rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
1,112 Commits 9 Branches 46 Tags 7.8 MiB
015255764a
Commit Graph

1112 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robbie Harwood
015255764a Sigh, date fix 2020-11-17 12:50:36 -05:00
Robbie Harwood
ec1ab43ca2 Migrate /var/run to /run, an exercise in pointlessness 
Resolves: #1898410
 2020-11-17 12:27:42 -05:00
Robbie Harwood
d2da394f67 Add recursion limit for ASN.1 indefinite lengths (CVE-2020-28196) 2020-11-05 12:09:39 -05:00
Robbie Harwood
bfdc7c0b7b Fix minor static analysis defects 2020-10-23 10:25:37 -04:00
Robbie Harwood
fced14e78a Fix build of previous 2020-10-21 11:49:22 -04:00
Robbie Harwood
7c8b50fca5 Cross-realm s4u fixes for samba (#1836630) 2020-10-21 11:24:24 -04:00
Tomas Mraz
da77b5dcf8 Drop unnecessary conflict with openssl-libs >= 3.0.0 
The requirement unnecessarily prevents temporary coexistence of
krb5-libs with new openssl library where the old openssl library
is coming from openssl1.1 compat package.
 2020-10-19 11:25:53 +02:00
Robbie Harwood
96c0dcc1c7 Unify kvno option documentation 2020-10-15 16:18:06 -04:00
Robbie Harwood
501e298072 Add md5 override to krad 2020-10-02 16:36:12 -04:00
Robbie Harwood
c06ba2920a Use systemctl reload to HUP the KDC during logrotate 
Resolves: #1877692
 2020-09-10 14:22:32 +00:00
Robbie Harwood
d7334ebf68 Fix input length checking in SPNEGO DER decoding 2020-09-09 17:47:18 -04:00
Robbie Harwood
1003328588 Mark crypto-polices snippet as missingok 
Resolves: #1868379
 2020-08-28 12:23:29 -04:00
Robbie Harwood
cd0b1d6ba6 Temporarily dns_canonicalize_hostname=fallback changes 
Hopefully unbreak IPA while we debug further
 2020-08-13 09:50:45 -04:00
Robbie Harwood
c59e4a1c67 Expand dns_canonicalize_hostname=fallback support 2020-08-07 19:03:02 -04:00
Robbie Harwood
2091f29399 Fix leak in KERB_AP_OPTIONS_CBT server support 2020-08-04 14:24:08 -04:00
Robbie Harwood
4530bb6de9 Revert qualify_shortname removal 2020-08-03 15:39:37 -04:00
Robbie Harwood
8be5252136 Disable tests on s390x 
Resolves: #1863952
 2020-08-03 15:36:24 -04:00
Fedora Release Engineering
d0cfa344c7 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-08-01 03:47:16 +00:00
Robbie Harwood
710f626f12 Revert qualify_shortname changes 2020-07-31 13:31:53 -04:00
Fedora Release Engineering
d314641a26 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-07-28 03:39:56 +00:00
Robbie Harwood
86ecb1b3d2 Ignore bad enctypes in krb5_string_to_keysalts() 
Allow gss_unwrap_iov() of unpadded RC4 tokens
 2020-07-22 17:28:11 -04:00
Robbie Harwood
b1b925635d Ignore bad enctypes in krb5_string_to_keysalts() 2020-07-22 15:20:11 -04:00
Tom Stellard
da1e8dbb3f Use make macros 
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
 2020-07-21 22:06:50 +00:00
Robbie Harwood
f15271f04d Set qualify_shortname empty in default configuration 
Resolves: #1852041
 2020-07-08 16:10:07 -04:00
Robbie Harwood
80e06352b8 Use two queues for concurrent t_otp.py daemons 2020-06-15 17:27:59 -04:00
Robbie Harwood
e326a52474 Match Heimdal behavior for channel bindings 2020-06-15 16:57:30 -04:00
Robbie Harwood
feaafc07b2 Fix test suite by removing wrapper workarounds 2020-06-08 22:00:22 +00:00
Robbie Harwood
3c4e18f2f3 Omit PA_FOR_USER if we can't compute its checksum 2020-06-08 16:01:55 -04:00
Robbie Harwood
49849de329 Replace gssrpc tests with a Python script 2020-05-30 12:38:04 -04:00
Robbie Harwood
883355750a Default dns_canonicalize_hostname to "fallback" 2020-05-30 12:01:58 -04:00
Robbie Harwood
331a9df349 dns_canonicalize_hostname = fallback 2020-05-26 21:47:51 +00:00
Robbie Harwood
dec02b8411 Pass channel bindings through SPNEGO 2020-05-26 14:34:53 -04:00
Robbie Harwood
102adf5edf New upstream release (1.18.2) 2020-05-22 14:26:04 -04:00
Robbie Harwood
d370e2a431 Fix SPNEGO acceptor mech filtering 2020-05-22 13:28:09 -04:00
Robbie Harwood
0963a62bc3 Fix typo ("in in") in the ksu man page 2020-05-18 14:02:44 -04:00
Robbie Harwood
a9ccd6fd57 Omit KDC indicator check for S4U2Self requests 2020-05-08 14:14:22 -04:00
Robbie Harwood
19d5d2e504 Pass gss_localname() through SPNEGO 2020-04-28 13:12:21 -04:00
Robbie Harwood
46d8c677ae It usually helps if I commit the sources file 2020-04-14 15:50:03 -04:00
Robbie Harwood
7fca7fd076 New upstream version (1.18.1) 2020-04-14 15:45:43 -04:00
Robbie Harwood
66ec722479 Make ksu honor KRB5CCNAME again 2020-04-07 15:51:54 -04:00
Robbie Harwood
9f3201c4bc Do expiration warnings for all init_creds APIs 2020-04-02 14:03:07 -04:00
Robbie Harwood
c262ec69f6 Correctly import "service@" GSS host-based name 2020-04-01 14:24:49 -04:00
Robbie Harwood
4e7e5fe69b Eliminate redundant PKINIT responder invocation 2020-03-26 16:01:18 -04:00
Robbie Harwood
dd7e9481aa Add finalization safety check to com_err 2020-03-26 10:20:02 -04:00
Robbie Harwood
5c9732a545 Add maximum openssl version in preparation for openssl 3 2020-03-20 16:16:55 +00:00
Robbie Harwood
bea8330f52 Document client keytab usage 2020-03-17 15:26:56 -04:00
Robbie Harwood
bef2ba57a2 Update for new rpmlint shenanigans 2020-03-09 15:26:46 -04:00
Robbie Harwood
f6c62d5e63 Refresh manually acquired creds from client keytab 2020-03-03 12:34:50 -05:00
Robbie Harwood
812c07a94f Allow deletion of require_auth with LDAP KDB 2020-02-28 13:35:47 -05:00
Robbie Harwood
0ecf7a0e65 Allow certauth modules to set hw-authent flag 2020-02-27 16:13:51 -05:00