Nalin Dahyabhai
e98d94d2bc
Add proposed fix for handling AS client clock skew
...
In addition to basing the contents of an encrypted-timestamp preauth
data item on the server's idea of the current time, go ahead and do the
same for the times in the request.
2013-05-28 18:18:23 -04:00
Nalin Dahyabhai
9b1daaef43
Switch to upstream cherry-pick for this patch
2013-05-28 17:46:20 -04:00
Nalin Dahyabhai
827a48f7cc
Fix handling of empty passwords in get-init-creds
2013-05-28 17:21:45 -04:00
Nalin Dahyabhai
2fdc61e398
Fix transited realm checks in GSSAPI servers
...
- backport fix for not being able to verify the list of transited realms
in GSS acceptors (RT#7639, #959685 )
2013-05-28 17:16:52 -04:00
Nalin Dahyabhai
325dca9ce4
Note the corresponding EL6 bug ID for reference
2013-05-28 17:13:23 -04:00
Nalin Dahyabhai
ee36e9e6b4
fix to make some use of DIR::... KRB5CCNAME values
...
- pull in upstream fix to start treating a KRB5CCNAME value that begins
with DIR:: the same as it would a DIR: value with just one ccache file
in it (RT#7172, #965574 )
2013-05-21 13:51:51 -04:00
Nalin Dahyabhai
fbd06d348b
pull up fix for kpasswd service ping-pong attack
...
- pull up fix for UDP ping-pong flaw in kpasswd service (CVE-2002-2443,
#962531,#962534)
2013-05-13 18:32:51 -04:00
Nathaniel McCallum
c0d2f3b96d
Update otp patch; add keycheck patch
2013-05-03 17:04:40 -04:00
Nalin Dahyabhai
fcc98d5403
make the default ccname change affect f19, too
...
- pull the changing of the compiled-in default ccache location to
DIR:/run/user/%%{uid}/krb5cc back into F19, in line with SSSD and
the most recent pam_krb5 build
2013-04-23 17:39:34 -04:00
Nalin Dahyabhai
d54b8d87c6
correct some configuration file paths
...
Correct some configuration file paths which the KDC_DIR patch
inadvertently changed.
2013-04-17 10:42:46 -04:00
Nalin Dahyabhai
3ba00c4edc
keep track of the message type of FAST requests
...
- pull in fix for keeping track of the message type when parsing FAST requests
in the KDC (RT#7605, #951843 )
2013-04-15 11:06:55 -04:00
Nalin Dahyabhai
61043181c7
update to 1.11.2
...
- update to 1.11.2
- drop pulled in patch for RT#7586, included in this release
- drop pulled in patch for RT#7592, included in this release
2013-04-15 11:06:15 -04:00
Nalin Dahyabhai
7d195950a0
included in 1.11.2
2013-04-15 10:12:28 -04:00
Nalin Dahyabhai
fd7717242f
set DEFCCNAME to DIR:/run/user/%{uid}/krb5cc
...
- move the compiled-in default ccache location from the previous default of
FILE:/tmp/krb5cc_%{uid} to DIR:/run/user/%{uid}/krb5cc (part of #949588 )
2013-04-12 09:24:16 -04:00
Nathaniel McCallum
8d291c8c0a
Update otp plugin backport patches
2013-04-09 14:06:33 -04:00
Nalin Dahyabhai
ffcebd6c2b
trying to get more of the tests to run on builders
...
- when testing the RPC library, treat denials from the local portmapper the
same as a portmapper-not-running situation, to allow other library tests
to be run while building the package
2013-04-03 17:23:58 -04:00
Nalin Dahyabhai
46d5c735d6
add RT number for most recent patch
2013-04-01 10:23:20 -04:00
Nalin Dahyabhai
7b92138ee8
teach gss_acquire_cred_from() about "client_keytab"
...
- pull in Simo's patch to recognize "client_keytab" as a key type which can
be passed in to gss_acquire_cred_from()
2013-03-28 16:13:41 -04:00
Nalin Dahyabhai
30e39857ae
package the right client keytab directory
...
- create and own /var/kerberos/krb5/user instead of /var/kerberos/kdc/user,
since that's what the libraries actually look for
- add buildrequires on nss-myhostname, in an attempt to get more of the tests
to run properly during builds
2013-03-28 16:12:30 -04:00
Nalin Dahyabhai
e7b662f81f
pull in arm 64 (aarch64) build tweaks
...
- go back to using reconf to run autoconf and autoheader (part of #925640 )
- add temporary patch to use newer config.guess/config.sub (more of #925640 )
2013-03-26 16:48:29 -04:00
Nalin Dahyabhai
9d52c1d370
specify backup suffixes, like we do
2013-03-26 16:34:37 -04:00
Nalin Dahyabhai
c761eb0da7
pull up patch to mark imported gss contexts right
...
- pull up Simo's patch to mark the correct mechanism on imported GSSAPI
contexts (RT#7592)
2013-03-26 16:32:29 -04:00
Nalin Dahyabhai
557835fdb3
tweak buildrequires conditionals for el7 builds
...
