Update default krb5kdc mkey manual-entry enctype
Also update account lockout patch to upstream version
This commit is contained in:
parent
39ba823db6
commit
79613952e3
@ -1,4 +1,4 @@
|
|||||||
From 770a525f940a319b4f9a91423a9f48bde28429b9 Mon Sep 17 00:00:00 2001
|
From 8ec4a9ab41c73e7955ed7929a3d2a19592811596 Mon Sep 17 00:00:00 2001
|
||||||
From: Simo Sorce <simo@redhat.com>
|
From: Simo Sorce <simo@redhat.com>
|
||||||
Date: Tue, 4 Dec 2018 15:22:55 -0500
|
Date: Tue, 4 Dec 2018 15:22:55 -0500
|
||||||
Subject: [PATCH] Add dns_canonicalize_hostname=fallback support
|
Subject: [PATCH] Add dns_canonicalize_hostname=fallback support
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 0713281743627e32f234e55bdaaeb58b37036675 Mon Sep 17 00:00:00 2001
|
From 8491894d2bad21026d73b999814baffe8a695fb7 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Tue, 15 Jan 2019 16:16:57 -0500
|
Date: Tue, 15 Jan 2019 16:16:57 -0500
|
||||||
Subject: [PATCH] Add function and enctype flag for deprecations
|
Subject: [PATCH] Add function and enctype flag for deprecations
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From b8be4f3272dcca4b34f9d79b47b88e510e0d4926 Mon Sep 17 00:00:00 2001
|
From 01dcc90e901491196a7ce5da893eec0b699c28b5 Mon Sep 17 00:00:00 2001
|
||||||
From: Greg Hudson <ghudson@mit.edu>
|
From: Greg Hudson <ghudson@mit.edu>
|
||||||
Date: Thu, 22 Nov 2018 00:27:35 -0500
|
Date: Thu, 22 Nov 2018 00:27:35 -0500
|
||||||
Subject: [PATCH] Add tests for KCM ccache type
|
Subject: [PATCH] Add tests for KCM ccache type
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 31df8a3ef6b01b11a5956e16206069907a7acf17 Mon Sep 17 00:00:00 2001
|
From ef4610f2ca0337bf5522dca3dc6800f795cc6a82 Mon Sep 17 00:00:00 2001
|
||||||
From: Greg Hudson <ghudson@mit.edu>
|
From: Greg Hudson <ghudson@mit.edu>
|
||||||
Date: Sun, 30 Dec 2018 16:40:28 -0500
|
Date: Sun, 30 Dec 2018 16:40:28 -0500
|
||||||
Subject: [PATCH] Address some optimized-out memset() calls
|
Subject: [PATCH] Address some optimized-out memset() calls
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From dac87fb5d866251731ba524053d55482bf5fad2a Mon Sep 17 00:00:00 2001
|
From cf0981bf39558c6501fe1dd2386231ac5f430918 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Mon, 6 May 2019 15:14:49 -0400
|
Date: Mon, 6 May 2019 15:14:49 -0400
|
||||||
Subject: [PATCH] Avoid alignment warnings in openssl rc4.c
|
Subject: [PATCH] Avoid alignment warnings in openssl rc4.c
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 087dd4f2cfde763b3b4ac1e34de87a3b9217037f Mon Sep 17 00:00:00 2001
|
From f516db322b1469a13e59e1c2847e62cb265ce92c Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Thu, 3 Jan 2019 17:19:32 +0100
|
Date: Thu, 3 Jan 2019 17:19:32 +0100
|
||||||
Subject: [PATCH] Avoid allocating a register in zap() assembly
|
Subject: [PATCH] Avoid allocating a register in zap() assembly
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 43fa850e47233f95c429c5b06fc74130a9c2b2b1 Mon Sep 17 00:00:00 2001
|
From f001aa86071aabc398b0d7c38033c26b21fe85f2 Mon Sep 17 00:00:00 2001
|
||||||
From: Greg Hudson <ghudson@mit.edu>
|
From: Greg Hudson <ghudson@mit.edu>
|
||||||
Date: Mon, 22 Apr 2019 14:26:42 -0400
|
Date: Mon, 22 Apr 2019 14:26:42 -0400
|
||||||
Subject: [PATCH] Check more errors in OpenSSL crypto backend
|
Subject: [PATCH] Check more errors in OpenSSL crypto backend
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From f6f799d2581251529c28bbb4644e42e19c6980ab Mon Sep 17 00:00:00 2001
|
From 8f22ca7ddc9765e3d7a1de867164d307f8662cb3 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Tue, 2 Apr 2019 14:18:57 -0400
|
Date: Tue, 2 Apr 2019 14:18:57 -0400
|
||||||
Subject: [PATCH] Clarify header comment for krb5_cc_start_seq_get()
|
Subject: [PATCH] Clarify header comment for krb5_cc_start_seq_get()
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 63e531d3545d74d734f56987bbc77256cbcd7763 Mon Sep 17 00:00:00 2001
|
From ab1435ed0654df9991bddb29971c913ef1f957be Mon Sep 17 00:00:00 2001
|
||||||
From: Greg Hudson <ghudson@mit.edu>
|
From: Greg Hudson <ghudson@mit.edu>
