| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
It turns out that the length limitations apply to all keytabs, not
just service keytabs. This change creates unique ids for hostnames
that exceed the AD length limit.
|
|
The account name for a service keytab cannot exceed 20 characters.
The routine that was generating a unique id incorrectly attempted to
perform an LDAP query. This change fixes that problem.
|
|
The account name for a service keytab cannot exceed 20 characters.
The routine that was generating a unique id incorrectly attempted to
perform an LDAP query. This change fixes that problem.
|
|
* Make sure userPrincipalName is created for all keytabs and use it to
search for entries in AD.
* Allow the creation of any service principal. This requires making
sure that the cn used to create AD entries for service accounts not
be any longer than 20 characters.
|
|
Correct a variable reference that was causing AD keytab creation to
fail. Update the debugging for shell command execution that makes
debugging more rebust and highlights problems.
|
|
* This ad-keytab is useful in the initial setup of AD as a keytab
store for wallet.
* Change configuration variables to correctly reflect that some values
are relative distinguished names.
* Add a configuration variable for the base distinguished name for
ActiveDirectory.
|
|
with multiple enctypes specified, only the last one will actually take effect. If you wish to provide support for more then one, you need to add the values (0x04 + 0x08 + 0x10 = 0x1C).
replacing the 3 lines with one line to enable all three. Note that the keytabs generated will have 3 line for each principal (one for each enctypes).
See msktutil man page for further details on enctypes.
|
|
|
|
The versions of all of the wallet Perl modules now match the overall
package version except for Wallet::Schema, which is used to version
the database schema.
Import the test from rra-c-util 5.10 and exclude Wallet::Schema from
the tests.
Go through all Perl modules and standardize the syntax for setting the
version and indicating the required version of Perl. Fix a few other
syntax issues while I'm in there.
|
|
|
|
Also remove some configuration checks that aren't required, and
unify handling of some configuration options.
|
|
|
|
The msktutil script does not always signal error conditions. This
change implements a check that examines the output from msktutil
and reports and error when the keytab creation fails to create
the keytab but does create a computer entry in the directory. If
an error is detected the directory entry is deleted leaving the
directory in a clean state.
Also, support has been added for output of debugging information
to syslog using the AD_DEBUG configuration variable.
Finally perltidy suggested changes were made to AD.pm.
|
|
This version implements Active Directory as the store for keytabs.
The interface to Active Directory uses a combination of direct LDAP
queries and the msktutil utility. This version does not support the
wallet unchanging flag. Unchanging requires that a keytab be
retrieved without changing the password/kvno which is not supported by
msktutil.
|
