IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
will now control the auth methods, but an override is still available,
ex:
auth methods:domain controller = <methods>
Andrew Bartlett
(This used to be commit b7e727186ed8eda6a68c873e089f655dc24fe8ae)
nsswitch/winbindd_nss.h is just copied from SAMBA_3_0.
nsswitch/winbind_nss_config.h is copied from SAMBA_3_0, too, but I had to
drop some of the defines to make things build again.
Kai
(This used to be commit 553b7e146f52975b45941ba850140e312a280513)
This helps ensure that the kerberos code uses the right event context.
Andrew Bartlett
(This used to be commit cbdce358ae8f86c9b76a50537b931e56b07ee213)
The problem was, we would set the ccache, then invalidate it as we set
details from it (like the principal name from the ccache).
Instead, set the ccache onto the credentials structure after we are
done processing it.
Andrew Bartlett
(This used to be commit d285bd927c604d930fc44cc84ef3321aa4ce9d9a)
username/password/realm/etc from the command line.
Also make sure it can't 'come back' from a later call to
cli_credentials_guess(), buy setting a threshold.
This should fix the issues with the build farm...
Andrew Bartlett
(This used to be commit 3b1dfb9306beb9f40d85d38cf6786ef161ec63f1)
on credentials don't do anything' bug.
The problem was simple, we didn't set the ccache as having been
initialised, so we always created a new one.
Andrew Bartlett
(This used to be commit ec2014f08b0845bc8aa0e8e6713bc4b21f430811)
context. We now have an event context on the torture_context, and we
can also get one from the cli_credentials structure
(This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
This replaces a lump of hand-crafted code with the generic packet
system used in the rest of Samba4.
(I started this while chasing down the epoll bug, which turned out to
be seperate)
(This used to be commit 2a7dec4e5dc453f509493f80fc1270416f30a36e)
with krb5:set_dns_canonicalize=yes
needed for the drsuapi replication, but we should fix this with
a kdc locator plugin ...
metze
(This used to be commit f0a12355bcfab47663e62f3d8ae820815210cdc5)
This change in particular catches winbind up with the next
composite_create() function.
We also needed to remove an unused flags field, and fill in the lm
response.
Andrew Bartlett
(This used to be commit bd26e4ffaf1c060fdc3aae28fd4393e83c5a83ea)
I'll allow this to be configured from the secrets.ldb, but it should
fix some user issues.
Andrew Bartlett
(This used to be commit 0fd74ada220fb07d4ebe8c2d9b8ae50a387c2695)
few authentication tests. Now that the tests correctly 'fail', I was
able to fix the credentials subsystem to honour USER and PASSWD.
To get --machine-pass working, I needed ldb to always load it's static
modules, so I put this in ldb_connect().
Andrew Bartlett
(This used to be commit 3430d8c072407a1c33c32229095fc9db2142b6fa)
convenience API to create an anonymous credential. Don't clobber
cmdline_credentials in the UNIX-WHOAMI test.
(This used to be commit 73cea4e0c66f57057ed12b07bbb94b4e783ba6bf)
- use "sambaPassword" only as virtual attribute for passing
the cleartext password (in unix charset) into the ldb layer
- store des-cbc-crc, des-cbc-md5 keys in the Primary:Kerberos
blob to match w2k and w2k3
- aes key support is disabled by default, as we don't know
exacly how longhorn stores them. use password_hash:create_aes_key=yes
to force creation of them.
- store the cleartext password in the Primary:CLEARTEXT blob
if configured
TODO:
- find out how longhorn stores aes keys
- find out how the Primary:WDigest blob needs to be constructed
(not supported by w2k)
metze
(This used to be commit e20b53f6feaaca2cc81ee7d296ca3ff757ee3953)
"ntPwdHash" => "unicodePwd"
"lmPwdHash" => "dBCSPwd"
"sambaLMPwdHistory" => "lmPwdHistory"
"sambaNTPwdHistory" => "ntPwdHistory"
Note: you need to reprovision after this change!
metze
(This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
Fix the join code to know that the ldb layer handles the keytab update.
Andrew Bartlett
(This used to be commit d3fbc089f4161ae71b21077d50130fdabd8b2d77)
them as a hook on ldb modify, via a module.
This should allow the secrets.ldb to be edited by the admin, and to
have things update in the on-disk keytab just as an in-memory keytab
would.
This isn't really a dsdb plugin, but I don't have any other good ideas
about where to put it.
Andrew Bartlett
(This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
of KDC behaviour. This should allow PKINIT to be turned on and
managed with reasonable sanity.
This also means that the krb5.conf in the same directory as the
smb.conf will always have priority in Samba4, which I think will be
useful.
Andrew Bartlett
(This used to be commit a50bbde81b010bc5d06e3fc3417ade44627eb771)
uint32_t server_id
to
struct server_id server_id;
which allows a server ID to have an node number. The node number will
be zero in non-clustered case. This is the most basic hook needed for
clustering, and ctdb.
(This used to be commit 2365abaa991d57d68c6ebe9be608e01c907102eb)
This patch updates our build system and glue to support a new snapshot
of lorikeet-heimdal.
We now procude a [SUBSYTEM] in the ans1_deps.pl script, and can depend
on that in the heimdal_build/config.mk. This is much easier than
listing every generated .o file individually.
This required some small changes to the build system, due to the way
the parent directory was handled for the output of scripts. I've also
cleaned up et_deps.pl to handle cleaning up it's generated files on
clean.
The PAC glue in Heimdal has changed significantly: we no longer have a
custom hack in the KDC, instead we have the windc plugin interface.
As such, pac-glue.c is much smaller. In the future, when I'm
confident of the new code, we will also be able to 'downsize'
auth/kerberos/kerberos_pac.c.
(I'll include the updated copy of heimdal in the next chekin, to make
it clearer what's changed in Samba4 itself).
Andrew Bartlett
(This used to be commit 75fddbbc0811010a28ca5bb597b573b3f10ef6d6)
