summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Properly report certificate retrieval failures to calling applicationTimothy Pearson2015-10-021-19/+20
|
* Remove any chance of passwords persisting in deallocated main memory after ↵Timothy Pearson2015-10-011-1/+2
| | | | application termination
* Use correct permissive flagTimothy Pearson2015-09-301-1/+2
|
* Fix FTBFS on ancient Heimdal versionsTimothy Pearson2015-09-302-0/+5
|
* Add deactivated krb5 PKCS login lineTimothy Pearson2015-09-291-3/+18
|
* Write out remaining appdefaults entries on clientTimothy Pearson2015-09-291-3/+6
|
* Allow Kerberos ticket init via cryptographic cardTimothy Pearson2015-09-294-9/+91
|
* Write missing appdefaults section on client machinesTimothy Pearson2015-09-292-0/+16
|
* Add PKI subject mapping to user principalsTimothy Pearson2015-09-291-1/+90
| | | | Fix long-standing inability to clear user principal attribute fields
* Convert the last methods using the kadmin utility to the Heimdal C APITimothy Pearson2015-09-292-68/+131
|
* Move keytab export to native Heimdal APITimothy Pearson2015-09-292-357/+241
|
* Convert service add to C APITimothy Pearson2015-09-282-126/+13
|
* Remove dead code from prior commitTimothy Pearson2015-09-281-121/+0
|
* Convert machine add to kadmin APITimothy Pearson2015-09-282-92/+248
|
* Fix local kadmin accessTimothy Pearson2015-09-283-15/+97
|
* Start to move away from using the kadmin binary to using the kadmin client APITimothy Pearson2015-09-273-92/+118
|
* Fix a few minor issues with PKI certificate generationTimothy Pearson2015-09-241-3/+12
|
* Minor fixup to cert generation codeTimothy Pearson2015-09-191-1/+1
|
* Extend PKCS certificate generation routinesTimothy Pearson2015-09-192-36/+48
| | | | This breaks the ABI
* Add PKCS methodsTimothy Pearson2015-09-182-4/+107
|
* Clean up revoked certificates when done updating CRLTimothy Pearson2015-09-041-0/+14
|
* Fix up certificate expiry detectionTimothy Pearson2015-09-041-1/+1
|
* Add certificate store attribute access methodTimothy Pearson2015-09-032-0/+69
|
* Add additional CRL manipulation methodsTimothy Pearson2015-09-032-36/+109
|
* Store CRL expiry in LDAPTimothy Pearson2015-09-032-0/+38
|
* Add CRL generationTimothy Pearson2015-09-032-31/+197
|
* Implement several methods required for PKI certificate managementTimothy Pearson2015-09-022-8/+120
|
* Extend user key and certificate generation methodsTimothy Pearson2015-09-012-40/+219
|
* Fix CN/DN orderingTimothy Pearson2015-08-311-3/+7
|
* Properly set CRL URL and fix up a few other glitchesTimothy Pearson2015-08-311-14/+20
|
* Allow CRL URL to be set via configuration fileTimothy Pearson2015-08-311-0/+2
|
* Fix up Kerberos PKI certificate generationTimothy Pearson2015-08-312-10/+270
|
* Allow certificate expiry to be setTimothy Pearson2015-08-252-4/+45
|
* Extend CA expiry to 1 yearTimothy Pearson2015-08-242-2/+6
|
* Fix incorrect login causing PAM fatal error messageTimothy Pearson2015-08-231-1/+1
|
* Fix security hole when Kerberos credential caching is enabledTimothy Pearson2014-06-071-1/+1
| | | | The prior PAM stack configuration, while unfortunately present in many online examples, allows storing of an arbitrary cached password for non-Kerberos users by simply entering it twice
* Make bonding and unbonding methods slightly more robustTimothy Pearson2014-01-071-1/+37
|
* Fix LDAP CA root file configurationTimothy Pearson2014-01-062-3/+14
|
* Look for CA file in correct location on bonded machinesTimothy Pearson2014-01-061-11/+11
|
* Add missing LDFLAGS causing FTBFSFrancois Andriot2013-08-231-1/+1
|
* Do not replicate olcGlobal by defaultTimothy Pearson2013-07-162-3/+5
|
* Fix incorrect certificate CA file in ldap client configurationTimothy Pearson2013-07-111-1/+1
|
* Use shared realm certificate file name to allow syncrepl to workTimothy Pearson2013-07-111-6/+6
|
* Use more precise syncrepl configurationTimothy Pearson2013-07-111-2/+2
|
* Fix failure to use provided error string handler in getRealmCAMasterTimothy Pearson2013-07-021-1/+1
|
* Fix syncrepl retry timeout and enable hdb replicationTimothy Pearson2013-07-021-18/+45
|
* Properly set up syncreplTimothy Pearson2013-07-021-81/+85
|
* Add missing data fields to LDAPMasterReplicationInfo structureTimothy Pearson2013-07-012-1/+121
|
* Add a number of methods to enable multi-master replicationTimothy Pearson2013-06-272-105/+626
|
* Fix failure when long Kerberos commands are usedTimothy Pearson2013-06-261-12/+13
| | | | This failure was due to an obscure ASCII sequence used in the output of kadmin