The Kerberos network authentication system
Go to file
Julien Rische e9188f0caa Allow krad UDP/TCP localhost connection with FIPS
libkrad allows to establish connections only to UNIX socket in FIPS
mode, because MD5 digest is not considered safe enough to be used for
network communication. However, FreeRadius requires connection on TCP or
UDP ports.

This commit allows TCP or UDP connections in FIPS mode if destination is
localhost.

Resolves: rhbz#2082189

Signed-off-by: Julien Rische <jrische@redhat.com>
2022-05-25 11:50:56 +02:00
tests Update tests/inplace-upgrade-sanity-test/Makefile 2021-03-30 08:29:53 +00:00
.gitignore Add sources 2021-07-26 14:50:12 -04:00
Add-APIs-for-marshalling-credentials.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Add-buildsystem-detection-of-the-OpenSSL-3-KDF-inter.patch Add patches to support OpenSSL 3.0.0 2021-12-03 11:25:46 +01:00
Add-configure-variable-for-default-PKCS-11-module.patch Use p11-kit as default PKCS11 module 2022-05-02 19:03:37 +02:00
Add-hostname-canonicalization-helper-to-k5test.py.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Add-KCM_OP_GET_CRED_LIST-for-faster-iteration.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Allow-kinit-with-keytab-to-defer-canonicalization.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Clean-up-context-after-failed-open-in-libkdb5.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Clean-up-gssapi_krb5-ccache-name-functions.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
downstream-Allow-krad-UDP-TCP-localhost-connection-with-FIPS.patch Allow krad UDP/TCP localhost connection with FIPS 2022-05-25 11:50:56 +02:00
downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
downstream-fix-debuginfo-with-y.tab.c.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
downstream-ksu-pam-integration.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
downstream-netlib-and-dns.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
downstream-Remove-3des-support.patch Add patches to support OpenSSL 3.0.0 2021-12-03 11:25:46 +01:00
downstream-SELinux-integration.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Fix-k5tls-module-for-OpenSSL-3.patch Add patches to support OpenSSL 3.0.0 2021-12-03 11:25:46 +01:00
Fix-kadmin-k-with-fallback-or-referral-realm.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Fix-KCM-flag-transmission-for-remove_cred.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Fix-KCM-retrieval-support-for-sssd.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch Fix KDC null deref on TGS inner body null server (CVE-2021-37750) 2021-08-19 12:29:56 -04:00
Fix-leaks-on-error-in-kadm5-init-functions.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Fix-softpkcs11-build-issues-with-openssl-3.0.patch Add patches to support OpenSSL 3.0.0 2021-12-03 11:25:46 +01:00
Fix-some-principal-realm-canonicalization-cases.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Handle-OpenSSL-3-s-providers.patch Add patches to support OpenSSL 3.0.0 2021-12-03 11:25:46 +01:00
kadm5.acl auto-import changelog data from krb5-1.2.1-8.src.rpm 2004-09-09 07:05:48 +00:00
kadmin.service Migrate /var/run to /run, an exercise in pointlessness 2020-11-17 12:27:42 -05:00
kadmin.sysconfig - kadmin.service: fix #723723 again 2011-10-07 15:10:35 -04:00
kadmind.logrotate Use systemctl reload to HUP the KDC during logrotate 2020-09-10 14:22:32 +00:00
kdc.conf Add default_principal_flags to example kdc.conf 2019-11-08 20:45:40 +00:00
kprop.service Fix network service dependencies 2017-12-12 21:45:17 +00:00
kprop.sysconfig Add kprop service env config file 2017-04-28 20:14:01 +00:00
krb5-krad-larger-attrs.patch Allow use of larger RADIUS attributes in krad library 2022-04-05 16:51:11 +03:00
krb5-krad-remote.patch Fix libkrad client cleanup code 2022-04-05 22:18:53 +03:00
krb5-krb5kdc.conf Migrate /var/run to /run, an exercise in pointlessness 2020-11-17 12:27:42 -05:00
krb5.conf Set qualify_shortname empty in default configuration 2020-07-08 16:10:07 -04:00
krb5.rpmlintrc Update for new rpmlint shenanigans 2020-03-09 15:26:46 -04:00
krb5.spec Allow krad UDP/TCP localhost connection with FIPS 2022-05-25 11:50:56 +02:00
krb5kdc.logrotate Use systemctl reload to HUP the KDC during logrotate 2020-09-10 14:22:32 +00:00
krb5kdc.service Migrate /var/run to /run, an exercise in pointlessness 2020-11-17 12:27:42 -05:00
krb5kdc.sysconfig - kadmin.service: fix #723723 again 2011-10-07 15:10:35 -04:00
ksu.pamd - add an auth stack to ksu's PAM configuration so that pam_setcred() calls 2009-05-19 23:21:48 +00:00
Make-KCM-iteration-fallback-work-with-sssd-kcm.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Move-some-dejagnu-kadmin-tests-to-Python-tests.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Remove-deprecated-OpenSSL-calls-from-softpkcs11.patch Add patches to support OpenSSL 3.0.0 2021-12-03 11:25:46 +01:00
Remove-TCL-based-libkadm5-API-tests.patch Add patches to support OpenSSL 3.0.0 2021-12-03 11:25:46 +01:00
rpminspect.yaml Add rpminspect configuration 2021-05-03 17:50:44 -04:00
sources Add sources 2021-07-26 14:50:12 -04:00
Support-host-based-GSS-initiator-names.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Try-harder-to-avoid-password-change-replay-errors.patch Try harder to avoid password change replay errors 2022-04-26 13:38:51 +02:00
Use-asan-in-one-of-the-CI-builds.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Use-KCM_OP_RETRIEVE-in-KCM-client.patch New upstream version (1.19.2) 2021-07-26 14:49:39 -04:00
Use-OpenSSL-s-KBKDF-and-KRB5KDF-for-deriving-long-te.patch Add patches to support OpenSSL 3.0.0 2021-12-03 11:25:46 +01:00
Use-OpenSSL-s-SSKDF-in-PKINIT-when-available.patch Add patches to support OpenSSL 3.0.0 2021-12-03 11:25:46 +01:00
Use-SHA256-instead-of-SHA1-for-PKINIT-CMS-digest.patch Use SHA-256 instead of SHA-1 for PKINIT CMS digest 2022-03-23 12:28:27 +01:00