| Age | Commit message (Collapse) | Author |
|---|
|
Heimdal requires the full name and doesn't support the short name that
MIT has as an alias. Change the documentation to use the long name
uniformly.
|
|
All the Wallet::Kadmin::Heimdal functions were canonicalizing principals
using duplicate code, and that code assumed that all principal names
would be unqualified. Centralize that code in one helper routine and
support already-qualified principals so that we can use these functions
easily from the test suite.
|
|
If there is no kadmin host set in the configuration, it's supposed to
fall back on the krb5.conf setting, not hard-code localhost.
|
|
Introduced accidentally during the coding style cleanup.
|
|
Combine a long series of eval blocks into a single block and a single
error check. Remove trailing whitespace, and in some cases remove
trailing () on method calls where the parens aren't useful.
|
|
The MIT kadmin module currently directly runs the MIT kadmin program. Some
data needs to be cleaned during the forks for this. This provides a
callback that can be registered and is called during the fork process,
currently just to mark database handles inactive. It was added to both the
MIT and Heimdal modules, though it's only a stub in the Heimdal module.
Heimdal is not forking kadmin, but the stub is there in order to allow the
caller to not care which module is being used and just always register the
callbacks.
|
|
Improved error handling by adding an error function to the Kadmin sub-modules
which will copy errors down to the Wallet::Object::Keytab error function
rather than relying on too many dies and evals. There still needs to be more
cleanup here, but that will rely on work on Heimdal::Kadm5 as well, to clean
up its own error handling to not spam warnings when called without RaiseError.
Also caught a few more un-evaled error cases where Heimdal::Kadm5 was called,
and fixed an error where RaiseErrors was being set rather than RaiseError due
to an error in Heimdal::Kadm5 docs.
|
|
valid_principal has been removed from Wallet::Kadmin and
Wallet::Kadmin::Heimdal. An accessor for it in Wallet::Object::Keytab
has also been removed, as have the tests in perl/t/keytab.t for the
function. It still remains within Wallet::Kadmin::MIT and is used there,
but only as a private method for flagging what the kadmin command-line
interface cannot handle.
|
|
Strip trailing whitespace, convert tabs to spaces, add newlines to
exceptions, and remove a few stray blank lines and a few other minor
coding style oddities. Make the SQL style consistent.
|
|
randKeyPrincipal was added to the keytab file creation process, in order
to reset a principal to first have all possible enctypes. There is no
way for us to specify that we only want a specific number of fresh enctypes,
so we must reset to have all enctypes first, and then pare down from there
each time we create the keytab.
|
|
* Fixed keytab existence check to avoid failures when called by a principal
with permissions only on specific principals.
* Better error cases for non-existant keytabs in several places.
* Skipped limiting keytabs to certain enctypes when no enctypes are given.
|
|
Added support for Heimdal as an alternative to MIT Kerberos. This involved
separating out the kadmin-specific code into its own set of modules, and
changing the existing Wallet::Object::Keytab code to branch based on
which module is loaded.
|
