Difference between revisions of "Projects/Samba4 Port"
From K5Wiki
< Projects
(→Controversial proposed changes for the port) |
|||
| Line 172: | Line 172: | ||
== Samba's use of Heimdal symbols, with MIT differences == |
== Samba's use of Heimdal symbols, with MIT differences == |
||
| − | This table shows the 253 Heimdal symbols that Samba4 uses. |
||
| − | Definition summary: |
||
| + | [http://k5wiki.kerberos.org/wiki/Samba%27s_use_of_Heimdal_symbols%2C_with_MIT_differences Table of symbol differences] |
||
| − | <ol> |
||
| − | <li> 125 of these 265 Heimdal symbols are more-or-less compatible |
||
| − | with the corresponding MIT-krb versions having the same names. |
||
| − | </li> |
||
| − | <li> 111 of the 265 symbols don't appear in the MIT-krb source-tree. </li> |
||
| − | <li> 25 of the 265 symbols have conflicting definitions in Heimdal & MIT-krb. </li> |
||
| − | <li> 3 of the 265 symbols are MIT-krb names that Samba3 also uses. </li> |
||
| − | <li> 1 of the 265 symbols doesn't appear in the Heimdal tree, |
||
| − | but is a Samba3 kerberos-related name. |
||
| − | </li> |
||
| − | </ol> |
||
| − | Samba Usage summary |
||
| − | <ol> |
||
| − | <li> 179 of the 265 symbols get used in Samba4's auth subtree. </li> |
||
| − | <li> 75 of the 265 symbols get used in Samba4's kdc subtree. </li> |
||
| − | <li> 25 of the 265 symbols get used in other Samba subtrees. </li> |
||
| − | </ol> |
||
| − | Together, these 3 figures exceed 265, because many Heimdal symbols |
||
| − | get used in more than one Samba4 subtree. |
||
| − | |||
| − | Porting summary: |
||
| − | * "different" functions and struct-layouts are the biggest obstacles to the MIT port; |
||
| − | * "not MIT" isn't so straightforward as just porting or rewriting these functions, because MIT may have a similar (but hard-to-find) function with a different name; |
||
| − | * "not Heimdal" symbols should continue working for Samba4, insofar as they've worked before now; |
||
| − | * "same" & "same, almost" ought to be easiest, we hope. |
||
| − | |||
| − | Key to the table's "Similarity" column: |
||
| − | * '''same, almost''': Structs are near-identical; functions have the same arguments and similar implementations. |
||
| − | * '''same''': Structs are identical. None of these Heimdal functions are identical to MIT's versions. |
||
| − | * '''different''': Structs have different layouts, functions have different parameters and / or behavior. |
||
| − | * '''not MIT''': MIT's kerberos-tree lacks the symbol. |
||
| − | * '''not Heimdal''': Heimdal has a function-prototype, but no function definition. Some of these appear in the Samba3 tree. |
||
| − | |||
| − | Please note: |
||
| − | * This table has 5 columns and 265 rows, and works best if you maximize your screen; |
||
| − | * You can click any column's header, to sort the rows by that column's field-contents. |
||
| − | |||
| − | {| class="wikitable sortable" width="100%" border="1" style="border-collapse: collapse; border: 1px solid #dfdfdf;" |
||
| − | | bgcolor="#cc0000" |<font color="#ffffff">'''Symbol''' </font> |
||
| − | | bgcolor="#cc0000" |<font color="#ffffff">'''Similarity'''</font> |
||
| − | | bgcolor="#cc0000" |<font color="#ffffff">'''Type'''</font> |
||
| − | | bgcolor="#cc0000" |<font color="#ffffff">'''Heimdal location'''</font> |
||
| − | | bgcolor="#cc0000" |<font color="#ffffff">'''Samba4 referrers'''</font> |
||
| − | |||
| − | |- |
||
| − | | AP_OPTS_MUTUAL_REQUIRED |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | AP_OPTS_USE_SUBKEY |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | ChangePasswdDataMS{} |
||
| − | | not MIT |
||
| − | | typedef struct |
||
| − | | lib/asn1/krb5_asn1.h |
||
| − | | kdc/kpasswdd.c |
||
| − | |||
| − | |- |
||
| − | | Checksum{} |
||
| − | | not MIT |
||
| − | | typedef struct |
||
| − | | lib/asn1/krb5_asn1.h |
||
| − | | auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | CKSUMTYPE{} |
||
| − | | not MIT |
||
| − | | typedef enum |
||
| − | | lib/asn1/krb5_asn1.h |
||
| − | | auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | copy_Principal() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/asn1/asn1_Principal.c |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | credentials{} |
||
| − | | same, almost |
||
| − | | struct |
||
| − | | lib/krb5/lrb5-v4compat.h |
||
| − | | 88 files |
||
| − | |||
| − | |- |
||
| − | | decode_ChangePasswdDataMS() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/asn1/asn1_ChangePasswdDataMS.c |
||
| − | | kdc/kpasswdd.c |
||
| − | |||
| − | |- |
||
| − | | dns_lookup() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/roken/resolve.h |
||
| − | | libcli/resolve/dns_ex.c |
||
| − | |||
| − | |- |
||
| − | | dns_reply() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/roken/resolve.h |
||
| − | | libcli/resolve/dns_ex.c |
||
| − | |||
| − | |- |
||
| − | | dns_srv_order() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/roken/resolve.h |
||
| − | | libcli/resolve/dns_ex.c |
||
| − | |||
| − | |- |
||
| − | | ENCTYPE_AES128_CTS_HMAC_SHA1_96 |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | dsdb/samdb/ldb_modules/password_hash.c |
||
| − | |||
| − | |- |
||
| − | | ENCTYPE_AES256_CTS_HMAC_SHA1_96 |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | dsdb/samdb/ldb_modules/password_hash.c |
||
| − | |||
| − | |- |
||
| − | | ENCTYPE_ARCFOUR_HMAC_MD5 |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | ENCTYPE_ARCFOUR_HMAC |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | torture/auth/pac.c |
||
| − | |||
| − | |- |
||
