IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
others don't get stuck with the winbindd hang.
Still waiting on additional confirmation from Guenther
that this fixes thes issues he was observing as well.
But it's been running in my local tree for a day without
problems.
(This used to be commit 0d2b80c6c4a744b05a0efdec352cddccc430e0c4)
This add a struct event_context and infrastructure for fd events to smbd. This
is step zero to import lib/events.
Jeremy, I rely on you to watch the change in receive_message_or_smb()
closely. For the normal code path this should be the only relevant change. The
rest is either not yet used or is cosmetic.
Volker
(This used to be commit cd07f93a8aecb24c056e33b1ad3447a41959810f)
this at the moment as I'm working on this area. Thanks
a lot Guenther.
Add the capability to get krb5 tickets even if we
log on in the offline state and have to cache
the credentials. Once we go online we should
start getting krb5 tickets again. Currently
this code waits until lp_winbind_cache_time()
seconds (5 minutes by default) before getting
tickets. This is correct in the DC down case,
but not in the global offline -> online case.
I'll later add a trigger to force an immediate refresh
on the offline -> online state transition.
Jeremy.
(This used to be commit 04fe034f4a222c83a8d788040f7edc370afe9fa6)
krb5 refresh creds when doing cached NTLM auth, request
the memory creds instead.
Jeremy.
(This used to be commit 310ac0b226edcfd5bedc2c3305a05993db20c7af)
from the krb5 ticket renewal code. This allows cached
credentials to be stored for single sign-on via ntlm_auth
for machines in a domain still using NTLM. Also (hopefully)
fixes the reference counting problem with pam_logon/logoff
so multiple logons/logoffs won't lose cached credentials.
This compiles, but I'm intending to test it over the weekend
so don't complain too much :-). I also want it in the tree
so Coverity can scan it for errors. Guenther, check this over
please - I ran through the architecture with Jerry and he's
ok with it, but this is modifying your code a lot.
Jeremy.
(This used to be commit 679eeeb91155dad3942efde6ae9f8d81faf18c5b)
stored - only store the password if we're going to
be doing a krb5 refresh. GD please review this change !
Now to add code to reference count the cached creds
(to allow multiple pam_logon/pam_logoffs to keep the
creds around), ensure that the cred cache is called
on all successful pam_logons (if we have winbindd cache
pam credentials = true, set this by default) and finally
ensure the creds cache is changed on successful password
change. GD - you *really* need to review this :-).
Jeremy.
(This used to be commit 017e7e14958d29246a1b221e33755bb91e96b08f)
Solaris found this one that needs to go into 3.0.23, actually munlock the
password memory.
Volker
(This used to be commit 6fa928f96a70b7b063dd1bdbb08c6a3f5d942229)
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
(This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
