Home
last modified time | relevance | path

Searched +full:pam +full:- +full:krb5 (Results 1 – 25 of 84) sorted by relevance

1234

/freebsd/contrib/pam-krb5/
H A DNEWS1 User-Visible pam-krb5 Changes
3 pam-krb5 4.11 (2021-10-17)
7 is closing the PAM session after a fork to free memory resources, but
12 Stop attempting to guess the correct PAM module installation path on
13 Linux systems when --prefix is set to /usr and instead document that
14 --libdir will probably need to be set explicitly. The previous logic
18 Update to rra-c-util 10.0:
23 pam-krb5 4.10 (2021-03-20)
25 When re-retrieving the authenticated principal from the current cache,
31 Update to rra-c-util 9.0:
[all …]
H A DREADME.md1 # pam-krb5 chapter
4 status](https://github.com/rra/pam-krb5/workflows/build/badge.svg)](https://github.com/rra/pam-krb5
6 package](https://img.shields.io/debian/v/libpam-krb5/unstable)](https://tracker.debian.org/pkg/libp…
8 Copyright 2005-2010, 2014-2015, 2017, 2020-2021 Russ Allbery
9 <eagle@eyrie.org>. Copyright 2009-2011 The Board of Trustees of the
11 <dilinger@debian.org>. Copyright 1999-2000 Frank Cusack
12 <fcusack@fcusack.com>. This software is distributed under a BSD-style
18 pam-krb5 is a Kerberos PAM module for either MIT Kerberos or Heimdal. It
20 handling, authentication of non-local accounts for network services,
22 expected PAM features. It works correctly with OpenSSH, even with
[all …]
H A DREADME1 pam-krb5 4.11
2 (PAM module for Kerberos authentication)
5 Copyright 2005-2010, 2014-2015, 2017, 2020-2021 Russ Allbery
6 <eagle@eyrie.org>. Copyright 2009-2011 The Board of Trustees of the
8 <dilinger@debian.org>. Copyright 1999-2000 Frank Cusack
9 <fcusack@fcusack.com>. This software is distributed under a BSD-style
14 pam-krb5 is a Kerberos PAM module for either MIT Kerberos or Heimdal.
16 authorization handling, authentication of non-local accounts for network
18 standard expected PAM features. It works correctly with OpenSSH, even
20 and supports extensive configuration either by PAM options or in
[all …]
H A DMakefile.am1 # Automake makefile for pam-krb5.
4 # Copyright 2005-2007, 2014, 2017, 2020-2021 Russ Allbery <eagle@eyrie.org>
5 # Copyright 2009, 2011-2012
8 # Copyright 1999-2000 Frank Cusack <fcusack@fcusack.com>
10 # SPDX-License-Identifier: BSD-3-clause or GPL-1+
12 ACLOCAL_AMFLAGS = -I m4
13 EXTRA_DIST = .clang-format .gitignore .github LICENSE README.md bootstrap \
14 ci/README.md ci/files/heimdal/heimdal-kdc \
16 ci/files/heimdal/krb5.conf ci/files/heimdal/pki-mapping \
18 ci/files/mit/kadm5.acl ci/files/mit/kdc.conf ci/files/mit/krb5.conf \
[all …]
H A Dconfigure.ac1 dnl Autoconf configuration for pam-krb5.
4 dnl Copyright 2005-2009, 2014, 2017, 2020-2021 Russ Allbery <eagle@eyrie.org>
5 dnl Copyright 2009-2013
8 dnl Copyright 1999-2000 Frank Cusack <fcusack@fcusack.com>
10 dnl SPDX-License-Identifier: BSD-3-clause or GPL-1+
13 AC_INIT([pam-krb5], [4.11], [eagle@eyrie.org]) package
14 AC_CONFIG_AUX_DIR([build-aux])
17 AM_INIT_AUTOMAKE([1.11 check-news dist-xz foreign silent-rules subdir-objects
18 -Wall -Werror])
32 LT_INIT([disable-static])
[all …]
H A DTODO1 pam-krb5 To-Do List
3 PAM API:
7 available in the PAM data) and trying a regular authentication first to
14 these into one PAM conversation call for better GUI presentation
21 password. This will fix failure to store passwords in the PAM data
28 pam-krb5 is run as a non-root user and hence doesn't have access to the
30 developed for a different PAM authentication module, and it would be
35 escaped @-signs and doesn't do proper principal parsing.
