via cryptographic card
9 years ago
80c65755dc
Write missing appdefaults section on client machines
9 years ago
d9172dad3c
Add PKI subject mapping to user principals
...
Fix long-standing inability to clear user principal attribute fields
9 years ago
c70ce69a08
Convert the last methods using the kadmin utility to the Heimdal C API
9 years ago
11869fce63
Move keytab export to native Heimdal API
9 years ago
e085706825
Convert service add to C API
9 years ago
5ae128fb8b
Remove dead code from prior commit
9 years ago
0fbc17ac57
Convert machine add to kadmin API
9 years ago
3d6055df7b
Fix local kadmin access
9 years ago
bd30e6c655
Start to move away from using the kadmin binary to using the kadmin client API
9 years ago
a619f64455
Fix a few minor issues with PKI certificate generation
9 years ago
6cddf7dd1c
Minor fixup to cert generation code
9 years ago
07d094fd32
Extend PKCS certificate generation routines
...
This breaks the ABI
9 years ago
c6eab472be
Add PKCS methods
9 years ago
30b251b05b
Clean up revoked certificates when done updating CRL
9 years ago
ba7bc5afac
Fix up certificate expiry detection
9 years ago
c714661bc9
Add certificate store attribute access method
9 years ago
521c4ed590
Add additional CRL manipulation methods
9 years ago
0fce8b42b6
Store CRL expiry in LDAP
9 years ago
efb81441de
Add CRL generation
9 years ago
a97c0c3d54
Implement several methods required for PKI certificate management
9 years ago
54d8d2580c
Extend user key and certificate generation methods
9 years ago
0a81ad9d6e
Fix CN/DN ordering
9 years ago
bc95fa92b0
Properly set CRL URL and fix up a few other glitches
9 years ago
f0eeda5dc8
Allow CRL URL to be set via configuration file
9 years ago
6df22c8ca2
Fix up Kerberos PKI certificate generation
9 years ago
d6f004658d
Allow certificate expiry to be set
9 years ago
f4afc1290d
Extend CA expiry to 1 year
9 years ago
8b16aef38d
Fix incorrect login causing PAM fatal error message
9 years ago
bea400f197
Fix security hole when Kerberos credential caching is enabled
...
The prior PAM stack configuration, while unfortunately present in many online examples, allows storing of an arbitrary cached password for non-Kerberos users by simply entering it twice
11 years ago
5bfd539b84
Make bonding and unbonding methods slightly more robust
11 years ago
571e1739fb
Fix LDAP CA root file configuration
11 years ago
39c401b796
Look for CA file in correct location on bonded machines
11 years ago
2ac300ccc2
Do not replicate olcGlobal by default
12 years ago
3729eac510
Fix incorrect certificate CA file in ldap client configuration
12 years ago
bac7789f94
Use shared realm certificate file name to allow syncrepl to work
12 years ago
a512090138
Use more precise syncrepl configuration
12 years ago
a257ac4ffe
Fix failure to use provided error string handler in getRealmCAMaster
12 years ago
c5ae1e593d
Fix syncrepl retry timeout and enable hdb replication
12 years ago
a9affe1102
Properly set up syncrepl
12 years ago
c8902fca04
Add missing data fields to LDAPMasterReplicationInfo structure
12 years ago
8a439f8521
Add a number of methods to enable multi-master replication
12 years ago
5b8ec508a0
Fix failure when long Kerberos commands are used
...
This failure was due to an obscure ASCII sequence used in the output of kadmin
12 years ago
8899bee01d
Fix cron script failure
12 years ago
91573227c6
Cleanup output clutter.
12 years ago
3f8b38c5f2
Add paged search capability
12 years ago
98d9e442c4
Add ability to control PAM options including credential caching and home directory creation
12 years ago
Timothy Pearson
Darrell Anderson