Home
last modified time | relevance | path

Searched full:kdc (Results 1 – 25 of 410) sorted by relevance

12345678910>>...17

/freebsd/contrib/pam-krb5/ci/
H A Dkdc-setup-heimdal17 # Install the KDC.
18 apt-get install heimdal-kdc
21 cp ci/files/heimdal/heimdal-kdc /etc/default/heimdal-kdc
22 cp ci/files/heimdal/kadmind.acl /etc/heimdal-kdc/kadmind.acl
23 cp ci/files/heimdal/kdc.conf /etc/heimdal-kdc/kdc.conf
25 cp ci/files/heimdal/pki-mapping /etc/heimdal-kdc/pki-mapping
27 # Some versions of heimdal-kdc require this.
28 ln -s /etc/heimdal-kdc/kadmind.acl /var/lib/heimdal-kdc/kadmind.acl
38 cat <<EOF >>/etc/heimdal-kdc/kdc.conf
43 # Create the basic KDC.
[all …]
H A Dkdc-setup-mit17 # Install the KDC and the OpenSSL command line tool.
18 apt-get install krb5-admin-server krb5-kdc krb5-pkinit openssl
22 cp ci/files/mit/extensions.kdc /etc/krb5kdc/extensions.kdc
24 cp ci/files/mit/kdc.conf /etc/krb5kdc/kdc.conf
36 # Create the basic KDC.
62 # Create the certificate for the MIT Kerberos KDC.
64 openssl req -new -out /var/lib/krb5kdc/kdc.req \
66 REALM=MIT.TEST openssl x509 -req -in /var/lib/krb5kdc/kdc.req \
68 -out /var/lib/krb5kdc/kdc.pem -days 365 \
69 -extfile /etc/krb5kdc/extensions.kdc -extensions kdc_cert \
[all …]
/freebsd/crypto/heimdal/
H A DChangeLog.20063 * kdc/process.c: Handle kx509 requests.
5 * kdc/connect.c: Listen to 9878 if kca is turned on.
7 * kdc/headers.h: Include <kx509_asn1.h>.
9 * kdc/config.c: code to parse [kdc]enable-kx509
11 * kdc/kdc.h: add enable_kx509
13 * kdc/Makefile.am: add kx509.c
15 * kdc/kx509.c: Kx509server (external certificate genration).
21 * kdc/digest.c: Remove <digest_asn.h>, its already included in
24 * kdc/digest.c: Return session key for the NTLMv2 case too
37 * kdc/digest.c: Prefix internal symbol with _kdc_.
[all …]
H A DChangeLog.200029 * kdc/main.c (main): handle krb5_init_context failure consistently
175 * kdc/kerberos5.c (tgs_rep2): adapt to new krb5_verify_ap_req2
213 * kdc/hpropd.8: remove extra .Xc
221 * kdc/524.c: fix log messge
229 * kdc/connect.c (add_new_tcp): check for the socket fd being too
231 * kdc/connect.c (loop): check that the socket fd is not too large
236 * kdc/kaserver.c (do_authenticate): check for time skew
240 * kdc/524.c (set_address): allocate memory for storing addresses
242 * kdc/524.c (set_address): fix bad return of pointer to automatic
271 * kdc/524.c: re-organize
[all …]
H A DChangeLog.20053 * kdc/kerberos5.c (tgs_make_reply): less const on hdb_entry_ex to
6 * fix-export: Build kdc-private.h.
10 * kdc/kerberos5.c (tgs_rep2): also print the principal for which
15 * kdc/kaserver.c: Finish up transition from hdb_entry to
18 * kdc/kerberos4.c: Finish up transition from hdb_entry to
21 * kdc/524.c: Finish up transition from hdb_entry to hdb_entry_ex.
