Commit Graph

774 Commits

Author SHA1 Message Date
Robbie Harwood
fef40744ec Add tests for KCM ccache type 2018-11-29 14:58:18 -05:00
Robbie Harwood
83e3cdfc7d Gain FIPS awareness 2018-11-12 20:39:38 +00:00
Robbie Harwood
d401b30b5f Fix spurious errors from kcmio_unix_socket_write
Resolves: #1645912
2018-11-08 11:22:27 -05:00
Robbie Harwood
f745542b78 New upstream beta release (1.17-beta1) 2018-11-01 20:07:33 +00:00
Robbie Harwood
5f59f89111 Package kerberos(7) 2018-10-24 15:36:36 -04:00
Robbie Harwood
3ce8c381c3 Update man pages to reference kerberos(7)
Resolves: #1143767
2018-10-24 15:07:14 -04:00
Robbie Harwood
d760ebeab2 Use port-sockets.h macros in cc_kcm, sendto_kdc
Resolves: #1631998
2018-10-17 15:27:45 -04:00
Robbie Harwood
c0ac611ad3 Correct kpasswd_server description in krb5.conf(5)
Resolves: #1640272
2018-10-17 13:49:20 -04:00
Robbie Harwood
0eeac3abaf Prefer TCP to UDP for password changes
Resolves: #1637611
2018-10-15 13:26:07 -04:00
Adam Williamson
4a2dfb104c Revert the patch from -20 as it seems to make FreeIPA worse 2018-10-09 13:57:21 -07:00
Robbie Harwood
af8b6635d6 Fix bugs with concurrent use of MEMORY ccaches 2018-10-02 13:36:43 -04:00
Robbie Harwood
ef8eae7c7b In FIPS mode, add plaintext fallback for RC4 usages and taint 2018-08-01 15:11:35 -04:00
Robbie Harwood
d21edd514c Fix k5test prompts for Python 3 2018-07-26 14:23:13 -04:00
Robbie Harwood
29b7ff3bb1 Remove outdated note in krb5kdc man page 2018-07-19 16:43:33 -04:00
Robbie Harwood
e506fad693 Make krb5kdc -p affect TCP ports 2018-07-19 16:43:21 -04:00
Robbie Harwood
e3ab2c3591 Eliminate preprocessor-disabled dead code 2018-07-19 16:43:06 -04:00
Robbie Harwood
b5615f9f2c Fix some broken tests for Python 3 2018-07-18 17:25:00 -04:00
Robbie Harwood
c0f34c36f8 Zap copy of secret in RC4 string-to-key 2018-07-16 10:38:52 -04:00
Robbie Harwood
6bb371b555 Convert Python tests to Python 3 2018-07-12 13:08:20 -04:00
Robbie Harwood
18245c6b0f Actually add the dependency this time 2018-07-11 12:56:14 -04:00
Robbie Harwood
50f81aad57 Add build dependency on gcc 2018-07-11 16:49:26 +00:00
Robbie Harwood
40a05d0347 Use SHA-256 instead of MD5 for audit ticket IDs 2018-07-10 17:34:02 -04:00
Jason Tibbitts
816afcf8e2 Remove needless use of %defattr 2018-07-10 01:32:54 -05:00
Robbie Harwood
2fc18e9142 Add BuildRequires on python2 so we can run tests at build-time 2018-07-06 15:27:23 +00:00
Robbie Harwood
97d3fa66d0 Explicitly look for python2 in configure.in 2018-07-06 10:59:48 -04:00
Robbie Harwood
ff388043f1 Add flag to disable encrypted timestamp on client 2018-06-14 17:45:09 -04:00
Robbie Harwood
d6ae33b85a Switch to python3-sphinx for docs
Resolves: #1590928
2018-06-14 16:56:44 +00:00
Robbie Harwood
367b100b3b Make docs build python3-compatible
Resolves: #1590928
2018-06-14 10:49:23 -04:00
Robbie Harwood
6dd406494d Update includedir processing to match upstream 2018-06-07 12:37:24 -04:00
Robbie Harwood
6e3058a9c5 Log when non-root ksu authorization fails
Resolves: #1575771
2018-06-01 14:04:16 -04:00
Robbie Harwood
9467290bc7 Remove "-nodes" option from make-certs scripts 2018-05-04 10:59:52 -04:00
Robbie Harwood
88ba66fe53 New upstream release - 1.16.1 2018-05-04 14:59:45 +00:00
Robbie Harwood
ab1e0477e9 Fix indentation in krb5.conf of default_ccache_name 2018-05-03 13:01:11 -04:00
Robbie Harwood
ace60f7773 Set error message on KCM get_princ failure 2018-04-30 12:08:36 -04:00
Robbie Harwood
c150a97555 Set error message on KCM get_princ failure 2018-04-30 12:08:15 -04:00
Robbie Harwood
1dc2c64cf3 Fix KDC null dereference on large TGS replies 2018-04-24 11:19:31 -04:00
Robbie Harwood
58b0bd97d4 Explicitly use openssl rather than builtin crypto
Resolves: #1570910
2018-04-23 17:11:53 +00:00
Robbie Harwood
a48c97c32b Merge duplicate subsections in profile library 2018-04-17 13:28:40 -04:00
Robbie Harwood
8ed07abedf Restrict pre-authentication fallback cases 2018-04-09 12:12:08 -04:00
Robbie Harwood
9f52d3d29f Be more careful asking for AS key in SPAKE client 2018-04-03 15:05:13 -04:00
Robbie Harwood
091dcbf794 Zap data when freeing krb5_spake_factor 2018-04-02 12:37:37 -04:00
Robbie Harwood
09f9308fd8 Continue after KRB5_CC_END in KCM cache iteration 2018-03-29 10:43:22 -04:00
Robbie Harwood
27ca1f2678 Fix SPAKE memory leak
Also fix build problem
2018-03-27 18:01:05 +00:00
Robbie Harwood
99cea2e511 Fix gitignore problem with previous patchset 2018-03-27 15:13:46 +00:00
Robbie Harwood
2c340efca2 Add SPAKE support
- Improve protections on internal sensitive buffers
- Improve internal hex encoding/decoding
2018-03-27 15:09:05 +00:00
Robbie Harwood
8b49b0644c Fix problem with ccache_name logic in previous build 2018-03-20 18:20:01 +00:00
Robbie Harwood
6b1b652d4d Add pkinit_anchors default value to krb5.conf
Reindent krb5.conf to not be terrible
2018-03-20 17:53:38 +00:00
Robbie Harwood
2eafc4d8aa Include preauth names in trace output where possible
Also fix misc bugs
2018-03-20 15:21:19 +00:00
Robbie Harwood
a387becbf5 Add PKINIT KDC support for freshness token
Also, fix securid_sam2 preauth for non-default salt
2018-03-19 22:16:46 +00:00
Robbie Harwood
ed142b51b1 Exit with status 0 from kadmind 2018-03-14 14:44:04 -04:00