- fix a version comparison to expect newer texlive build requirements when
%%{_rhel} > 6 rather than when it's > 7
2013-03-18 10:28:51 -04:00
Nathaniel McCallum
0efba32c47
first round of the otp plugin
2013-03-11 16:26:50 -04:00
Nalin Dahyabhai
6fdbb463fc
fix a memory leak when obtaining creds via keytabs
...
- fix a memory leak when acquiring credentials using a keytab (RT#7586, #911110 )
2013-02-28 16:37:33 -05:00
Nalin Dahyabhai
abff2e5117
escape uses of macros in comments (more of 884065)
...
escape uses of macros in comments (more of #884065 )
2013-02-27 18:16:30 -05:00
Nalin Dahyabhai
a47a2acb30
drop the kerberos-iv portreserve file
...
drop the kerberos-iv portreserve file (long overdue), and drop the rest
on systemd systems, since we don't currently poke portreserve when we're
starting a service
2013-02-27 18:15:26 -05:00
Nalin Dahyabhai
460c5ab8b7
prebuild PDF docs to reduce multilib differences
...
prebuild PDF docs to reduce multilib differences (internal tooling, #884065 )
2013-02-27 14:59:35 -05:00
Nalin Dahyabhai
0c2dcfe3ef
update to 1.11.1
...
update to 1.11.1
- drop patch for noticing negative timeouts being passed to the poll()
wrapper in the client transmit functions
2013-02-25 12:44:43 -05:00
Nalin Dahyabhai
977a60b72c
set "rdns = false" in the default krb5.conf
...
set "rdns = false" in the default krb5.conf (#908323 )
2013-02-08 10:29:14 -05:00
Nalin Dahyabhai
0597014fa8
update to 1.11 release
...
- update to the 1.11 final release
- drop the rawbuild tag from a couple of patches which we don't actually
need to apply to get things to compile the way the package expects
2012-12-18 10:37:36 -05:00
Nalin Dahyabhai
9e98fec59e
update to 1.11 beta 2
2012-12-13 10:57:00 -05:00
Nalin Dahyabhai
38b95e7b3e
move a non-system libverto to the -libs subpackage
...
- when building with our bundled copy of libverto, package it in with -libs
rather than with -server (#886049 )
2012-12-13 10:27:19 -05:00
Nalin Dahyabhai
78b3a524da
update to 1.11 beta 1
2012-11-21 15:56:57 -05:00
Nalin Dahyabhai
282fb3c1e0
packaging tweaks
...
- handle releases where texlive packaging wasn't yet as complicated as it
is in Fedora 18
- fix an uninitialized-variable error building one of the test programs
2012-11-16 17:19:59 -05:00
Nalin Dahyabhai
8cf49572ea
more tweaks to try to get doc building working
2012-11-16 15:58:51 -05:00
Nalin Dahyabhai
d97833d1ef
just drop package-level deps on tex altogether
2012-11-16 14:56:42 -05:00
Nalin Dahyabhai
b1e19fe613
sure, okay.
2012-11-16 14:51:53 -05:00
Nalin Dahyabhai
5816919080
require pdflatex and makeindex
2012-11-16 14:36:59 -05:00
Nalin Dahyabhai
d8fb585c09
don't dummy up required stylesheets, require them
2012-11-16 13:35:21 -05:00
Nalin Dahyabhai
9f497eac9f
also note the multilib impact in the docs
2012-11-16 13:14:55 -05:00
Nalin Dahyabhai
f68a6da68f
drop a pair of obsoleted patches
2012-11-16 13:13:07 -05:00
Nalin Dahyabhai
a08be40755
update sources for 1.11-alpha1
2012-11-16 13:04:39 -05:00
Nalin Dahyabhai
7404a3c685
more packaging fixups
...
- move the rather large pile of html and pdf docs to -workstation, so
that just having something that links to the libraries won't drag
them onto a system
- actually create %%{_var}/kerberos/kdc/user, so that it can be packaged
- correct the list of packaged man pages
2012-11-16 13:01:56 -05:00
Nalin Dahyabhai
777f196e39
drop patches to fixup paths in man pages
2012-11-16 13:01:56 -05:00
Nalin Dahyabhai
d0f6217945
own /var/kerberos/kdc/user
2012-11-16 13:01:56 -05:00
Nalin Dahyabhai
2aae42de49
append camellia to the kdc supported enctypes list
2012-11-16 13:01:56 -05:00
Nalin Dahyabhai
18bdbb99e3
drop the only-weak-keys checker
2012-11-16 13:01:56 -05:00
Nalin Dahyabhai
0efe966105
update heed-nsaccountlock patch
...
We lost explicit support for eDirectory per se, so just add a toggle to
enable heeding the one native attribute that 389 adds to the mix.
2012-11-16 13:01:56 -05:00
Nalin Dahyabhai
8a943cb6b5
update selinux labeling patch
2012-11-16 13:01:55 -05:00