e7fe109b39
Add method to get PKCS enablement status
8 years ago
e7d00722ef
Quote filenames when generating or modifying certificates via OpenSSL
8 years ago
2faf4b1c40
Add missing object classes during user creation
8 years ago
cc41b404ca
Fixup prior commit
8 years ago
a12aeff2da
Close cert file handle if already open before opening for write
...
Fixup missing newlines in printf warnings from last commit
8 years ago
68049e4ac8
Don't abort on chown() failure for certificate files
8 years ago
7b0e95f329
Fix missing stirng placeholder in warning message
9 years ago
3fdd5c964a
Fix memory leak on bind failure
...
Fix minor issues with comments
9 years ago
3991980d35
Revert "Fix memory leak on certificate request attempt"
...
Unfortunately this did not fix the leak as I originally thought.
This reverts commit 2e9737f118
9 years ago
2e9737f118
Fix memory leak on certificate request attempt
9 years ago
ca4c872008
Properly report certificate retrieval failures to calling application
9 years ago
f1b7b0381a
Remove any chance of passwords persisting in deallocated main memory after application termination
9 years ago
2752bfb1d0
Fix FTBFS on ancient Heimdal versions
9 years ago
56c2b5fc9b
Add deactivated krb5 PKCS login line
9 years ago
7ebf958b10
Write out remaining appdefaults entries on client
9 years ago
53a442c926
Allow Kerberos ticket init via cryptographic card
9 years ago
80c65755dc
Write missing appdefaults section on client machines
9 years ago
d9172dad3c
Add PKI subject mapping to user principals
...
Fix long-standing inability to clear user principal attribute fields
9 years ago
c70ce69a08
Convert the last methods using the kadmin utility to the Heimdal C API
9 years ago
11869fce63
Move keytab export to native Heimdal API
9 years ago
e085706825
Convert service add to C API
9 years ago
5ae128fb8b
Remove dead code from prior commit
9 years ago
0fbc17ac57
Convert machine add to kadmin API
9 years ago
3d6055df7b
Fix local kadmin access
9 years ago
bd30e6c655
Start to move away from using the kadmin binary to using the kadmin client API
9 years ago
a619f64455
Fix a few minor issues with PKI certificate generation
9 years ago
6cddf7dd1c
Minor fixup to cert generation code
9 years ago
07d094fd32
Extend PKCS certificate generation routines
...
This breaks the ABI
9 years ago
c6eab472be
Add PKCS methods
9 years ago
30b251b05b
Clean up revoked certificates when done updating CRL
9 years ago
ba7bc5afac
Fix up certificate expiry detection
9 years ago
c714661bc9
Add certificate store attribute access method
9 years ago
521c4ed590
Add additional CRL manipulation methods
9 years ago
0fce8b42b6
Store CRL expiry in LDAP
9 years ago
efb81441de
Add CRL generation
9 years ago
a97c0c3d54
Implement several methods required for PKI certificate management
9 years ago
54d8d2580c
Extend user key and certificate generation methods
9 years ago
0a81ad9d6e
Fix CN/DN ordering
9 years ago
bc95fa92b0
Properly set CRL URL and fix up a few other glitches
9 years ago
f0eeda5dc8
Allow CRL URL to be set via configuration file
9 years ago
6df22c8ca2
Fix up Kerberos PKI certificate generation
9 years ago
d6f004658d
Allow certificate expiry to be set
9 years ago
f4afc1290d
Extend CA expiry to 1 year
9 years ago
8b16aef38d
Fix incorrect login causing PAM fatal error message
9 years ago
bea400f197
Fix security hole when Kerberos credential caching is enabled
...
The prior PAM stack configuration, while unfortunately present in many online examples, allows storing of an arbitrary cached password for non-Kerberos users by simply entering it twice
10 years ago
5bfd539b84
Make bonding and unbonding methods slightly more robust
11 years ago
571e1739fb
Fix LDAP CA root file configuration
11 years ago
39c401b796
Look for CA file in correct location on bonded machines
11 years ago
2ac300ccc2
Do not replicate olcGlobal by default
11 years ago
3729eac510
Fix incorrect certificate CA file in ldap client configuration
11 years ago
Timothy Pearson