1. 05 Jan, 2016 1 commit
  2. 04 Jan, 2016 16 commits
  3. 03 Jan, 2016 8 commits
  4. 29 Dec, 2015 2 commits
    • Bill MacAllister's avatar
      2a03ce35
    • Bill MacAllister's avatar
      Add error check for partially created AD keytabs · d1b81776
      Bill MacAllister authored
      The msktutil script does not always signal error conditions.  This
      change implements a check that examines the output from msktutil
      and reports and error when the keytab creation fails to create
      the keytab but does create a computer entry in the directory.  If
      an error is detected the directory entry is deleted leaving the
      directory in a clean state.
      
      Also, support has been added for output of debugging information
      to syslog using the AD_DEBUG configuration variable.
      
      Finally perltidy suggested changes were made to AD.pm.
      d1b81776
  5. 18 Dec, 2015 1 commit
  6. 15 Dec, 2015 5 commits
  7. 03 Dec, 2015 1 commit
    • Bill MacAllister's avatar
      Implement support for managed Active Directory keytabs · 0eb853eb
      Bill MacAllister authored
      This version implements Active Directory as the store for keytabs.
      The interface to Active Directory uses a combination of direct LDAP
      queries and the msktutil utility.  This version does not support the
      wallet unchanging flag.  Unchanging requires that a keytab be
      retrieved without changing the password/kvno which is not supported by
      msktutil.
      0eb853eb
  8. 19 Nov, 2015 6 commits
    • Jon Robertson's avatar
      Added Wallet::ACL::LDAP::Attribute::Root · 6b0cad57
      Jon Robertson authored
      Added a version of the LDAP attribute ACL.  Like the root version for
      NetDB, this requires that the principal end in /root, and then strips
      off /root before doing matching against the given LDAP attribute.
      
      Change-Id: I23119ef9c9ce3e0556f5d71a509815f2efc1bbe6
      6b0cad57
    • Jon Robertson's avatar
      ldap-attr.t: Updated tests to use jonrober rather than rra · e353e236
      Jon Robertson authored
      Change-Id: I842a7335a4b50c9c20b921ae2efc63aab571635e
      e353e236
    • Jon Robertson's avatar
      stanford.t: Added netdb configuration to policy tests · 2e00a586
      Jon Robertson authored
      Since we now check to see if something is a valid netdb node entry for
      the ACL verifiers, we need to have a valid netdb setup to run.
      
      Change-Id: Ic2651f8b8b306dfa1f426d91f329b5100a9a1d64
      2e00a586
    • Jon Robertson's avatar
      Added wallet report for nested ACL · 5d668b86
      Jon Robertson authored
      We needed a way to report on where all a specific ACL might be nested,
      since we can't destroy an ACL until it's no longer being nested.  For
      the immediate this is part of wallet-report.
      
      Change-Id: I41c11b73325d1eb3a28289eac3505bf965877be1
      5d668b86
    • Jon Robertson's avatar
      ACL.pm: Destroying a nested ACL will now fail · 43f386a6
      Jon Robertson authored
      When destroying an ACL nested in other ACLs, we now fail with an
      explanation rather than going through to remove all the places it's
      nested.  That's more in line with how we handle trying to destroy ACLs
      that own things.
      
      Change-Id: I8bc0530e37c54369ec52d9b369f8fabe98def77a
      43f386a6
    • Jon Robertson's avatar
      Nested.pm: Updated comments around constructor · 0b4201c8
      Jon Robertson authored
      Removed some default text and explained why we grab the database handle
      for future use.
      
      Change-Id: I50b3ae06c1761453de3140d501830c245d550c04
      0b4201c8