272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
250177 |
02-May-2013 |
rmacklem |
Fix the getpwnam_r() call in the pname_to_uid() kerberos library function so that it handles the ERANGE error return case. Without this fix, authentication of users for certain system setups could fail unexpectedly.
Reported by: Elias Martenson (lokedhs@gmail.com) Tested by: Elias Martenson (earlier version) MFC after: 2 weeks
|
236337 |
30-May-2012 |
obrien |
* Remove headers from SRCS that are not generated (and are in /usr/src/crypto/heimdal/).
* Avoid race conditions with 'make -j<N>'.
|
233294 |
22-Mar-2012 |
stas |
- Update FreeBSD Heimdal distribution to version 1.5.1. This also brings several new kerberos related libraries and applications to FreeBSD: o kgetcred(1) allows one to manually get a ticket for a particular service. o kf(1) securily forwards ticket to another host through an authenticated and encrypted stream. o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1) and other user kerberos operations. klist and kswitch are just symlinks to kcc(1) now. o kswitch(1) allows you to easily switch between kerberos credentials if you're running KCM. o hxtool(1) is a certificate management tool to use with PKINIT. o string2key(1) maps a password into key. o kdigest(8) is a userland tool to access the KDC's digest interface. o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings disabled due to the function they use (krb5_get_err_text(3)) being deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version and install it as libheimsqlite. If some other FreeBSD components will require it in the future we can rename it to libbsdsqlite and use for these components as well.
- This is not a latest Heimdal version, the new one was released while I was working on the update. I will update it to 1.5.2 soon, as it fixes some important bugs and security issues.
|
225778 |
27-Sep-2011 |
stas |
- Add missing interdependencies to kerberos libraries. Some of the kerberos libraries were not linked properly (missing dependencies), which causes 3rd party applications linking to fail when --as-needed ld flag is used. I also added the --no-undefined ld(1) flag to make sure that there're no missing dependencies.
MFC after: 3 days
|
197995 |
12-Oct-2009 |
bland |
Link GSS mechanics modules against libgssapi so they will not fail due unresolved symbol errors when in turn libgssapi was loaded with RTLD_LOCAL flag set (which is the default).
Reviewed by: dfr, jhb MFC after: 3 days
|
181344 |
06-Aug-2008 |
dfr |
Add an implementation of the RPCSEC_GSS authentication protocol for RPC. This is based on an old implementation from the University of Michigan with lots of changes and fixes by me and the addition of a Solaris-compatible API.
Sponsored by: Isilon Systems Reviewed by: alfred
|
178828 |
07-May-2008 |
dfr |
Fix conflicts after heimdal-1.1 import and add build infrastructure. Import all non-style changes made by heimdal to our own libgssapi.
|