23 * kdc/kerberos5.c: Finish up transition from hdb_entry with
47 * lib/hdb, kdc, kadmin/load.c: Wrap hdb_entry with hdb_entry_ex, patch
53 * kdc/kerberos5.c (tgs_make_reply): there are no such things a
56 * kdc/kdc_locl.h: Remove private prototypes and instead include
[all …]
H A DChangeLog.20028 * kdc/kdc_locl.h: remove old encrypt_v4_ticket prototype
15 * kdc/connect.c (init_socket): initialise sa_size to size of
24 * kdc/524.c: implement crude b2 style (non-)conversion for use
27 * kdc/kerberos4.c: move encrypt_v4_ticket to 524.c, since that's
40 * kdc/connect.c: check that %-quotes are followed by two hex
46 * kdc/kaserver.c: make sure life is positive (from John Godehn)
112 * kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
113 kdc/kaserver.c (krb5_ret_xdr_data),
136 * kdc/kerberos5.c (encode_reply): correct error logging
152 * kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
[all …]
H A DChangeLog.199822 * kdc/connect.c (init_socket): bind to a particular address
49 * kdc/kerberos5.c (as_rep): set keytype to sess_ktype if
65 * kdc/hprop.c (v4_prop): fix bogus indexing
118 * kdc/kerberos5.c: allow mis-match of tgt session key, and service
176 * kdc/connect.c (handle_udp, handle_tcp): correct type of `n'
211 * kdc/kerberos4.c (swap32): conditionalize
246 * kdc/kerberos5.c (check_flags): handle case where client is NULL
248 * kdc/connect.c (process_request): return zero after processing
293 * kdc/kdc_locl.h: proto for `get_des_key'
301 * kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys
[all …]
H A DNEWS45 - Check NULL pointers before dereference them [kdc]
64 - Store KDC offset in credentials
78 - Better support for finding keytab entries when using SPN aliases in the KDC
82 - Try both KDC referals and the common DNS reverse lookup in GSS-API
87 - Remove Kerberos 4 support in application (still in KDC)
115 - Bugfixes in LDAP KDC code to make it more stable
201 * Handle [kdc] database = { } entries without realm = stanzas.
265 * Subsystem in the KDC, digest, that will perform the digest
266 operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL
269 * KDC will return the "response too big" error to force TCP retries
[all …]
H A DChangeLog.200384 * kdc/pkinit.c: add support for KDC side of DH PKINIT
99 * kdc/pkinit.c: clean up
105 * kdc/pkinit.c: print an error and turn of pkinit if openssl
108 * kdc/config.c: read pkinit (pki-mumble) configuration options
110 * kdc/kerberos5.c: add pkinit support
112 * kdc/kdc_locl.h: add prototypes for pkinit
114 * kdc/pkinit.c: PKINIT patch from Daniel Kouril and Petr Holub, I
144 * kpasswd/kpasswdd.c (main): parse kdc.conf
165 * kdc/kerberos5.c (tgs_rep2): don't free ticket, krb5_free_ticket
208 * kdc/kerberos5.c: make sure that the server realm and the krbtgt
[all …]
/freebsd/crypto/heimdal/kdc/
H A Ddefault_config.c72 "kdc", "require-preauth", NULL); in krb5_kdc_get_config()
77 "kdc", "enable-digest", NULL); in krb5_kdc_get_config()
83 "kdc", in krb5_kdc_get_config()
106 "kdc", "enable-kx509", NULL); in krb5_kdc_get_config()
111 "kdc", "kx509_template", NULL); in krb5_kdc_get_config()
114 "kdc", "kx509_ca", NULL); in krb5_kdc_get_config()
126 "kdc", in krb5_kdc_get_config()
131 "kdc", in krb5_kdc_get_config()
136 "kdc", in krb5_kdc_get_config()
141 "kdc", in krb5_kdc_get_config()
[all …]
H A DMakefile.am13 libexec_PROGRAMS = hprop hpropd kdc digest-service program
15 noinst_PROGRAMS = kdc-replay
17 man_MANS = kdc.8 kstash.8 hprop.8 hpropd.8 string2key.8
35 kdc-private.h \
36 kdc-protos.h \
52 $(libkdc_la_OBJECTS): $(srcdir)/kdc-protos.h $(srcdir)/kdc-private.h
61 $(srcdir)/kdc-protos.h:
62 …srcdir) && perl ../cf/make-proto.pl -q -P comment -o kdc-protos.h $(libkdc_la_SOURCES) || rm -f kd…
64 $(srcdir)/kdc-private.h:
65 …srcdir) && perl ../cf/make-proto.pl -q -P comment -p kdc-private.h $(libkdc_la_SOURCES) || rm -f k…
[all …]
H A Dkdc.838 .Nm kdc
76 .Pa /var/heimdal/kdc.conf .
92 Gives an upper limit on the size of the requests that the kdc is
95 Makes the kdc listen on port 80 and handle requests encapsulated in HTTP.
112 This option is only available if the KDC has been compiled with version
115 Specifies the set of ports the KDC should listen on.
120 By default, the kdc will listen on all the locally configured
127 disable add des encryption types, makes the kdc not use them.
135 .Nm kdc .
