[Heimdal-source-changes] [heimdal/heimdal] f74e2c: kx509: Create certs for principals with slashes

GitHub noreply at github.com
Ons Dec 4 20:18:44 CET 2013 

  Branch: refs/heads/heimdal-1-6-branch
  Home:   https://github.com/heimdal/heimdal
  Commit: f74e2c56f1a00c000c03424ee1551bbeeb2e4948
      https://github.com/heimdal/heimdal/commit/f74e2c56f1a00c000c03424ee1551bbeeb2e4948
  Author: James Lee <jlee at thestaticvoid.com>
  Date:   2013-12-04 (Wed, 04 Dec 2013)

  Changed paths:
    M kdc/kx509.c

  Log Message:
  -----------
  kx509: Create certs for principals with slashes

kx509 fails to create certs for principals with slashes in them.  For
example:

    client% kinit foo/admin
    foo/admin at EXAMPLE.COM's Password:
    client% kx509
    Timed out waiting on KCA

The KCA reports: "Principal is not a user."  However, there is a use
case set out in this post:

https://thestaticvoid.com/post/2012/10/25/protecting-puppet-with-kerberos/

that would create a kx509 cert for a host principal for authenticating
against a secure HTTP service.  This commit modifies the certificate
creation code to allow principals with slashes in them.


  Commit: 9239beffde6adbf2ab1b8075353c536f7649ff59
      https://github.com/heimdal/heimdal/commit/9239beffde6adbf2ab1b8075353c536f7649ff59
  Author: Jelmer Vernooij <jelmer at samba.org>
  Date:   2013-12-04 (Wed, 04 Dec 2013)

  Changed paths:
    M tools/Makefile.am
    A tools/heimdal-krb5.pc.in
    M tools/krb5.pc.in

  Log Message:
  -----------
  Add heimdal-krb5.pc file, with krb5.pc depending on it.

This makes it easier to install Heimdal and MIT kerberos on
the same system by just providing the heimdal-krb5.pc file;
the krb5.pc file is provided by both.

This is similar to what's done with heimdal-gssapi.pc/krb5-gssapi.pc.

Signed-off-by: Jelmer Vernooij <jelmer at samba.org>


  Commit: 348519cb1385e28a217d68de8f551682be9dc638
      https://github.com/heimdal/heimdal/commit/348519cb1385e28a217d68de8f551682be9dc638
  Author: Love Hörnquist Åstrand <lha at h5l.org>
  Date:   2013-12-04 (Wed, 04 Dec 2013)

  Changed paths:
    M tools/heimdal-krb5.pc.in

  Log Message:
  -----------
  spelling


  Commit: c303daaa68534ef2ac19c264453b82c07fd82231
      https://github.com/heimdal/heimdal/commit/c303daaa68534ef2ac19c264453b82c07fd82231
  Author: Love Hörnquist Åstrand <lha at h5l.org>
  Date:   2013-12-04 (Wed, 04 Dec 2013)

  Changed paths:
    M tools/heimdal-gssapi.pc.in

  Log Message:
  -----------
  use heimdal-krb5 instead of krb5 as dependency


Compare: https://github.com/heimdal/heimdal/compare/c4a060c3c7be...c303daaa6853

More information about the Heimdal-source-changes mailing list