lp:kerberos
- Get this branch:
- bzr branch lp:kerberos
Branch merges
Branch information
Import details
This branch is an import of the Subversion branch from svn://anonsvn.mit.edu/krb5/trunk.
Last successful import was .
Recent revisions
- 17027. By ghudson
-
Omit start time in common AS requests
MIT and Heimdal KDCs ignore the start time for non-postdated ticket
requests, but AD yields an error if the start time is in the KDC's
future, defeating the kdc_timesync option. Omit the start time if the
caller did not specify a start time offset.This change reenables the client check for too much clock skew in the
KDC reply in the non-timesync configuration. That check had been
unintentionally suppressed since the introduction of the
get_init_creds interfaces. Adjust the t_skew test script to expect
the new error behavior.Code changes from <email address hidden> with slight modifications.
ticket: 7130
- 17026. By ghudson
-
Avoid requiring default realm for in_tkt_service
Use the new KRB5_PRINCIPAL_
PARSE_IGNORE_ REALM flag when parsing
in_tkt_service arguments in get_init_cred functions, since we're going
to overwrite the realm anyway. - 17025. By ghudson
-
Add krb5_parse_name flag to ignore realm
The flag KRB5_PRINCIPAL_
PARSE_IGNORE_ REALM causes krb5_parse_name to
return the principal with an empty realm whether or not a realm is
present in the name.ticket: 7129
- 17024. By ghudson
-
Rewrite krb5_parse_name
krb5_parse_name started out a bit unwieldy, and has become more so
with the introduction of flags. Rewrite it using two passes (allocate
and fill), each broken out into its own helper, and a wrapper which
handles the realm flags. - 17023. By ghudson
-
Make password change work without default realm
This fix is not very general or clean, but is suitable for backporting
because it is minimally invasive. A more comprehensive fix will
follow.ticket: 7127
target_version: 1.10.2
tags: pullup - 17022. By ghudson
-
Add no-op macro for ngettext for non-NLS builds
r25857 (#7128) uses ngettext, which means we need a no-op macro for it
when we're building without NLS support. - 17021. By ghudson
-
Constify get_init_creds string input params
The get_init_creds functions take read-only string input parameters
for passwords and initial ticket services. Make these const char *
parameters instead of just char * parameters, for caller convenience.Reported by <email address hidden>.
ticket: 7121
- 17020. By ghudson
-
Add API to interpret changepw result strings
Active Directory returns structured policy information in the
nominally UTF-8 result string field of a password change reply. Add a
new API krb5_chpw_message() to convert a result string into a
displayable message, interpreting policy information if present.Patch from <email address hidden> with changes.
ticket: 7128
- 17018. By ghudson
-
First pass at PKINIT client trace logs
Trace basic decisions about PKINIT client protocol processing.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)