rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
The Kerberos network authentication system
550 Commits 9 Branches 52 Tags 8.1 MiB
Diff 100%
2da8874065
Go to file
Stef Walter 2da8874065 Change back dns_lookup_kdc to the default 
The specifications recommend against using TXT records to mapping
hostnames to realms. However they do not recommend against using
SRV records to lookup the KDC.

Change back to the MIT default of enabling DNS for KDC lookup.
This allows automatic configuration and failover.

A theoretical attack involving SRV records could be similarly
accomplished by a similar attack involving the A records for
the KDC hosts.
2012-03-20 18:16:59 -04:00
.gitignore update sources 2012-03-09 18:48:50 -05:00
2010-007-patch.txt go with the final patch 2010-11-30 14:22:30 -05:00
kadm5.acl auto-import changelog data from krb5-1.2.1-8.src.rpm 2004-09-09 07:05:48 +00:00
kadmin.service - kadmin.service: fix #723723 again 2011-10-07 15:10:35 -04:00
kadmin.sysconfig - kadmin.service: fix #723723 again 2011-10-07 15:10:35 -04:00
kadmind.init - kadmind.init: drop the attempt to detect no-database-present errors (#723723) 2011-07-20 17:58:20 -04:00
kadmind.logrotate - add logrotate configuration files for krb5kdc and kadmind (#462658) 2010-07-07 18:09:05 +00:00
kdb_check_weak.c - krb5kdc init script: prototype some changes to do a quick spot-check 2011-02-09 15:25:17 -05:00
kdc.conf - kdc.conf: no more need to suggest a v4 mode, or listening on the v4 port 2010-04-08 21:27:15 +00:00
kerberos-adm.portreserve - use portreserve correctly -- portrelease takes the basename of the file 2010-01-22 15:08:24 +00:00
kerberos-iv.portreserve - use portreserve correctly -- portrelease takes the basename of the file 2010-01-22 15:08:24 +00:00
kprop.service - kadmin.service: fix #723723 again 2011-10-07 15:10:35 -04:00
kpropd.init - properly advertise that the kpropd init script now supports force-reload (Zbysek Mraz #630587) 2011-02-01 10:38:05 -05:00
krb5_prop.portreserve - use portreserve correctly -- portrelease takes the basename of the file 2010-01-22 15:08:24 +00:00
krb5-1.3.1-dns.patch - note the RT number 2010-03-11 19:19:55 +00:00
krb5-1.3.4-send-pr-tempfile.patch - add a header describing the what and why here 2010-03-11 19:23:59 +00:00
krb5-1.6.1-telnet-manual_z.patch - telnet can suspend itself if the calling shell supports job control, and 2008-10-28 21:35:45 +00:00
krb5-1.6.3-kdc_listen_all.patch Provide an option to make the KDC also listen on loopback interfaces for 2008-04-04 21:32:15 +00:00
krb5-1.7-ktany.patch - the last members of the ops structure are pointers 2010-03-12 21:09:55 +00:00
krb5-1.8-api.patch - update to 1.8 2010-03-05 22:19:38 +00:00
krb5-1.9-debuginfo.patch - override the default build rules to not delete temporary y.tab.c files, 2011-08-08 18:39:55 -04:00
krb5-1.9-dirsrv-accountlock.patch - update to apply to 1.9 2010-12-06 16:54:17 -05:00
krb5-1.10-buildconf.patch update for 1.10; we don't need to prune out CFLAGS any more 2011-11-09 15:26:34 -05:00
krb5-1.10-doublelog.patch update for 1.10 2011-11-09 15:07:52 -05:00
krb5-1.10-gcc47.patch - note the RT number 2012-03-08 16:21:52 -05:00
krb5-1.10-kpasswd_tcp.patch update for 1.10 2011-11-09 18:44:01 -05:00
krb5-1.10-kprop-mktemp.patch update for 1.10 2011-11-09 15:09:41 -05:00
krb5-1.10-ksu-access.patch update for 1.10 2011-11-09 16:21:31 -05:00
krb5-1.10-ksu-path.patch update, move /bin before /usr/sbin to keep up with login 2011-11-09 15:17:06 -05:00
krb5-1.10-manpaths.patch update, adding the default location for KRB5_KDC_PROFILE 2011-11-09 16:47:29 -05:00
krb5-1.10-manpaths.txt update, adding the default location for KRB5_KDC_PROFILE 2011-11-09 16:47:29 -05:00
krb5-1.10-pam.patch update for 1.10 2011-11-09 18:20:14 -05:00
krb5-1.10-selinux-label.patch - correct a bug in the fix for #754001 so that the file creation context is consistently reset 2011-11-30 15:03:45 -05:00
krb5-kvno-230379.patch - add patch to accept keytab entries with vno==0 as matches when we're searching for an entry with a specific name/kvno (#230382/#782211,RT#3349) 2012-01-30 19:49:10 -05:00
krb5-pkinit-debug.patch - throw in a not-applied-by-default patch to try to make pkinit debugging into a run-time boolean option named "pkinit_debug" 2011-02-17 11:31:49 -05:00
krb5-tex-pdf.sh - preserve timestamps on profile.d shell scriptlets 2007-01-22 21:23:54 +00:00
krb5-trunk-7046.patch - pull in patch for RT#7046: tag a ccache containing credentials obtained via 2011-12-13 10:47:31 -05:00
krb5-trunk-7047.patch - pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached 2011-12-13 10:48:28 -05:00
krb5-trunk-7048.patch - pull in patch for RT#7048: allow PAC verification to only bother trying to 2011-12-13 10:50:02 -05:00
krb5-trunk-manpaths.txt - simplify the man pages patch by only preprocessing the files we care 2009-07-06 22:56:11 +00:00
krb5.conf Change back dns_lookup_kdc to the default 2012-03-20 18:16:59 -04:00
krb5.spec - update to 1.10.1 2012-03-09 18:37:47 -05:00
krb5kdc.init - krb5kdc init script: prototype some changes to do a quick spot-check 2011-02-09 15:25:17 -05:00
krb5kdc.logrotate - add logrotate configuration files for krb5kdc and kadmind (#462658) 2010-07-07 18:09:05 +00:00
krb5kdc.service - kadmin.service: fix #723723 again 2011-10-07 15:10:35 -04:00
krb5kdc.sysconfig - kadmin.service: fix #723723 again 2011-10-07 15:10:35 -04:00
ksu.pamd - add an auth stack to ksu's PAM configuration so that pam_setcred() calls 2009-05-19 23:21:48 +00:00
sources update sources 2012-03-09 18:48:50 -05:00