| − | | ENCTYPE_DES_CBC_CRC |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | dsdb/samdb/ldb_modules/password_hash.c, kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | ENCTYPE_DES_CBC_MD5 |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | dsdb/samdb/ldb_modules/password_hash.c, kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | error_message() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/com_err/com_err.c |
||
| − | | 8 files |
||
| − | |||
| − | |- |
||
| − | | ETYPE_ARCFOUR_HMAC_MD5 |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/asn1/krb5_asn1.h |
||
| − | | auth/kerberos/kerberos_util.c, kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | free_ChangePasswdDataMS() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/asn1/asn1_ChangePasswdDataMS.c |
||
| − | | kdc/kpasswdd.c |
||
| − | |||
| − | |- |
||
| − | | free_Checksum() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/asn1/asn1_Checksum.c |
||
| − | | auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | free_hdb_entry() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/hdb/asn1_hdb_entry.c |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | free_Salt() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/hdb/asn1_Salt.c |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | gss_accept_sec_context() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_accept_sec_context.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_buffer_desc{} |
||
| − | | same |
||
| − | | typedef struct |
||
| − | | lib/gssapi/gssapi/gssapi.h |
||
| − | | auth/gensec/gensec_gssapi.c, auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | GSS_C_DCE_STYLE |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/gssapi/gssapi/gssapi.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | GSS_C_EMPTY_BUFFER |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/gssapi/gssapi/gssapi.h |
||
| − | | auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | GSS_C_GSS_CODE |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/gssapi/gssapi/gssapi.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | GSS_C_MECH_CODE |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/gssapi/gssapi/gssapi.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | GSS_C_NO_BUFFER |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/gssapi/gssapi/gssapi.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | GSS_C_NO_CHANNEL_BINDINGS |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/gssapi/gssapi/gssapi.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | GSS_C_NO_CONTEXT |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/gssapi/gssapi/gssapi.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | GSS_C_NO_CREDENTIAL |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/gssapi/gssapi/gssapi.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | GSS_C_NO_NAME |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/gssapi/gssapi/gssapi.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | GSS_C_NULL_OID |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/gssapi/gssapi/gssapi.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | GSS_C_NT_HOSTBASED_SERVICE |
||
| − | | different |
||
| − | | struct * |
||
| − | | lib/gssapi/krb5/external.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_cred_id_t{} |
||
| − | | same |
||
| − | | typedef struct |
||
| − | | lib/gssapi/gssapi/gssapi.h |
||
| − | | auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | gss_delete_sec_context() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_delete_sec_context.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_display_name() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_display_name.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_display_status() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_display_status.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_get_mic() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_get_mic.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_import_name() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_import_name.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_init_sec_context() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_init_sec_context.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_krb5_copy_ccache() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_krb5.c |
||
| − | | auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | GSS_KRB5_CRED_NO_CI_FLAGS_X |
||
| − | | not MIT |
||
| − | | struct * |
||
| − | | lib/gssapi/krb5/set_cred_option.c |
||
| − | | auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | gss_krb5_export_lucid_sec_context() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_krb5.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gsskrb5_extract_authz_data_from_sec_context() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_krb5.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_krb5_free_lucid_sec_context() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_krb5.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gsskrb5_get_subkey() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_krb5.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_krb5_import_cred() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_krb5.c |
||
| − | | auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | gsskrb5_send_to_kdc{} |
||
| − | | not MIT |
||
| − | | struct |
||
| − | | lib/gssapi/gssapi/gssapi_krb5.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_krb5_set_allowable_enctypes() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_krb5.c |
||
| − | | auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | gsskrb5_set_default_realm() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_krb5.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gsskrb5_set_dns_canonicalize() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_krb5.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gsskrb5_set_send_to_kdc() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_krb5.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_mech_krb5 |