|
||||||
Date: Thu, 15 Nov 2018 13:40:43 -0500
|
Date: Thu, 15 Nov 2018 13:40:43 -0500
|
||||||
Subject: [PATCH] Clear forwardable flag instead of denying request
|
Subject: [PATCH] Clear forwardable flag instead of denying request
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 4cacf2fa4a181b728742bce8c1ea11c07ba9a143 Mon Sep 17 00:00:00 2001
|
From 2f5531f3cffb497902241e4932db20617f4d30eb Mon Sep 17 00:00:00 2001
|
||||||
From: Greg Hudson <ghudson@mit.edu>
|
From: Greg Hudson <ghudson@mit.edu>
|
||||||
Date: Tue, 16 Apr 2019 10:47:35 -0400
|
Date: Tue, 16 Apr 2019 10:47:35 -0400
|
||||||
Subject: [PATCH] Fix config realm change logic in FILE remove_cred
|
Subject: [PATCH] Fix config realm change logic in FILE remove_cred
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 492872c4581f8b7f6d78cbc2e50e0b819c47a168 Mon Sep 17 00:00:00 2001
|
From 75b39bfb256b639cf6ca491568fd6ef667b19d46 Mon Sep 17 00:00:00 2001
|
||||||
From: Corene Casper <C.Casper@Dell.com>
|
From: Corene Casper <C.Casper@Dell.com>
|
||||||
Date: Sat, 16 Feb 2019 00:49:26 -0500
|
Date: Sat, 16 Feb 2019 00:49:26 -0500
|
||||||
Subject: [PATCH] Fix memory leak in 'none' replay cache type
|
Subject: [PATCH] Fix memory leak in 'none' replay cache type
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 0201f95a60194c99bd3139235eb46e13e7f4484f Mon Sep 17 00:00:00 2001
|
From 4faa872c4fc674b791a1c05652833ff40dac7889 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Thu, 18 Apr 2019 13:39:37 -0400
|
Date: Thu, 18 Apr 2019 13:39:37 -0400
|
||||||
Subject: [PATCH] Fix potential close(-1) in cc_file.c
|
Subject: [PATCH] Fix potential close(-1) in cc_file.c
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From e196f175f5b551290efab029295dcf728feb4fac Mon Sep 17 00:00:00 2001
|
From b7bbc88f5ebc6000a8dec95e7f0ff92bbeb54ad4 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Thu, 2 May 2019 14:05:38 -0400
|
Date: Thu, 2 May 2019 14:05:38 -0400
|
||||||
Subject: [PATCH] Fix some return code handling bugs
|
Subject: [PATCH] Fix some return code handling bugs
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 6e199a7d007bbfd72ed76ff5534b9b3b88a82227 Mon Sep 17 00:00:00 2001
|
From 7d3da40bd7f44f2d6960b5a9245a1d773c4ee1a0 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Mon, 1 Apr 2019 14:28:48 -0400
|
Date: Mon, 1 Apr 2019 14:28:48 -0400
|
||||||
Subject: [PATCH] Implement krb5_cc_remove_cred for remaining types
|
Subject: [PATCH] Implement krb5_cc_remove_cred for remaining types
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 35681c176f3519df4700fd799ed66efd323f8c66 Mon Sep 17 00:00:00 2001
|
From ae3053282d879cdbb803c0ff1d6deef8940eeb2a Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Mon, 6 May 2019 13:13:16 -0400
|
Date: Mon, 6 May 2019 13:13:16 -0400
|
||||||
Subject: [PATCH] Improve error messages from kadmin change_password
|
Subject: [PATCH] Improve error messages from kadmin change_password
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 34883789b60e7961ac0c63062ffadbb2e628a76e Mon Sep 17 00:00:00 2001
|
From 71cbe768d29bbe35cff9c37959f3e5352569af39 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Tue, 15 Jan 2019 13:41:16 -0500
|
Date: Tue, 15 Jan 2019 13:41:16 -0500
|
||||||
Subject: [PATCH] In kpropd, debug-log proper ticket enctype names
|
Subject: [PATCH] In kpropd, debug-log proper ticket enctype names
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 4d178af94f1a5f187b43de96ae16b2fb1cf4ba8a Mon Sep 17 00:00:00 2001
|
From 4c59f0f53a698c9c4242791e8d620d50a394d5c6 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Mon, 14 Jan 2019 17:14:42 -0500
|
Date: Mon, 14 Jan 2019 17:14:42 -0500
|
||||||
Subject: [PATCH] In rd_req_dec, always log non-permitted enctypes
|
Subject: [PATCH] In rd_req_dec, always log non-permitted enctypes
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From da7349429a2985423ad006cc1f9d149e594118b7 Mon Sep 17 00:00:00 2001
|
From 37b73dd837a05c14d422379b686b8a10de0083fa Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Thu, 2 May 2019 13:36:38 -0400
|
Date: Thu, 2 May 2019 13:36:38 -0400
