freeipa

mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

Files

Changmin Teng 15ff9c8fec Implement user pre-authentication control with kdcpolicy plugin

We created a Kerberos kdcpolicy plugin to enforce user
pre-authentication policy for newly added pkinit and hardened policy.

In the past version of freeIPA, password enforcement exists but was done
by removing key data for a principal while parsing LDAP entry for it.
This hack is also removed and is now also enforced by kdcpolicy plugin
instead.

Resolves: https://pagure.io/freeipa/issue/8001
Signed-off-by: Changmin Teng <cteng@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>

2019-09-10 12:33:21 +03:00

tests

ipa-kdb: override krb5.conf when testing KDC code in cmocka

2017-11-29 15:55:00 +02:00

ipa_kdb_audit_as.c

Log INFO message when LDAP connection fails on startup

2019-09-05 14:53:55 -04:00

ipa_kdb_certauth.c

Log INFO message when LDAP connection fails on startup

2019-09-05 14:53:55 -04:00

ipa_kdb_common.c

ipa-kdb: reduce LDAP operations timeout to 30 seconds

2018-11-16 16:54:38 -05:00

ipa_kdb_delegation.c

ipa-kdb: fix delegation acl check

2012-02-28 13:03:22 -05:00

ipa_kdb_kdcpolicy.c

Implement user pre-authentication control with kdcpolicy plugin

2019-09-10 12:33:21 +03:00

ipa_kdb_mkey.c

ipa-kdb: Get/Store Master Key directly from LDAP

2011-08-26 08:24:49 -04:00

ipa_kdb_mspac_private.h

adtrust: support UPNs for trusted domain users

2016-06-11 17:25:50 +02:00

ipa_kdb_mspac.c

Log INFO message when LDAP connection fails on startup

2019-09-05 14:53:55 -04:00

ipa_kdb_passwords.c

Allow unexpiring passwords

2016-07-01 11:22:02 +02:00

ipa_kdb_principals.c

Implement user pre-authentication control with kdcpolicy plugin

2019-09-10 12:33:21 +03:00

ipa_kdb_pwdpolicy.c

Fix ipadb_multires resource handling

2018-10-24 16:11:55 +02:00

ipa_kdb.c

Extend the list of supported pre-auth mechanisms in IPA server API

2019-09-10 12:33:21 +03:00

ipa_kdb.exports

Add a skeleton kdcpolicy plugin

2019-09-10 12:33:21 +03:00

ipa_kdb.h

Implement user pre-authentication control with kdcpolicy plugin

2019-09-10 12:33:21 +03:00

Makefile.am

Add a skeleton kdcpolicy plugin

2019-09-10 12:33:21 +03:00

README

ipa-kdb: Initial plugin skeleton

2011-08-26 08:24:49 -04:00

README.s4u2proxy.txt

Fix s4u2proxy README and add warning

2015-06-08 14:37:29 -04:00

README

This is the ipa krb5kdc database backend.