lp:kerberos

Branch merges

This import branch has no branches proposed for merge into it.

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

17027. By ghudson on 2012-05-11

Omit start time in common AS requests

MIT and Heimdal KDCs ignore the start time for non-postdated ticket
requests, but AD yields an error if the start time is in the KDC's
future, defeating the kdc_timesync option. Omit the start time if the
caller did not specify a start time offset.

This change reenables the client check for too much clock skew in the
KDC reply in the non-timesync configuration. That check had been
unintentionally suppressed since the introduction of the
get_init_creds interfaces. Adjust the t_skew test script to expect
the new error behavior.

Code changes from <email address hidden> with slight modifications.

ticket: 7130

17026. By ghudson on 2012-05-10

Avoid requiring default realm for in_tkt_service

Use the new KRB5_PRINCIPAL_PARSE_IGNORE_REALM flag when parsing
in_tkt_service arguments in get_init_cred functions, since we're going
to overwrite the realm anyway.

17025. By ghudson on 2012-05-10

Add krb5_parse_name flag to ignore realm

The flag KRB5_PRINCIPAL_PARSE_IGNORE_REALM causes krb5_parse_name to
return the principal with an empty realm whether or not a realm is
present in the name.

ticket: 7129

17024. By ghudson on 2012-05-10

Rewrite krb5_parse_name

krb5_parse_name started out a bit unwieldy, and has become more so
with the introduction of flags. Rewrite it using two passes (allocate
and fill), each broken out into its own helper, and a wrapper which
handles the realm flags.

17023. By ghudson on 2012-05-10

Make password change work without default realm

This fix is not very general or clean, but is suitable for backporting
because it is minimally invasive. A more comprehensive fix will
follow.

ticket: 7127
target_version: 1.10.2
tags: pullup

17022. By ghudson on 2012-05-09

Add no-op macro for ngettext for non-NLS builds

r25857 (#7128) uses ngettext, which means we need a no-op macro for it
when we're building without NLS support.

17021. By ghudson on 2012-05-09

Constify get_init_creds string input params

The get_init_creds functions take read-only string input parameters
for passwords and initial ticket services. Make these const char *
parameters instead of just char * parameters, for caller convenience.

Reported by <email address hidden>.

ticket: 7121

17020. By ghudson on 2012-05-09

Add API to interpret changepw result strings

Active Directory returns structured policy information in the
nominally UTF-8 result string field of a password change reply. Add a
new API krb5_chpw_message() to convert a result string into a
displayable message, interpreting policy information if present.

Patch from <email address hidden> with changes.

ticket: 7128

17019. By ghudson on 2012-05-09

Constify krb5int_utf8_normalize input parameter

17018. By ghudson on 2012-05-08

First pass at PKINIT client trace logs

Trace basic decisions about PKINIT client protocol processing.