||
| − | | different |
||
| − | | macro |
||
| − | | lib/gssapi/gssapi/gssapi_krb5.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_oid_equal() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_krb5.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_OID |
||
| − | | same |
||
| − | | typedef struct |
||
| − | | lib/gssapi/gssapi/gssapi.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_qop_t{} |
||
| − | | same |
||
| − | | typedef |
||
| − | | lib/gssapi/gssapi/gssapi_krb5.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_release_buffer() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_release_buffer.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_release_cred() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_release_cred.c |
||
| − | | auth/gensec/gensec_gssapi.c, auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | gss_release_name() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_release_name.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_set_cred_option() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_set_cred_option.c |
||
| − | | auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | gss_unwrap() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_unwrap.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_verify_mic() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_verify_mic.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_wrap() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_wrap.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | gss_wrap_size_limit() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/gssapi/mech/gss_wrap_size_limit.c |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | hdb_enctype2key() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/hdb/hdb.c |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | hdb_entry_ex{} |
||
| − | | not MIT |
||
| − | | typedef struct |
||
| − | | lib/hdb/hdb.h |
||
| − | | kdc/hdb-samba4.c, kdc/kdc.c, kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | hdb_free_entry |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/hdb/hdb.c |
||
| − | | kdc/hdb-samba4.c, kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | HDB_F_DECRYPT |
||
| − | | not MIT |
||
| − | | macro |
||
| − | | lib/hdb/hdb.h |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | hdb_fetch() |
||
| − | | not MIT |
||
| − | | function ptr |
||
| − | | lib/hdb/hdb.h |
||
| − | | kdc/hdb-samba4.c, kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | HDB_F_GET_CLIENT |
||
| − | | not MIT |
||
| − | | macro |
||
| − | | lib/hdb/hdb.h |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | HDB_F_GET_KRBTGT |
||
| − | | not MIT |
||
| − | | macro |
||
| − | | lib/hdb/hdb.h |
||
| − | | kdc/hdb-samba4.c, kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | HDB_F_GET_SERVER |
||
| − | | not MIT |
||
| − | | macro |
||
| − | | lib/hdb/hdb.h |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | HDBFlags{} |
||
| − | | not MIT |
||
| − | | typedef struct |
||
| − | | lib/hdb/hdb_asn1.h |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | HDB_INTERFACE_VERSION |
||
| − | | not MIT |
||
| − | | macro |
||
| − | | lib/hdb/hdb.h |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | hdb_kt_ops{} |
||
| − | | not MIT |
||
| − | | struct |
||
| − | | lib/hdb/keytab.c |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | HDB{} |
||
| − | | not MIT |
||
| − | | typedef struct |
||
| − | | lib/hdb/hdb.h |
||
| − | | kdc/hdb-samba4.c, kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | HostAddresses{} |
||
| − | | not MIT |
||
| − | | typedef struct |
||
| − | | lib/asn1/krb5_asn1.h |
||
| − | | kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | initialize_hdb_error_table_r() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/hdb/hdb_err.c |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | initialize_krb5_error_table() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/krb5_err.c |
||
| − | | auth/kerberos/krb5_init_context.c, kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | int2HDBFlags() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/hdb/asn1_HDBFlags.c |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | KDC_REQ |
||
| − | | not MIT |
||
| − | | macro |
||
| − | | lib/asn1/krb5_asn1.h |
||
| − | | kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | KerberosTime |
||
| − | | not MIT |
||
| − | | typedef |
||
| − | | lib/asn1/krb5_asn1.h |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | KEYTYPE_ARCFOUR_56 |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | KEYTYPE_ARCFOUR |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | KEYTYPE_DES3 |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | KEYTYPE_DES |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_ADDRESS_NETBIOS |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | krb5_address{} |
||
| − | | same |
||
| − | | typedef |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_add_et_list() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/add_et_list.c |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | krb5_addlog_func() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/log.c |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | krb5_ap_rep_enc_part{} |
||
| − | | same |
||
| − | | typedef struct |
||