|
||||||
Subject: [PATCH] Initialize some data structure magic fields
|
Subject: [PATCH] Initialize some data structure magic fields
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From fddfa2abbc9e1ccd138d66a8c462a6a0eba1ecaa Mon Sep 17 00:00:00 2001
|
From e05c448510fc20946fb6d777bd7e3841dd986e75 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Tue, 8 Jan 2019 17:42:35 -0500
|
Date: Tue, 8 Jan 2019 17:42:35 -0500
|
||||||
Subject: [PATCH] Make etype names in KDC logs human-readable
|
Subject: [PATCH] Make etype names in KDC logs human-readable
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From c40eb78a918138369f6d7142590732f563968909 Mon Sep 17 00:00:00 2001
|
From 7acee539da508c10aabbc8483243da6c6ba37892 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Thu, 10 Jan 2019 16:34:54 -0500
|
Date: Thu, 10 Jan 2019 16:34:54 -0500
|
||||||
Subject: [PATCH] Mark deprecated enctypes when used
|
Subject: [PATCH] Mark deprecated enctypes when used
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 7385ae430280e839a2a0b5a7c5a6be1b2b24aef4 Mon Sep 17 00:00:00 2001
|
From 28a605c2411c3def3e5eaa19be5326777e959a1a Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Thu, 11 Apr 2019 18:33:04 -0400
|
Date: Thu, 11 Apr 2019 18:33:04 -0400
|
||||||
Subject: [PATCH] Mark the doc/kadm5 tex files as historic
|
Subject: [PATCH] Mark the doc/kadm5 tex files as historic
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 6eb0931738f26890952de08d4ea9de24b0f684f5 Mon Sep 17 00:00:00 2001
|
From cef9a57dc094bb2ca57d5b765981fbb2ab93adde Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Thu, 11 Apr 2019 18:25:41 -0400
|
Date: Thu, 11 Apr 2019 18:25:41 -0400
|
||||||
Subject: [PATCH] Modernize example enctypes in documentation
|
Subject: [PATCH] Modernize example enctypes in documentation
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From bca13182a78bc3c62bd7e616c9b69ce96fe00b98 Mon Sep 17 00:00:00 2001
|
From 894bcbfcf27c9bc1117bb624f27123eb25fcd7bf Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Thu, 2 May 2019 14:32:33 -0400
|
Date: Thu, 2 May 2019 14:32:33 -0400
|
||||||
Subject: [PATCH] Modernize exit path in gss_krb5int_copy_ccache()
|
Subject: [PATCH] Modernize exit path in gss_krb5int_copy_ccache()
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 5601f9e0291feedeba7a420396d83b38c7332e86 Mon Sep 17 00:00:00 2001
|
From 6f9bd0a292f1b84e16cab8c89efee87359b007d2 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Thu, 14 Feb 2019 11:50:35 -0500
|
Date: Thu, 14 Feb 2019 11:50:35 -0500
|
||||||
Subject: [PATCH] Properly size #ifdef in k5_cccol_lock()
|
Subject: [PATCH] Properly size #ifdef in k5_cccol_lock()
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From ff88e21470d374f057107148de8b972a04f59641 Mon Sep 17 00:00:00 2001
|
From ff011e05cfb28b408778f4ace22a745f19c0bdd2 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Thu, 4 Apr 2019 14:37:38 -0400
|
Date: Thu, 4 Apr 2019 14:37:38 -0400
|
||||||
Subject: [PATCH] Remove Kerberos v4 support vestiges from ccapi
|
Subject: [PATCH] Remove Kerberos v4 support vestiges from ccapi
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 32b05ffd5f0d6eff5f989a8c30a030a3e1972e5d Mon Sep 17 00:00:00 2001
|
From 7f015c7ed945d1d51ffd0ba1dd5b89c150eacf83 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Wed, 3 Apr 2019 16:01:22 -0400
|
Date: Wed, 3 Apr 2019 16:01:22 -0400
|
||||||
Subject: [PATCH] Remove ccapi-related comments in configure.ac
|
Subject: [PATCH] Remove ccapi-related comments in configure.ac
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From e3de3f9916acc4ba0ac2e15c2d9a6826802170d2 Mon Sep 17 00:00:00 2001
|
From a642ac26ca00d4cfaae84398372035b0c1e444ed Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Mon, 13 May 2019 14:19:57 -0400
|
Date: Mon, 13 May 2019 14:19:57 -0400
|
||||||
Subject: [PATCH] Remove checksum type profile variables
|
Subject: [PATCH] Remove checksum type profile variables
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 2ea1badfb30f8549a5ec00dc8c5f5e58caea5a03 Mon Sep 17 00:00:00 2001
|