44 * Support disabling of user canonicalization so that the PAM user is
49 This poses some challenges due to the two-step ticket cache mechanism
[all …]
H A DLICENSE1 Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
3 every file in this package in a machine-readable format. For a less
4 detailed, higher-level overview, see README.
6 For any copyright year range specified as YYYY-ZZZZ in this file, the
10 Copyright: 1999-2000 Frank Cusack <fcusack@fcusack.com>
12 2005-2010, 2014-2015, 2017, 2020-2021 Russ Allbery <eagle@eyrie.org>
13 2008-2014 The Board of Trustees of the Leland Stanford Junior University
14 License: BSD-3-clause or GPL-1+
16 Files: .clang-format docs/pam_krb5.5 docs/pam_krb5.pod pam-util/vector.c
17 pam-util/vector.h portable/asprintf.c portable/dummy.c
[all …]
H A Dbootstrap5 set -e
7 autoreconf -i --force
8 rm -rf autom4te.cache
11 version=`grep '^pam-krb5' NEWS | head -1 | cut -d' ' -f2`
12 pod2man --release="$version" --center=pam-krb5 -s 5 docs/pam_krb5.pod \
/freebsd/contrib/pam-krb5/docs/
H A Ddocknot.yaml1 # Package metadata for pam-krb5.
10 # Copyright 2017, 2020-2021 Russ Allbery <eagle@eyrie.org>
12 # SPDX-License-Identifier: BSD-3-clause or GPL-1+
16 name: pam-krb5
19 synopsis: PAM module for Kerberos authentication
22 name: BSD-3-clause-or-GPL-1+
24 - holder: Russ Allbery <eagle@eyrie.org>
25 years: 2005-2010, 2014-2015, 2017, 2020-2021
26 - holder: The Board of Trustees of the Leland Stanford Junior University
27 years: 2009-2011
[all …]
H A Dpam_krb5.pod2 KRB5CCNAME ChallengeResponseAuthentication GSS-API Heimdal KDC PKINIT
4 canonicalized ccache krb5.conf forwardable kdestroy keytab libdefaults
5 logout pam-krb5 preauth 0.8rc1 screensaver screensavers sshd localname
6 krb5.conf. 0.8rc1. Allbery Cusack Salomon FSFAP SPDX-License-Identifier
11 pam_krb5 - Kerberos PAM module
22 The Kerberos service module for PAM, typically installed at
23 F</lib/security/pam_krb5.so>, provides functionality for the four PAM
26 dynamically loaded by the PAM subsystem as necessary, based on the system
27 PAM configuration. PAM is a system for plugging in external
30 user session on that system. For details on how to configure PAM on your
[all …]
/freebsd/lib/libpam/modules/pam_krb5/
H A Dpam-krb5.81 .\" -*- mode: troff; coding: utf-8 -*-
58 .TH PAM_KRB5 1 2025-06-05 "perl v5.40.2" "User Contributed Perl Documentation"
64 pam_krb5 \- Kerberos PAM module
75 The Kerberos service module for PAM, typically installed at
76 \&\fI/lib/security/pam_krb5.so\fR, provides functionality for the four PAM
79 dynamically loaded by the PAM subsystem as necessary, based on the system
80 PAM configuration. PAM is a system for plugging in external
83 user session on that system. For details on how to configure PAM on your
84 system, see the PAM man page, often \fBpam\fR\|(7).