| − | | /usr/include/krb5/krb5.h |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_auth_con_free() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/auth_context.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_auth_con_getlocalsubkey() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/auth_context.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_auth_con_getremotesubkey() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/auth_context.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_auth_con_init() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/auth_context.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_auth_con_setaddrs() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/auth_context.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_auth_con_setflags() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/auth_context.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_auth_con_setuserkey() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/auth_context.c |
||
| − | | see krb5_auth_con_setuseruserkey |
||
| − | |||
| − | |- |
||
| − | | krb5_auth_con_setuseruserkey |
||
| − | | not Heimdal |
||
| − | | function |
||
| − | | unknown |
||
| − | | see krb5_auth_con_setuserkey |
||
| − | |||
| − | |- |
||
| − | | KRB5_AUTH_CONTEXT_DO_SEQUENCE |
||
| − | | same |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_AUTHDATA_WIN2K_PAC |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/asn1/krb5_asn1.h |
||
| − | | auth/gensec/gensec_gssapi.c, auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_auth_context{} |
||
| − | | same |
||
| − | | typedef struct |
||
| − | | /usr/include/krb5/krb5.h |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_boolean |
||
| − | | same, almost |
||
| − | | typedef |
||
| − | | lib/krb5/krb5.h |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_CC_END |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_CC_NOTFOUND |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_ccache{} |
||
| − | | same, almost |
||
| − | | typedef struct * |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/kerberos/kerberos.c, auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_cc_close() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/cache.c |
||
| − | | auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_cc_default() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/cache.c |
||
| − | | auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_cc_destroy() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/cache.c |
||
| − | | auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_cc_get_principal() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/cache.c |
||
| − | | auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_cc_initialize() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/cache.c |
||
| − | | auth/kerberos/kerberos.c |
||
| − | |||
| − | |- |
||
| − | | krb5_cc_resolve() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/cache.c |
||
| − | | auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_cc_store_cred() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/cache.c |
||
| − | | auth/kerberos/kerberos.c |
||
| − | |||
| − | |- |
||
| − | | krb5_cksumtype_to_enctype() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/crypto.c |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | krb5_clear_error_string() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/error_string.c |
||
| − | | auth/kerberos/kerberos_pac.c, kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | krb5_closelog() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/log.c |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | krb5_const_principal |
||
| − | | same |
||
| − | | typedef struct * |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/kerberos/kerberos_pac.c, kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | krb5_context{} |
||
| − | | same, almost |
||
| − | | typedef struct * |
||
| − | | lib/krb5/krb5.h |
||
| − | | 16 files |
||
| − | |||
| − | |- |
||
| − | | krb5_copy_principal() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/principal.c |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | krb5_create_checksum() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/crypto.c |
||
| − | | auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | krb5_creds{} |
||
| − | | different |
||
| − | | typedef struct |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/kerberos/kerberos.c |
||
| − | |||
| − | |- |
||
| − | | krb5_crypto |
||
| − | | not MIT |
||
| − | | typedef struct * |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | krb5_crypto_destroy() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/crypto.c |
||
| − | | auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | krb5_crypto_init() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/crypto.c |
||
| − | | auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | krb5_data{} |
||
| − | | different |
||
| − | | typedef struct |
||
| − | | /usr/include/krb5/krb5.h |
||
| − | | 9 files |
||
| − | |||
| − | |- |
||
| − | | krb5_data_copy() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/data.c |
||
| − | | auth/kerberos/krb5_init_context.c, kdc/hdb-samba4.c, kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | krb5_data_free() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/data.c |
||
| − | | 6 files |
||
| − | |||
| − | |- |
||
| − | | krb5_data_zero() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/data.c |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | krb5_dh_moduli{} |
||
| − | | not MIT |
||
| − | | struct |
||
| − | | lib/krb5/krb5_locl.h |
||
| − | | kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | krb5_encrypt_block{} |
||
| − | | same |
||
| − | | typedef struct |
||
| − | | /usr/include/krb5/krb5.h |
||
| − | | auth/kerberos/clikrb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_enctype |
||
| − | | same, almost |
||
| − | | typedef |
||
| − | | lib/krb5/krb5.h |
||
| − | | 4 files |
||
| − | |||
| − | |- |
||
| − | | krb5_error_code |
||
| − | | same |
||
