IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Add the kpasswd server to our KDC, implementing the 'original' and
Microsoft versions of the protocol.
This works with the Heimdal kpasswd client, but not with MIT, I think
due to ordering issues. It may not be worth the pain to have this
code go via GENSEC, as it is very, very tied to krb5.
This gets us one step closer to joins from Apple, Samba3 and other
similar implementations.
Andrew Bartlett
(This used to be commit ab5dbbe10a)
credentials. This works with the setup/secrets.ldif change from the
previous patch, and pretty much just re-invents the keytab.
Needed for kpasswdd work.
Andrew Bartlett
(This used to be commit cc9d167bab)
I'm also worried this might cause loops, if we get a 'force password
change', and the prompter tries to 'deal with it'.
Andrew Bartlett
(This used to be commit 5bc10c4e47)
authentication. This pulls the creating of the keytab back to the
credentials code, and removes the special case of 'use keberos keytab
= yes' for now.
This allows (and requires) the callers to specify the credentials for
the server credentails to GENSEC. This allows kpasswdd (soon to be
added) to use a different set of kerberos credentials.
The 'use kerberos keytab' code will be moved into the credentials
layer, as the layers below now expect a keytab.
We also now allow for the old secret to be stored into the
credentials, allowing service password changes.
Andrew Bartlett
(This used to be commit 205f77c579)
the client doesn't guess correctly on the mech to use. It must back
off and try the mech the server selected from the list.
I'm not particularly attached to our SPNEGO parser, so while I can't
easily use the SPNEGO application logic in Heimdal, I'm going to look
closely at using the asn1 routines to avoid some pain here.
Andrew Bartlett
(This used to be commit 9292173874)
for netlogon as well) to change/set a user's password, given only
their SID.
This avoids the callers doing the lookups, and also performs the
actual 'set', as these callers do not wish any further buisness with
the entry.
Andrew Bartlett
(This used to be commit 060a2a7bcc)
- print "supplementalCredentials" also when --option="dssync:print_pwd_blobs=yes"
is used
abartlet: this field may contain the krb5 keys...
metze
(This used to be commit 26c69348ca)
--user-sids required the extension to trusted domains.
Implement "winbind sealed pipes" parameter for debugging purposes.
Volker
(This used to be commit 3821a17bdb)
to our winsrepl server, but it handles only the simple cases (without merging)
and we still didn't apply records to our wins.ldb, we just print out what we would do
metze
(This used to be commit e4edeeaa0a)
ACTIVE vs ACTIVE
ACTIVE vs TOMBSTONE
RELEASED vs ACTIVE
RELEASED vs TOMBSTONE
TOMBSTONE vs ACTIVE
TOMBSTONE vs TOMBSTONE
as it seems that is all we need to test,
and w2k3 only decides between ACTIVE and NON-ACTIVE (REALEASED or TOMBSTONE)
when it gets new replica objects
also I have removed all the extra test, we only test the worst cases now,
and this will make the algorithms more clear when you look at the output
of the NBT-WINSREPLICATION torture test
metze
(This used to be commit 7545e4e716)