From ecab56bca80824913e98a5b25f34a5ebe483990d Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Wed, 3 Apr 2019 14:58:19 -0400
|
Date: Wed, 3 Apr 2019 14:58:19 -0400
|
||||||
Subject: [PATCH] Remove confvalidator utility
|
Subject: [PATCH] Remove confvalidator utility
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From a37470b4f45cd40318c8ad84d92f56bdaac4993e Mon Sep 17 00:00:00 2001
|
From 85416629f6d120bf272d9aaa9c661b8a849c40b3 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Thu, 2 May 2019 16:57:51 -0400
|
Date: Thu, 2 May 2019 16:57:51 -0400
|
||||||
Subject: [PATCH] Remove dead variable def_kslist from two files
|
Subject: [PATCH] Remove dead variable def_kslist from two files
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 90324f46fe8aed4054ecad4f3a0357ffa3716852 Mon Sep 17 00:00:00 2001
|
From cf25d152b2b1f54bbd92e235a30de20e154f3e7a Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Thu, 4 Apr 2019 14:15:58 -0400
|
Date: Thu, 4 Apr 2019 14:15:58 -0400
|
||||||
Subject: [PATCH] Remove doxygen-generated HTML output for ccapi
|
Subject: [PATCH] Remove doxygen-generated HTML output for ccapi
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 962e49c0ef0faf00210a1f88044782f6fa47a779 Mon Sep 17 00:00:00 2001
|
From 12e48c208c042f219d5cb8fb984094c5c958c99b Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Thu, 4 Apr 2019 16:14:46 -0400
|
Date: Thu, 4 Apr 2019 16:14:46 -0400
|
||||||
Subject: [PATCH] Remove kadmin RPC support for setting v4 key
|
Subject: [PATCH] Remove kadmin RPC support for setting v4 key
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From f708c93e82dc34c6ab2bd04be2149bd539faec4d Mon Sep 17 00:00:00 2001
|
From 98e6b0ada15075ea017fe8086f21b95fc2280fcd Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Thu, 9 May 2019 14:07:24 -0400
|
Date: Thu, 9 May 2019 14:07:24 -0400
|
||||||
Subject: [PATCH] Remove more dead code
|
Subject: [PATCH] Remove more dead code
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 56be395114bed8e8dd41b91e41e233637488d3ab Mon Sep 17 00:00:00 2001
|
From 6f9222fb372af6d7988c65cc4ec3cb56f6cc747a Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Tue, 22 Jan 2019 18:34:58 -0500
|
Date: Tue, 22 Jan 2019 18:34:58 -0500
|
||||||
Subject: [PATCH] Remove ovsec_adm_export dump format support
|
Subject: [PATCH] Remove ovsec_adm_export dump format support
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 42b1d879cf0705d3bc76c4b546275f1c608ebda9 Mon Sep 17 00:00:00 2001
|
From 0869d133743446612c512ce9aec5832ce10e282b Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Mon, 9 Oct 2017 15:58:33 -0400
|
Date: Mon, 9 Oct 2017 15:58:33 -0400
|
||||||
Subject: [PATCH] Remove srvtab support
|
Subject: [PATCH] Remove srvtab support
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 251694f155bd132a162f876e59abf5caf7140c70 Mon Sep 17 00:00:00 2001
|
From 48cca5e6134e6137cab7d592dfb31f0a19e4e7ea Mon Sep 17 00:00:00 2001
|
||||||
From: Greg Hudson <ghudson@mit.edu>
|
From: Greg Hudson <ghudson@mit.edu>
|
||||||
Date: Sun, 5 May 2019 18:53:27 -0400
|
Date: Sun, 5 May 2019 18:53:27 -0400
|
||||||
Subject: [PATCH] Simplify SAM-2 as_key handling
|
Subject: [PATCH] Simplify SAM-2 as_key handling
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 02c3a9756cba8676a3074ae8c1c96b26e1b47c98 Mon Sep 17 00:00:00 2001
|
From 0b4433c4ab9653eb298e2b7d959e957d468fd3f9 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Mon, 6 May 2019 13:13:06 -0400
|
Date: Mon, 6 May 2019 13:13:06 -0400
|
||||||
Subject: [PATCH] Simply OpenSSL PKCS7 decryption code
|
Subject: [PATCH] Simply OpenSSL PKCS7 decryption code
|
||||||
|
63
Support-389ds-s-lockout-model.patch
Normal file
63
Support-389ds-s-lockout-model.patch
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
From 5673f1c22b602ac4b72e59c84b70ecedf3132c11 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Tue, 23 Aug 2016 16:47:44 -0400
|
||||||
|
Subject: [PATCH] Support 389ds's lockout model
|
||||||
|
|
||||||
|
Handle the attribute 'nsAccountLock' from Netscape derivatives. Based
|
||||||
|
on a patch by Nalin Dahyabhai and Simo Sorce.
