freeipa/daemons/ipa-kdb
Changmin Teng 15ff9c8fec Implement user pre-authentication control with kdcpolicy plugin
We created a Kerberos kdcpolicy plugin to enforce user
pre-authentication policy for newly added pkinit and hardened policy.

In the past version of freeIPA, password enforcement exists but was done
by removing key data for a principal while parsing LDAP entry for it.
This hack is also removed and is now also enforced by kdcpolicy plugin
instead.

Resolves: https://pagure.io/freeipa/issue/8001
Signed-off-by: Changmin Teng <cteng@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
2019-09-10 12:33:21 +03:00
..
tests ipa-kdb: override krb5.conf when testing KDC code in cmocka 2017-11-29 15:55:00 +02:00
ipa_kdb_audit_as.c Log INFO message when LDAP connection fails on startup 2019-09-05 14:53:55 -04:00
ipa_kdb_certauth.c Log INFO message when LDAP connection fails on startup 2019-09-05 14:53:55 -04:00
ipa_kdb_common.c ipa-kdb: reduce LDAP operations timeout to 30 seconds 2018-11-16 16:54:38 -05:00
ipa_kdb_delegation.c ipa-kdb: fix delegation acl check 2012-02-28 13:03:22 -05:00
ipa_kdb_kdcpolicy.c Implement user pre-authentication control with kdcpolicy plugin 2019-09-10 12:33:21 +03:00
ipa_kdb_mkey.c ipa-kdb: Get/Store Master Key directly from LDAP 2011-08-26 08:24:49 -04:00
ipa_kdb_mspac_private.h adtrust: support UPNs for trusted domain users 2016-06-11 17:25:50 +02:00
ipa_kdb_mspac.c Log INFO message when LDAP connection fails on startup 2019-09-05 14:53:55 -04:00
ipa_kdb_passwords.c Allow unexpiring passwords 2016-07-01 11:22:02 +02:00
ipa_kdb_principals.c Implement user pre-authentication control with kdcpolicy plugin 2019-09-10 12:33:21 +03:00
ipa_kdb_pwdpolicy.c Fix ipadb_multires resource handling 2018-10-24 16:11:55 +02:00
ipa_kdb.c Extend the list of supported pre-auth mechanisms in IPA server API 2019-09-10 12:33:21 +03:00
ipa_kdb.exports Add a skeleton kdcpolicy plugin 2019-09-10 12:33:21 +03:00
ipa_kdb.h Implement user pre-authentication control with kdcpolicy plugin 2019-09-10 12:33:21 +03:00
Makefile.am Add a skeleton kdcpolicy plugin 2019-09-10 12:33:21 +03:00
README ipa-kdb: Initial plugin skeleton 2011-08-26 08:24:49 -04:00
README.s4u2proxy.txt Fix s4u2proxy README and add warning 2015-06-08 14:37:29 -04:00

This is the ipa krb5kdc database backend.