IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Our helper scripts can fail on Fedora with the PDT timezone (Western
USA). This is the same issue we found with Heimdal earlier today, the
24 second difference between GMT and UTC, but this time in MIT
Kerberos as linked into bind9.
By forcing TZ=GMT in these scripts we avoid the problem
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
we don't want to force the KDC to be ourselves, we should
be using DNS to find a live KDC. Also remove some other options and
allow the krb5 lib to use defaults.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This was a wonderful bug!
On some Fedora systems, but not on Ubuntu, there is a difference
between UTC and GMT. Heimdal replaced timegm() with _der_timegm()
which did not account for that difference (which is 24 seconds at the
moment). This led to a mutual authentication failure.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
If we re-use this context, we overwrite the timestamp while talking
to the KDC and fail the mutual authentiation with the target server.
Andrew Bartlett
If the host running this code used IPv6 forms for IPv4 addreses
then the check for '.' would not be sufficient to determine that this
isn't a name we should mangle. Instead, check if it can be parsed
as a numeric address first, and only then mangle.
Andrew Bartlett
This includes rewriting the PAC if the original krbtgt isn't to be
trusted, and reading different entries from the DB for the krbtgt
depending on the krbtgt number.
Andrew Bartlett
In this case, the whole request packet should be forwarded to
a real KDC, with full secrets, as we don't have the password.
This could also be used to implement 'play dead when the LDAP
server is down'.
Andrew Bartlett
This should allow master key rollover.
(but the real reason is to allow multiple krbtgt accounts, as used by
Active Directory to implement RODC support)
Andrew Bartlett
This means we just set up the system_session etc in one place
and don't diverge between the MIT and Heimdal plugins.
We also now determine if we are an RODC and store some details
that we will need later.
Andrew Bartlett
This simplifies the function. While doing so, also change the error
string setting to set a really clear error string for the failure to find
and failure to parse cases.
Andrew Bartlett
some clients rely on this being the hostname, not the domain
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 28 06:39:19 UTC 2010 on sn-devel-104
The key thing is that we might have to turn the incomming
connection into a outgoing connection.
This change makes sense anyway, because we donate the fd to
tstream.
metze