|
||||||
|
|
||||||
|
ticket: 5891
|
||||||
|
(cherry picked from commit 6ad061e24eca41a61eebed61db39768bfa51a084)
|
||||||
|
---
|
||||||
|
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 18 ++++++++++++++++++
|
||||||
|
.../kdb/ldap/libkdb_ldap/ldap_principal.c | 1 +
|
||||||
|
2 files changed, 19 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
|
||||||
|
index 5b9d1e9fa..2ade63719 100644
|
||||||
|
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
|
||||||
|
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
|
||||||
|
@@ -1420,6 +1420,7 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context,
|
||||||
|
struct berval **ber_key_data = NULL, **ber_tl_data = NULL;
|
||||||
|
krb5_tl_data userinfo_tl_data = { NULL }, **endp, *tl;
|
||||||
|
osa_princ_ent_rec princ_ent;
|
||||||
|
+ char *is_login_disabled = NULL;
|
||||||
|
|
||||||
|
memset(&princ_ent, 0, sizeof(princ_ent));
|
||||||
|
|
||||||
|
@@ -1653,6 +1654,23 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context,
|
||||||
|
if (ret)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * 389ds and other Netscape directory server derivatives support an
|
||||||
|
+ * attribute "nsAccountLock" which functions similarly to eDirectory's
|
||||||
|
+ * "loginDisabled". When the user's account object is also a
|
||||||
|
+ * krbPrincipalAux object, the kdb entry should be treated as if
|
||||||
|
+ * DISALLOW_ALL_TIX has been set.
|
||||||
|
+ */
|
||||||
|
+ ret = krb5_ldap_get_string(ld, ent, "nsAccountLock", &is_login_disabled,
|
||||||
|
+ &attr_present);
|
||||||
|
+ if (ret)
|
||||||
|
+ goto cleanup;
|
||||||
|
+ if (attr_present == TRUE) {
|
||||||
|
+ if (strcasecmp(is_login_disabled, "TRUE") == 0)
|
||||||
|
+ entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
|
||||||
|
+ free(is_login_disabled);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ret = krb5_read_tkt_policy(context, ldap_context, entry, tktpolname);
|
||||||
|
if (ret)
|
||||||
|
goto cleanup;
|
||||||
|
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
|
||||||
|
index d722dbfa6..a5180c73f 100644
|
||||||
|
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
|
||||||
|
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
|
||||||
|
@@ -54,6 +54,7 @@ char *principal_attributes[] = { "krbprincipalname",
|
||||||
|
"krbLastFailedAuth",
|
||||||
|
"krbLoginFailedCount",
|
||||||
|
"krbLastSuccessfulAuth",
|
||||||
|
+ "nsAccountLock",
|
||||||
|
"krbLastPwdChange",
|
||||||
|
"krbLastAdminUnlock",
|
||||||
|
"krbPrincipalAuthInd",
|
@ -1,4 +1,4 @@
|
|||||||
From f3f8effd4978bc6671adc85d98105ca10a67df1f Mon Sep 17 00:00:00 2001
|
From a7db3ad8e75a865c2de8c522f582129051bbe958 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Tue, 16 Apr 2019 14:16:39 -0400
|
Date: Tue, 16 Apr 2019 14:16:39 -0400
|
||||||
Subject: [PATCH] Update ASN.1 SAM tests to use a modern enctype
|
Subject: [PATCH] Update ASN.1 SAM tests to use a modern enctype
|
||||||
|
54
Update-default-krb5kdc-mkey-manual-entry-enctype.patch
Normal file
54
Update-default-krb5kdc-mkey-manual-entry-enctype.patch
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
From 32d2b3e6dc3ab6aa9bb824701752ccfc23d61c1c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Mon, 20 May 2019 16:52:57 -0400
|
||||||
|
Subject: [PATCH] Update default krb5kdc mkey manual-entry enctype
|
||||||
|
|
||||||
|
Change from the legacy des-cbc-crc to the default for kdb5_util and
|
||||||
|
kadmind, which is currently aes256-cts-hmac-sha1-96.