142 Options specific to the KDC only are found in the
[all …]
H A DMakefile.in50 libexec_PROGRAMS = hprop$(EXEEXT) hpropd$(EXEEXT) kdc$(EXEEXT) \
52 noinst_PROGRAMS = kdc-replay$(EXEEXT)
54 subdir = kdc
172 am_kdc_OBJECTS = kdc-connect.$(OBJEXT) kdc-config.$(OBJEXT) \
173 kdc-announce.$(OBJEXT) kdc-main.$(OBJEXT)
180 kdc_replay_SOURCES = kdc-replay.c
181 kdc_replay_OBJECTS = kdc-replay.$(OBJEXT)
211 $(hprop_SOURCES) $(hpropd_SOURCES) $(kdc_SOURCES) kdc-replay.c \
214 $(hprop_SOURCES) $(hpropd_SOURCES) $(kdc_SOURCES) kdc-replay.c \
469 man_MANS = kdc.8 kstash.8 hprop.8 hpropd.8 string2key.8
[all …]
/freebsd/crypto/krb5/src/util/profile/
H A Dkrb5.conf8 # kdc = kerberos-2000.mit.edu
9 kdc = kerberos.mit.edu
10 kdc = kerberos-1.mit.edu
11 kdc = kerberos-2.mit.edu
12 kdc = kerberos-3.mit.edu
17 kdc = kerberos.media.mit.edu
21 kdc = casio.mit.edu
22 kdc = seiko.mit.edu
26 kdc = three-headed-dogcow.mit.edu
27 kdc = three-headed-dogcow-1.mit.edu
[all …]
/freebsd/crypto/krb5/src/man/
H A Dkrb5kdc.man32 krb5kdc \- Kerberos V5 KDC
50 Distribution Center (AS/KDC).
67 master key in the database (usually \fBK/M\fP in the KDC\(aqs realm).
72 The \fB\-n\fP option specifies that the KDC does not put itself in the
75 The \fB\-P\fP \fIpid_file\fP option tells the KDC to write its PID into
77 the KDC is still running and to allow init scripts to stop the correct
81 numbers which the KDC should listen on for Kerberos version 5
84 \fI\%kdc.conf\fP, but may be overridden by realm\-specific values.
87 The \fB\-w\fP \fInumworkers\fP option tells the KDC to fork \fInumworkers\fP
88 processes to listen to the KDC ports and process requests in parallel.
[all …]
H A Dkdc.conf.man31 .TH "KDC.CONF" "5" " " "1.22.1" "MIT Kerberos"
33 kdc.conf \- Kerberos V5 KDC configuration file
35 The kdc.conf file supplements \fI\%krb5.conf\fP for programs which
36 are typically only used on a KDC, such as the \fI\%krb5kdc\fP and
39 KDC programs mentioned, krb5.conf and kdc.conf will be merged into a
42 Normally, the kdc.conf file is found in the KDC state directory,
46 Please note that you need to restart the KDC daemon for any configuration
50 The kdc.conf file is set up in the same format as the
54 The kdc.conf file may contain the following sections:
62 Default values for KDC behavior
[all …]
H A Dkadmind.man50 runs on the primary Kerberos server, which stores the KDC database.
51 If the KDC database uses the LDAP module, the administration server
52 and the KDC server need not run on the same machine. kadmind accepts
60 .B \fI\%kdc.conf\fP
61 The KDC configuration file contains configuration information for
62 the KDC and admin servers. kadmind uses settings in this file to
70 ACL file can be specified with the \fBacl_file\fP \fI\%kdc.conf\fP
78 Incremental propagation allows replica KDC servers to receive
81 \fI\%kdc.conf\fP file with the \fBiprop_enable\fP option. Incremental
83 PRIMARY is the primary KDC\(aqs canonical host name, and REALM the realm
[all …]
H A Dkinit.man84 resubmitted to the KDC for validation before use.
121 \fBinvalid\fP flag set) be passed to the KDC for validation. If the
132 because the KDC applies a grace period to account for client\-KDC
141 but any principal may be specified. On a KDC, the special keytab
143 the KDC database and look up the key directly. This permits an
151 For fully anonymous Kerberos, configure pkinit on the KDC and
155 name). If permitted by the KDC, an anonymous ticket will be
161 principal name. If supported by the KDC, the principal (but not
164 As of release 1.8, the MIT Kerberos KDC only supports fully
175 preselecting the same methods of authenticating to the KDC.
[all …]
/freebsd/crypto/heimdal/lib/krb5/
H A Dkrb5.conf.5154 Maximum time to wait for a reply from the kdc, default is 3 seconds.
194 Use DNS SRV records to lookup KDC services location.
199 and the KDC, and then compensate for that when issuing requests.
