IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
keytabnames (like "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab"). This also
fixes keytab support with Heimdal (which supports the WRFILE pragma as well
now).
Guenther
(This used to be commit 7ca002f4cc)
Major points of interest:
* Figure the DES salt based on the domain functional level
and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
keys
* Remove all the case permutations in the keytab entry
generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
in AD
The resulting keytab looks like:
ktutil: list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value. The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.
Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
(This used to be commit 6261dd3c67)
smb_krb5_parse_name_norealm_conv that pull/push from unix charset
to utf8 (which krb5 uses on the wire). This should fix issues when
the unix charset is not compatible with or set to utf8.
Jeremy.
(This used to be commit 37ab42afbc)
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
memcpy's into fqdn names. I think the original intent was to create
MYNAME.fqdn.tail.part.
Will need testing to see I haven't broken keytab support.
Jeremy.
(This used to be commit 82acf83040)
haven't broken krb5 ticket verification in the mainline code path,
also need to check with valgrind. Everything now compiles (MIT, need
to also check Heimdal) and the "net keytab" utility code will follow.
Jeremy.
(This used to be commit f0f2e28958)