|
||||||
|
|
||||||
|
(cherry picked from commit 512f5cde625253cba1e6f87e037a00ef88178882)
|
||||||
|
---
|
||||||
|
doc/admin/admin_commands/krb5kdc.rst | 2 +-
|
||||||
|
src/kdc/main.c | 2 +-
|
||||||
|
src/man/krb5kdc.man | 2 +-
|
||||||
|
3 files changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/doc/admin/admin_commands/krb5kdc.rst b/doc/admin/admin_commands/krb5kdc.rst
|
||||||
|
index 0342d0d18..455bb6858 100644
|
||||||
|
--- a/doc/admin/admin_commands/krb5kdc.rst
|
||||||
|
+++ b/doc/admin/admin_commands/krb5kdc.rst
|
||||||
|
@@ -39,7 +39,7 @@ LDAP database.
|
||||||
|
|
||||||
|
The **-k** *keytype* option specifies the key type of the master key
|
||||||
|
to be entered manually as a password when **-m** is given; the default
|
||||||
|
-is ``des-cbc-crc``.
|
||||||
|
+is |defmkey|.
|
||||||
|
|
||||||
|
The **-M** *mkeyname* option specifies the principal name for the
|
||||||
|
master key in the database (usually ``K/M`` in the KDC's realm).
|
||||||
|
diff --git a/src/kdc/main.c b/src/kdc/main.c
|
||||||
|
index 60092a0df..04393772f 100644
|
||||||
|
--- a/src/kdc/main.c
|
||||||
|
+++ b/src/kdc/main.c
|
||||||
|
@@ -777,7 +777,7 @@ initialize_realms(krb5_context kcontext, int argc, char **argv,
|
||||||
|
case 'm': /* manual type-in of master key */
|
||||||
|
manual = TRUE;
|
||||||
|
if (menctype == ENCTYPE_UNKNOWN)
|
||||||
|
- menctype = ENCTYPE_DES_CBC_CRC;
|
||||||
|
+ menctype = DEFAULT_KDC_ENCTYPE;
|
||||||
|
break;
|
||||||
|
case 'M': /* master key name in DB */
|
||||||
|
mkey_name = optarg;
|
||||||
|
diff --git a/src/man/krb5kdc.man b/src/man/krb5kdc.man
|
||||||
|
index 8ace9662f..aa8614698 100644
|
||||||
|
--- a/src/man/krb5kdc.man
|
||||||
|
+++ b/src/man/krb5kdc.man
|
||||||
|
@@ -59,7 +59,7 @@ LDAP database.
|
||||||
|
.sp
|
||||||
|
The \fB\-k\fP \fIkeytype\fP option specifies the key type of the master key
|
||||||
|
to be entered manually as a password when \fB\-m\fP is given; the default
|
||||||
|
-is \fBdes\-cbc\-crc\fP\&.
|
||||||
|
+is \fBaes256\-cts\-hmac\-sha1\-96\fP\&.
|
||||||
|
.sp
|
||||||
|
The \fB\-M\fP \fImkeyname\fP option specifies the principal name for the
|
||||||
|
master key in the database (usually \fBK/M\fP in the KDC\(aqs realm).