90 former takes the username from the PAM session, prompts for the user's
[all …]
H A DMakefile29 SRCDIR= ${SRCTOP}/contrib/pam-krb5
32 ${SRCDIR}/pam-util \
37 LIBADD= com_err krb5
40 alt-auth.c \
47 krb5-extra.c \
49 pam-util_options.c \
60 MAN= pam-krb5.8
61 MLINKS= pam-krb5.8 pam_krb5.8
63 CFLAGS= -I${SRCDIR} \
64 -I${.CURDIR} \
[all …]
H A Dconfig.h54 /* Define to 1 if you have the <kerberosv5/krb5.h> header file. */
132 /* Define to 1 if you have the <krb5.h> header file. */
141 /* Define to 1 if you have the <krb5/krb5.h> header file. */
189 /* Define to 1 if you have the <pam/pam_appl.h> header file. */
192 /* Define to 1 if you have the <pam/pam_ext.h> header file. */
195 /* Define to 1 if you have the <pam/pam_modutil.h> header file. */
273 /* Define to the sub-directory where libtool stores uninstalled libraries. */
276 /* The name of the PAM module, used by the pam_vsyslog replacement. */
280 #define PACKAGE "pam-krb5"
286 #define PACKAGE_NAME "pam-krb5"
[all …]
/freebsd/contrib/pam-krb5/tests/pam-util/
H A Doptions-t.c2 * PAM option parsing test suite.
4 * The canonical version of this file is maintained in the rra-c-util package,
5 * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>.
9 * Copyright 2010-2014
30 * SPDX-License-Identifier: MIT
34 #include <portable/pam.h>
39 #include <pam-util/args.h>
40 #include <pam-util/options.h>
41 #include <pam-util/vector.h>
42 #include <tests/fakepam/pam.h>
[all …]
/freebsd/secure/libexec/sshd-auth/
H A DMakefile4 PROG= sshd-auth
5 SRCS= sshd-auth.c \
6 auth2-methods.c \
7 auth-rhosts.c auth-passwd.c sshpty.c sshlogin.c servconf.c \
8 serverloop.c auth.c auth2.c auth-options.c session.c auth2-chall.c \
9 groupaccess.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \
10 auth2-none.c auth2-passwd.c auth2-pubkey.c auth2-pubkeyfile.c \
11 auth2-gss.c gss-serv.c gss-serv-krb5.c \
12 monitor_wrap.c auth-krb5.c \
13 audit.c audit-bsm.c audit-linux.c platform.c \
[all …]
/freebsd/secure/libexec/sshd-session/
H A DMakefile4 PROG= sshd-session
5 SRCS= sshd-session.c auth-rhosts.c auth-passwd.c \
6 audit.c audit-bsm.c audit-linux.c platform.c \
8 auth.c auth2.c auth2-methods.c auth-options.c session.c \
9 auth2-chall.c groupaccess.c \
10 auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \
11 auth2-none.c auth2-passwd.c auth2-pubkey.c auth2-pubkeyfile.c \
12 monitor.c monitor_wrap.c auth-krb5.c \
13 auth2-gss.c gss-serv.c gss-serv-krb5.c \
14 loginrec.c auth-pam.c auth-shadow.c auth-sia.c \
[all …]
/freebsd/contrib/pam-krb5/pam-util/
H A Doptions.c2 * Parse PAM options into a struct.
5 * options go where, parse both the PAM configuration options and any options
6 * from a Kerberos krb5.conf file and fill out the struct.
8 * The canonical version of this file is maintained in the rra-c-util package,
9 * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>.
13 * Copyright 2006-2008, 2010-2011, 2013-2014
34 * SPDX-License-Identifier: MIT
39 # include <portable/krb5.h>
45 #include <pam-util/args.h>
46 #include <pam-util/logging.h>
[all …]
H A Doptions.h2 * Interface to PAM option parsing.
9 * The canonical version of this file is maintained in the rra-c-util package,
10 * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>.
14 * Copyright 2010-2011, 2013
35 * SPDX-License-Identifier: MIT
43 # include <portable/krb5.h>
58 * value of a PAM setting when the target variable type is a list.)
73 * it can be specified in a krb5.conf file, its type, and its default value if
74 * not set. Note that PAM configuration options are specified as strings, so
88 * and number is in the parsing of a user-supplied value and the type of the
[all …]
/freebsd/contrib/pam-krb5/module/
H A Dpublic.c2 * The public APIs of the pam-afs-session PAM module.
11 * Copyright 2005-2009, 2017, 2020 Russ Allbery <eagle@eyrie.org>
15 * Copyright 1999-2000 Frank Cusack <fcusack@fcusack.com>
17 * SPDX-License-Identifier: BSD-3-clause or GPL-1+
27 #include <portable/pam.h>
31 #include <pam-util/args.h>
32 #include <pam-util/logging.h>
36 * The main PAM interface for authorization checking.