| − | | typedef |
||
| − | | lib/krb5/krb5.h |
||
| − | | 15 files |
||
| − | |||
| − | |- |
||
| − | | KRB5_FCC_NOFILE |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_flags |
||
| − | | same, almost |
||
| − | | typedef |
||
| − | | /usr/include/krb5/krb5.h |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_free_ap_rep_enc_part() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/rd_rep.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_free_config_files() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/context.c |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | krb5_free_context() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/context.c |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | krb5_free_cred_contents() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/creds.c |
||
| − | | auth/kerberos/kerberos.c |
||
| − | |||
| − | |- |
||
| − | | krb5_free_error_string() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/error_string.c |
||
| − | | auth/kerberos/clikrb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_free_keyblock_contents() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/keyblock.c |
||
| − | | dsdb/samdb/ldb_modules/password_hash.c, torture/auth/pac.c, auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_free_keyblock() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/keyblock.c |
||
| − | | auth/gensec/gensec_gssapi.c, auth/gensec/gensec_krb5.c, auth/kerberos/kerberos_heimdal.c |
||
| − | |||
| − | |- |
||
| − | | krb5_free_keytab_entry_contents() |
||
| − | | not Heimdal |
||
| − | | function |
||
| − | | lib/krb5/keyblock.c |
||
| − | | auth/kerberos/clikrb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_free_principal() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/principal.c |
||
| − | | 8 files |
||
| − | |||
| − | |- |
||
| − | | krb5_free_salt() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/crypto.c |
||
| − | | dsdb/samdb/ldb_modules/password_hash.c, auth/kerberos/clikrb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_free_ticket() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/ticket.c |
||
| − | | auth/gensec/gensec_krb5.c, auth/kerberos/kerberos_heimdal.c |
||
| − | |||
| − | |- |
||
| − | | krb5_get_default_in_tkt_etypes() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/context.c |
||
| − | | auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_get_default_realm() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/get_default_realm.c |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | krb5_get_error_string() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/error_string.c |
||
| − | | auth/kerberos/clikrb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_get_init_creds_keyblock() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/init_creds_pw.c |
||
| − | | auth/kerberos/kerberos.c |
||
| − | |||
| − | |- |
||
| − | | krb5_get_init_creds_opt{} |
||
| − | | different |
||
| − | | typedef struct |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/kerberos/kerberos.c |
||
| − | |||
| − | |- |
||
| − | | krb5_get_init_creds_opt_init() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/init_creds.c |
||
| − | | auth/kerberos/kerberos.c |
||
| − | |||
| − | |- |
||
| − | | krb5_get_init_creds_opt_set_default_flags() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/init_creds.c |
||
| − | | auth/kerberos/kerberos.c |
||
| − | |||
| − | |- |
||
| − | | krb5_get_init_creds_password() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/init_creds_pw.c |
||
| − | | auth/kerberos/kerberos.c |
||
| − | |||
| − | |- |
||
| − | | krb5_get_max_time_skew() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/context.c |
||
| − | | rpc_server/lsa/dcesrv_lsa.c |
||
| − | |||
| − | |- |
||
| − | | krb5_get_pw_salt() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/crypto.c |
||
| − | | dsdb/samdb/ldb_modules/password_hash.c, auth/kerberos/clikrb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_init_context() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/context.c |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | krb5_initlog() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/log.c |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kdc_get_config() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | kdc/default_config.c |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kdc_process_krb5_request() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | kdc/process.c |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kdc_update_time() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | kdc/process.c |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kdc_windc_init() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | kdc/windc.c |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | krb5_keyblock{} |
||
| − | | same |
||
| − | | typedef struct |
||
| − | | /usr/include/krb5/krb5.h |
||
| − | | 8 files |
||
| − | |||
| − | |- |
||
| − | | krb5_keyblock_init() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/keyblock.c |
||
| − | | torture/auth/pac.c, auth/kerberos/kerberos_util.c, kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | krb5_keytab_entry{} |
||
| − | | same |
||
| − | | typedef struct |
||
| − | | /usr/include/krb5/krb5.h |
||
| − | | auth/kerberos/clikrb5.c, auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_keytab{} |
||
| − | | same |
||
| − | | typedef struct * |
||
| − | | /usr/include/krb5/krb5.h |
||
| − | | auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KDCREP_SKEW |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | auth/gensec/gensec_krb5.c, auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KDC_UNREACH |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | auth/gensec/gensec_krb5.c, auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KPASSWD_ACCESSDENIED |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/krb5/krb5.h |