201 The max number of times to try to contact each KDC.
204 considered usable to send messages to the KDC.
227 A HTTP-proxy to use when talking to the KDC via HTTP.
287 .It Li kdc = Va [service/]host[:port]
302 specifies over what medium the kdc should be
346 Secondly, it tells the KDC (and other servers) which realms are
367 .It Li [kdc]
[all …]
H A Dkrb5_err.et23 error_code POLICY, "KDC policy rejects request"
24 error_code BADOPTION, "KDC can't fulfill requested option"
25 error_code ETYPE_NOSUPP, "KDC has no support for encryption type"
26 error_code SUMTYPE_NOSUPP, "KDC has no support for checksum type"
27 error_code PADATA_TYPE_NOSUPP, "KDC has no support for padata type"
28 error_code TRTYPE_NOSUPP, "KDC has no support for transited type"
39 error_code PATH_NOT_ACCEPTED, "KDC Policy rejects transited path"
77 error_code KDC_NOT_TRUSTED, "KDC not trusted"
106 #error_code ERR_KDC_NOT_FOUND, "IAKERB proxy could not find a KDC"
107 #error_code ERR_KDC_NO_RESPONSE, "IAKERB proxy never reeived a response from a KDC"
[all …]
/freebsd/crypto/heimdal/doc/
H A Dwin2k.texi20 * Configuring Windows to use a Heimdal KDC::
21 * Inter-Realm keys (trust) between Windows and a Heimdal KDC::
25 * Quirks of Windows 2000 KDC::
29 @node Configuring Windows to use a Heimdal KDC, Inter-Realm keys (trust) between Windows and a Heim…
31 @section Configuring Windows to use a Heimdal KDC
50 to a member in an NT domain, and specify the KDC server of the realm
54 C:> ksetup /addkdc EXAMPLE.COM kdc.example.com
86 …ys (trust) between Windows and a Heimdal KDC, Create account mappings, Configuring Windows to use …
88 @section Inter-Realm keys (trust) between Windows and a Heimdal KDC
102 to use a Heimdal KDC}.
[all …]
/freebsd/contrib/pam-krb5/ci/files/heimdal/
H A Dkdc.conf1 # Heimdal KDC configuration. -*- conf -*-
6 [kdc]
7 acl_file = /etc/heimdal-kdc/kadmind.acl
14 pkinit_identity = FILE:/etc/heimdal-kdc/kdc.pem
15 pkinit_anchors = FILE:/etc/heimdal-kdc/ca/ca.pem
16 pkinit_mappings_file = /etc/heimdal-kdc/pki-mapping
27 kdc = 127.0.0.1
/freebsd/crypto/krb5/src/include/krb5/
H A Daudit_plugin.h37 * Declarations for KDC audit plugin module implementers. Audit modules allow
38 * the KDC to produce log output or audit records in any desired form.
66 /** KDC processing steps */
79 /** KDC audit state structure and declarations */
85 int stage; /**< step in KDC processing */
86 const char *status; /**< KDC status message */
105 * auditable KDC events should be recorded.
119 * Log KDC-start event.
132 * Log KDC-stop event.
152 * - Full information about KDC request, assigned request ID, client address
[all …]
/freebsd/crypto/krb5/src/lib/krb5/os/
H A Dtd_krb5.conf6 kdc = FIRST.KDC.HOST
7 kdc = SECOND.KDC.HOST:88
8 admin_server = FIRST.KDC.HOST
12 kdc = KERBEROS.IGGY.ORG
13 kdc = KERBEROS-B.IGGY.ORG
/freebsd/crypto/krb5/src/lib/krb5/error_tables/
H A Dkrb5_err.et53 error_code KRB5KDC_ERR_POLICY, "KDC policy rejects request"
54 error_code KRB5KDC_ERR_BADOPTION, "KDC can't fulfill requested option"
55 error_code KRB5KDC_ERR_ETYPE_NOSUPP, "KDC has no support for encryption type"
56 error_code KRB5KDC_ERR_SUMTYPE_NOSUPP, "KDC has no support for checksum type"
57 error_code KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KDC has no support for padata type"
58 error_code KRB5KDC_ERR_TRTYPE_NOSUPP, "KDC has no support for transited type"
70 error_code KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KDC policy rejects transited path"
107 error_code KRB5KDC_ERR_KDC_NOT_TRUSTED, "KDC not trusted"
112 error_code KRB5KDC_ERR_WRONG_REALM, "Realm not local to KDC"
120 error_code KRB5KDC_ERR_KDC_NAME_MISMATCH, "KDC name mismatch"
[all …]

12345678910>>...17