53 * Succeed if the user did not use krb5 to login. Ideally, we should in pam_sm_acct_mgmt()
55 * PAM configuration, but it's not common for the user to do so and that's in pam_sm_acct_mgmt()
[all …]
H A Doptions.c2 * Option handling for pam-krb5.
5 * internal functions. Retrieves configuration information from krb5.conf and
6 * parses the PAM configuration.
8 * Copyright 2005-2010, 2014, 2020 Russ Allbery <eagle@eyrie.org>
9 * Copyright 2011-2012
12 * Copyright 1999-2000 Frank Cusack <fcusack@fcusack.com>
14 * SPDX-License-Identifier: BSD-3-clause or GPL-1+
18 #include <portable/krb5.h>
24 #include <pam-util/args.h>
25 #include <pam-util/logging.h>
[all …]
H A Dinternal.h2 * Internal prototypes and structures for pam-krb5.
4 * Copyright 2005-2009, 2014, 2020 Russ Allbery <eagle@eyrie.org>
8 * Copyright 1999-2000 Frank Cusack <fcusack@fcusack.com>
10 * SPDX-License-Identifier: BSD-3-clause or GPL-1+
17 #include <portable/krb5.h>
19 #include <portable/pam.h>
34 * across calls to the public entry points. This context is stored in the PAM
51 * The global structure holding our arguments, both from krb5.conf and from
52 * the PAM configuration. Filled in by pamk5_init and stored in the pam_args
76 /* PAM behavior. */
[all …]
H A Dcontext.c4 * The context structure is the internal state maintained by the pam-krb5
7 * Copyright 2005-2009, 2014, 2020-2021 Russ Allbery <eagle@eyrie.org>
11 * Copyright 1999-2000 Frank Cusack <fcusack@fcusack.com>
13 * SPDX-License-Identifier: BSD-3-clause or GPL-1+
17 #include <portable/pam.h>
23 #include <pam-util/args.h>
24 #include <pam-util/logging.h>
28 * Create a new context and populate it with the user from PAM and the current
43 ctx->cache = NULL; in pamk5_context_new()
44 ctx->princ = NULL; in pamk5_context_new()
[all …]
/freebsd/contrib/pam-krb5/tests/module/
H A Drealm-t.c2 * Authentication tests for realm support in pam-krb5.
4 * Test the realm and user_realm option in the PAM configuration, which is
5 * special in several ways since it influences krb5.conf parsing and is read
10 * Copyright 2011-2012
13 * SPDX-License-Identifier: BSD-3-clause or GPL-1+
17 #include <portable/krb5.h>
22 #include <tests/fakepam/pam.h>
41 config.user = krbconf->username; in main()
42 config.authtok = krbconf->password; in main()
50 run_script("data/scripts/realm/fail-no-realm", &config); in main()
[all …]
H A Dpassword-t.c2 * Authentication tests for the pam-krb5 module with ticket cache.
6 * PAM module running as the same user for which the ticket cache will be
11 * Copyright 2011-2012, 2014
14 * SPDX-License-Identifier: BSD-3-clause or GPL-1+
18 #include <portable/krb5.h>
19 #include <portable/pam.h>
26 #include <tests/fakepam/pam.h>
44 is_string(config->newpass, authtok, "...and it is correct"); in check_authtok()
58 config.user = krbconf->username; in main()
59 config.password = krbconf->password; in main()
[all …]
/freebsd/contrib/pam-krb5/ci/
H A Dkdc-setup-mit6 # scratch suitable for testing pam-krb5. It is primarily intended to be run
7 # from inside CI in a VM or container from the top of the pam-krb5 source
13 # SPDX-License-Identifier: MIT
15 set -eux
18 apt-get install krb5-admin-server krb5-kdc krb5-pkinit openssl
25 cp ci/files/mit/krb5.conf /etc/krb5.conf
27 # Add domain-realm mappings for the local host, since otherwise Heimdal and
31 cat <<EOF >>/etc/krb5.conf
33 $(hostname -f) = MIT.TEST
37 kdb5_util create -s -P 'this is a test master database password'
[all …]

1234