|
@ -1,4 +1,4 @@
|
|||||||
From a46c1dd1be09217f9f19e9c70381893dc3995c45 Mon Sep 17 00:00:00 2001
|
From 4ed88289e0b3c5a6fcda13078abf211fb8e4f84c Mon Sep 17 00:00:00 2001
|
||||||
From: Greg Hudson <ghudson@mit.edu>
|
From: Greg Hudson <ghudson@mit.edu>
|
||||||
Date: Wed, 24 Apr 2019 16:19:50 -0400
|
Date: Wed, 24 Apr 2019 16:19:50 -0400
|
||||||
Subject: [PATCH] Use secure_getenv() where appropriate
|
Subject: [PATCH] Use secure_getenv() where appropriate
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From d3e720a17e4284c791541840dcbc8652d33a75c4 Mon Sep 17 00:00:00 2001
|
From 8e03102127701980c1ace62cbea93e4003a0ef5d Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Tue, 23 Aug 2016 16:52:01 -0400
|
Date: Tue, 23 Aug 2016 16:52:01 -0400
|
||||||
Subject: [PATCH] krb5-1.11-kpasswdtest.patch
|
Subject: [PATCH] krb5-1.11-kpasswdtest.patch
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 75ba8f42c0e9426af80c71aaaa490cc6262e259c Mon Sep 17 00:00:00 2001
|
From 44ecf1e570aacff7630334fbf1650e2f33f8675e Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Tue, 23 Aug 2016 16:49:57 -0400
|
Date: Tue, 23 Aug 2016 16:49:57 -0400
|
||||||
Subject: [PATCH] krb5-1.11-run_user_0.patch
|
Subject: [PATCH] krb5-1.11-run_user_0.patch
|
||||||
|
@ -1,75 +0,0 @@
|
|||||||
From eb26e32b7cce535a7a70168b7f44aa07eb989264 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
|
||||||
Date: Tue, 23 Aug 2016 16:47:44 -0400
|
|
||||||
Subject: [PATCH] krb5-1.13-dirsrv-accountlock.patch
|
|
||||||
|
|
||||||
Treat 'nsAccountLock: true' the same as 'loginDisabled: true'. Updated from
|
|
||||||
original version filed as RT#5891.
|
|
||||||
---
|
|
||||||
src/aclocal.m4 | 9 +++++++++
|
|
||||||
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 17 +++++++++++++++++
|
|
||||||
.../kdb/ldap/libkdb_ldap/ldap_principal.c | 3 +++
|
|
||||||
3 files changed, 29 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/aclocal.m4 b/src/aclocal.m4
|
|
||||||
index db18226ed..518b1a547 100644
|
|
||||||
--- a/src/aclocal.m4
|
|
||||||
+++ b/src/aclocal.m4
|
|
||||||
@@ -1678,6 +1678,15 @@ if test "$with_ldap" = yes; then
|
|
||||||
AC_MSG_NOTICE(enabling OpenLDAP database backend module support)
|
|
||||||
OPENLDAP_PLUGIN=yes
|
|
||||||
fi
|
|
||||||
+AC_ARG_WITH([dirsrv-account-locking],
|
|
||||||
+[ --with-dirsrv-account-locking compile 389/Red Hat/Fedora/Netscape Directory Server database backend module],
|
|
||||||
+[case "$withval" in
|
|
||||||
+ yes | no) ;;
|
|
||||||
+ *) AC_MSG_ERROR(Invalid option value --with-dirsrv-account-locking="$withval") ;;
|
|
||||||
+esac], with_dirsrv_account_locking=no)
|
|
||||||
+if test $with_dirsrv_account_locking = yes; then
|
|
||||||
+ AC_DEFINE(HAVE_DIRSRV_ACCOUNT_LOCKING,1,[Define if LDAP KDB interface should heed 389 DS's nsAccountLock attribute.])
|
|
||||||
+fi
|
|
||||||
])dnl
|
|
||||||
dnl
|
|
||||||
dnl If libkeyutils exists (on Linux) include it and use keyring ccache
|
|
||||||
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
|
|
||||||
index 5b9d1e9fa..4e7270065 100644
|
|
||||||
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
|
|
||||||
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
|
|
||||||
@@ -1652,6 +1652,23 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context,
|
|
||||||
ret = krb5_dbe_update_tl_data(context, entry, &userinfo_tl_data);
|
|
||||||
if (ret)
|
|
||||||
goto cleanup;
|
|
||||||
+#ifdef HAVE_DIRSRV_ACCOUNT_LOCKING
|
|
||||||
+ {
|
|
||||||
+ krb5_timestamp expiretime=0;
|
|
||||||
+ char *is_login_disabled=NULL;
|
|
||||||
+
|
|
||||||
+ /* LOGIN DISABLED */
|
|
||||||
+ ret = krb5_ldap_get_string(ld, ent, "nsAccountLock", &is_login_disabled,
|
|
||||||
+ &attr_present);
|
|
||||||
+ if (ret)
|
|
||||||
+ goto cleanup;
|
|
||||||
+ if (attr_present == TRUE) {
|
|
||||||
+ if (strcasecmp(is_login_disabled, "TRUE")== 0)
|
|
||||||
+ entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
|
|
||||||
+ free (is_login_disabled);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
ret = krb5_read_tkt_policy(context, ldap_context, entry, tktpolname);
|
|
||||||
if (ret)
|
|
