]> git.samba.org - kamenim/samba.git/commit
git.samba.org / kamenim / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 47a7a2e) | patch
s4:kerberos Add support for user principal names in certificates
authorAndrew Bartlett <abartlet@samba.org>
Tue, 28 Jul 2009 04:05:19 +0000 (14:05 +1000)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 28 Jul 2009 04:10:47 +0000 (14:10 +1000)
commit8ff1f50b0c47f7ff92d557ef4caf64a44b387ab4
tree98f832f301c2e5c92a1391f1ae2bb9a6a1590e52tree
parent47a7a2e442c7e006eca8188c6a01707d85c4e61ccommit | diff
s4:kerberos Add support for user principal names in certificates

This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ.  (This was a TODO in
the Heimdal KDC)

The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).

Andrew Bartlett
selftest/target/Samba4.pm diff | blob | history
source4/auth/ntlm/auth_sam.c diff | blob | history
source4/auth/sam.c diff | blob | history
source4/heimdal/kdc/kerberos5.c diff | blob | history
source4/heimdal/kdc/pkinit.c diff | blob | history
source4/heimdal/lib/hdb/hdb.h diff | blob | history
source4/kdc/hdb-samba4.c diff | blob | history
testprogs/blackbox/test_kinit.sh diff | blob | history
kamenim's wip repo