||
| − | | kdc/kpasswdd.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KPASSWD_BAD_VERSION |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/krb5/krb5.h |
||
| − | | kdc/kpasswdd.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KPASSWD_HARDERROR |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/krb5/krb5.h |
||
| − | | kdc/kpasswdd.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KPASSWD_MALFORMED |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/krb5/krb5.h |
||
| − | | kdc/kpasswdd.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KPASSWD_SOFTERROR |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/krb5/krb5.h |
||
| − | | kdc/kpasswdd.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KPASSWD_SUCCESS |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/krb5/krb5.h |
||
| − | | kdc/kpasswdd.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KPASSWD_VERS_CHANGEPW |
||
| − | | not MIT |
||
| − | | macro |
||
| − | | lib/krb5/krb5.h |
||
| − | | kdc/kpasswdd.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KPASSWD_VERS_SETPW |
||
| − | | not MIT |
||
| − | | macro |
||
| − | | lib/krb5/krb5.h |
||
| − | | kdc/kpasswdd.c |
||
| − | |||
| − | |- |
||
| − | | _krb5_krb_auth_data |
||
| − | | not MIT |
||
| − | | struct |
||
| − | | lib/krb5/krb5-v4compat.h |
||
| − | | kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | krb5_krbhst_get_addrinfo() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/krbhst.c |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KRBHST_HTTP |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | krb5_krbhst_info{} |
||
| − | | not MIT |
||
| − | | typedef struct |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KRBHST_TCP |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KRBHST_UDP |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kt_add_entry() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/keytab.c |
||
| − | | auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kt_close() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/keytab.c |
||
| − | | auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kt_compare() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/keytab.c |
||
| − | | auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kt_cursor{} |
||
| − | | different |
||
| − | | typedef struct |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kt_end_seq_get() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/keytab.c |
||
| − | | auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kt_free_entry() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/keytab.c |
||
| − | | auth/kerberos/clikrb5.c, auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kt_next_entry() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/keytab.c |
||
| − | | auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kt_register() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/keytab.c |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kt_remove_entry() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/keytab.c |
||
| − | | auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kt_resolve() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/keytab.c |
||
| − | | auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_kt_start_seq_get() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/keytab.c |
||
| − | | auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KT_END |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_KU_OTHER_CKSU |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | krb5_make_principal() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/principal.c |
||
| − | | 4 functions |
||
| − | |||
| − | |- |
||
| − | | krb5_mk_error() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/mk_error.c |
||
| − | | kdc/kpasswdd.c |
||
| − | |||
| − | |- |
||
| − | | krb5_mk_priv() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/mk_priv.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_mk_req() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/mk_req.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_mk_req_exact() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/mk_req.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_pac |
||
| − | | not MIT |
||
| − | | typedef struct * |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/kerberos/kerberos_pac.c, kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | krb5_pac_add_buffer() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/pac.c |
||
| − | | kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | krb5_pac_free() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/pac.c |
||
| − | | auth/kerberos/kerberos_pac.c, kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | krb5_pac_get_buffer() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/pac.c |
||
| − | | auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | krb5_pac_init() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/pac.c |
||
| − | | kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | krb5_pac_parse() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/pac.c |
||
| − | | auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_PADATA_PW_SALT |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/asn1/krb5_asn1.h |
||
| − | | kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_PARSE_MALFORMED |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | krb5_parse_name() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/principal.c |
||
| − | | dsdb/samdb/cracknames.c, torture/auth/pac.c, auth/gensec/gensec_krb5.c, auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_parse_name_flags() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/principal.c |
