1. 05 Jan, 2016 1 commit
  2. 04 Jan, 2016 16 commits
  3. 03 Jan, 2016 8 commits
  4. 29 Dec, 2015 2 commits
    • Bill MacAllister's avatar
    • Bill MacAllister's avatar
      Add error check for partially created AD keytabs · d1b81776
      Bill MacAllister authored
      The msktutil script does not always signal error conditions.  This
      change implements a check that examines the output from msktutil
      and reports and error when the keytab creation fails to create
      the keytab but does create a computer entry in the directory.  If
      an error is detected the directory entry is deleted leaving the
      directory in a clean state.
      Also, support has been added for output of debugging information
      to syslog using the AD_DEBUG configuration variable.
      Finally perltidy suggested changes were made to AD.pm.
  5. 18 Dec, 2015 1 commit
  6. 15 Dec, 2015 5 commits
  7. 03 Dec, 2015 1 commit
    • Bill MacAllister's avatar
      Implement support for managed Active Directory keytabs · 0eb853eb
      Bill MacAllister authored
      This version implements Active Directory as the store for keytabs.
      The interface to Active Directory uses a combination of direct LDAP
      queries and the msktutil utility.  This version does not support the
      wallet unchanging flag.  Unchanging requires that a keytab be
      retrieved without changing the password/kvno which is not supported by
  8. 19 Nov, 2015 6 commits
    • Jon Robertson's avatar
      Added Wallet::ACL::LDAP::Attribute::Root · 6b0cad57
      Jon Robertson authored
      Added a version of the LDAP attribute ACL.  Like the root version for
      NetDB, this requires that the principal end in /root, and then strips
      off /root before doing matching against the given LDAP attribute.
      Change-Id: I23119ef9c9ce3e0556f5d71a509815f2efc1bbe6
    • Jon Robertson's avatar
      ldap-attr.t: Updated tests to use jonrober rather than rra · e353e236
      Jon Robertson authored
      Change-Id: I842a7335a4b50c9c20b921ae2efc63aab571635e
    • Jon Robertson's avatar
      stanford.t: Added netdb configuration to policy tests · 2e00a586
      Jon Robertson authored
      Since we now check to see if something is a valid netdb node entry for
      the ACL verifiers, we need to have a valid netdb setup to run.
      Change-Id: Ic2651f8b8b306dfa1f426d91f329b5100a9a1d64
    • Jon Robertson's avatar
      Added wallet report for nested ACL · 5d668b86
      Jon Robertson authored
      We needed a way to report on where all a specific ACL might be nested,
      since we can't destroy an ACL until it's no longer being nested.  For
      the immediate this is part of wallet-report.
      Change-Id: I41c11b73325d1eb3a28289eac3505bf965877be1
    • Jon Robertson's avatar
      ACL.pm: Destroying a nested ACL will now fail · 43f386a6
      Jon Robertson authored
      When destroying an ACL nested in other ACLs, we now fail with an
      explanation rather than going through to remove all the places it's
      nested.  That's more in line with how we handle trying to destroy ACLs
      that own things.
      Change-Id: I8bc0530e37c54369ec52d9b369f8fabe98def77a
    • Jon Robertson's avatar
      Nested.pm: Updated comments around constructor · 0b4201c8
      Jon Robertson authored
      Removed some default text and explained why we grab the database handle
      for future use.
      Change-Id: I50b3ae06c1761453de3140d501830c245d550c04