||||||
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
|
|
||||||
index d722dbfa6..5e8e9a897 100644
|
|
||||||
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
|
|
||||||
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
|
|
||||||
@@ -54,6 +54,9 @@ char *principal_attributes[] = { "krbprincipalname",
|
|
||||||
"krbLastFailedAuth",
|
|
||||||
"krbLoginFailedCount",
|
|
||||||
"krbLastSuccessfulAuth",
|
|
||||||
+#ifdef HAVE_DIRSRV_ACCOUNT_LOCKING
|
|
||||||
+ "nsAccountLock",
|
|
||||||
+#endif
|
|
||||||
"krbLastPwdChange",
|
|
||||||
"krbLastAdminUnlock",
|
|
||||||
"krbPrincipalAuthInd",
|
|
@ -1,4 +1,4 @@
|
|||||||
From 853a9aacfbc842037b30607bacb5c60f5918cccb Mon Sep 17 00:00:00 2001
|
From 3cd7636a824638f880e7512fa1f547ec379b8499 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Fri, 9 Nov 2018 15:12:21 -0500
|
Date: Fri, 9 Nov 2018 15:12:21 -0500
|
||||||
Subject: [PATCH] krb5-1.17post2 FIPS with PRNG, SPAKE, and RADIUS
|
Subject: [PATCH] krb5-1.17post2 FIPS with PRNG, SPAKE, and RADIUS
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 454b35ce48bb8de491cad93c8944c783d1c47fd1 Mon Sep 17 00:00:00 2001
|
From 371770fc1d545414838685bcd2542450dfb0e097 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Tue, 23 Aug 2016 16:49:25 -0400
|
Date: Tue, 23 Aug 2016 16:49:25 -0400
|
||||||
Subject: [PATCH] krb5-1.9-debuginfo.patch
|
Subject: [PATCH] krb5-1.9-debuginfo.patch
|
||||||
|
@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
|
|||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.17
|
Version: 1.17
|
||||||
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
|
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
|
||||||
Release: 23%{?dist}
|
Release: 24%{?dist}
|
||||||
|
|
||||||
# lookaside-cached sources; two downloads and a build artifact
|
# lookaside-cached sources; two downloads and a build artifact
|
||||||
Source0: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}%{prerelease}.tar.gz
|
Source0: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}%{prerelease}.tar.gz
|
||||||
@ -54,7 +54,6 @@ Patch27: krb5-1.17-beta1-selinux-label.patch
|
|||||||
Patch28: krb5-1.12-ksu-path.patch
|
Patch28: krb5-1.12-ksu-path.patch
|
||||||
Patch30: krb5-1.15-beta1-buildconf.patch
|
Patch30: krb5-1.15-beta1-buildconf.patch
|
||||||
Patch31: krb5-1.3.1-dns.patch
|
Patch31: krb5-1.3.1-dns.patch
|
||||||
Patch33: krb5-1.13-dirsrv-accountlock.patch
|
|
||||||
Patch34: krb5-1.9-debuginfo.patch
|
Patch34: krb5-1.9-debuginfo.patch
|
||||||
Patch35: krb5-1.11-run_user_0.patch
|
Patch35: krb5-1.11-run_user_0.patch
|
||||||
Patch36: krb5-1.11-kpasswdtest.patch
|
Patch36: krb5-1.11-kpasswdtest.patch
|
||||||
@ -97,6 +96,8 @@ Patch129: Remove-dead-variable-def_kslist-from-two-files.patch
|
|||||||
Patch130: Mark-the-doc-kadm5-tex-files-as-historic.patch
|
Patch130: Mark-the-doc-kadm5-tex-files-as-historic.patch
|
||||||
Patch131: Modernize-example-enctypes-in-documentation.patch
|
Patch131: Modernize-example-enctypes-in-documentation.patch
|
||||||
Patch132: Update-ASN.1-SAM-tests-to-use-a-modern-enctype.patch
|
Patch132: Update-ASN.1-SAM-tests-to-use-a-modern-enctype.patch
|
||||||
|
Patch133: Update-default-krb5kdc-mkey-manual-entry-enctype.patch
|
||||||
|
Patch134: Support-389ds-s-lockout-model.patch
|
||||||
|
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: https://web.mit.edu/kerberos/www/
|
URL: https://web.mit.edu/kerberos/www/
|
||||||
@ -706,6 +707,10 @@ exit 0
|
|||||||
%{_libdir}/libkadm5srv_mit.so.*
|
%{_libdir}/libkadm5srv_mit.so.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue May 21 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-24
|
||||||
|
- Update default krb5kdc mkey manual-entry enctype
|
||||||
|
- Also update account lockout patch to upstream version
|
||||||
|
|
||||||
* Mon May 20 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-23
|
* Mon May 20 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-23
|
||||||
- Test & docs fixes in preparation for DES removal
|
- Test & docs fixes in preparation for DES removal
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user