||
| − | | dsdb/samdb/cracknames.c, torture/auth/pac.c, auth/kerberos/kerberos_pac.c, |
||
| − | |||
| − | |- |
||
| − | | krb5_plugin_register() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/plugin.c |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | krb5_prepend_config_files_default() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/context.c |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | krb5_principal2salt() |
||
| − | | not Heimdal |
||
| − | | function |
||
| − | | /usr/include/krb5/krb5.h |
||
| − | | auth/kerberos/clikrb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_principal_compare_any_realm() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/principal.c |
||
| − | | auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | krb5_principal_get_realm() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/principal.c |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | _krb5_principalname2krb5_principal() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/asn1_glue.c |
||
| − | | kdc/kpasswdd.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_PRINCIPAL_PARSE_MUST_REALM |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | dsdb/samdb/cracknames.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_PRINCIPAL_PARSE_NO_REALM |
||
| − | | same, almost |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | dsdb/samdb/cracknames.c, torture/auth/pac.c, auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | krb5_principal |
||
| − | | different |
||
| − | | typedef struct * |
||
| − | | lib/krb5/krb5.h |
||
| − | | 12 files |
||
| − | |||
| − | |- |
||
| − | | KRB5_PRINCIPAL_UNPARSE_NO_REALM |
||
| − | | same, almost |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | dsdb/samdb/cracknames.c, auth/kerberos/kerberos_pac.c, kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | krb5_princ_realm() |
||
| − | | same, almost |
||
| − | | macro |
||
| − | | lib/krb5/principal.c |
||
| − | | dsdb/samdb/cracknames.c, auth/credentials/credentials_krb5.c, kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | krb5_princ_set_realm() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/principal.c |
||
| − | | auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | krb5_rd_priv() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/rd_priv.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_rd_rep() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/rd_rep.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_replay_data{} |
||
| − | | same, almost |
||
| − | | typedef struct |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_salt{} |
||
| − | | not MIT |
||
| − | | typedef struct |
||
| − | | lib/krb5/krb5.h |
||
| − | | dsdb/samdb/ldb_modules/password_hash.c, auth/kerberos/clikrb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_set_config_files() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/context.c |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | krb5_set_default_realm() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/set_default_realm.c |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | krb5_set_dns_canonicalize_hostname() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/context.c |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | krb5_set_error_string() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/context.c |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | krb5_set_real_time() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/time.c |
||
| − | | auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_set_send_to_kdc_func() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/send_to_kdc.c |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | krb5_set_warn_dest |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/send_to_kdc.c |
||
| − | | auth/kerberos/krb5_init_context.c |
||
| − | |||
| − | |- |
||
| − | | krb5_sockaddr2address() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/addr_families.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_string_to_enctype() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/crypto.c |
||
| − | | auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | krb5_string_to_key() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/crypto.c |
||
| − | | auth/kerberos/clikrb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_string_to_key_data_salt() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/crypto.c |
||
| − | | libnet/libnet_become_dc.c |
||
| − | |||
| − | |- |
||
| − | | krb5_string_to_key_salt() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/crypto.c |
||
| − | | auth/kerberos/clikrb5.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_TGS_NAME |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/krb5.h |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | krb5_ticket{} |
||
| − | | different |
||
| − | | typedef struct |
||
| − | | lib/krb5/krb5.h |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_ticket_get_authorization_data_type() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/ticket.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_ticket_get_client() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/ticket.c |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_unparse_name() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/principal.c |
||
| − | | 6 files |
||
| − | |||
| − | |- |
||
| − | | krb5_unparse_name_flags() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/principal.c |
||
| − | | dsdb/samdb/cracknames.c, auth/kerberos/kerberos_pac.c, kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | krb5_use_enctype() |
||
| − | | not Heimdal |
||
| − | | function |
||
| − | | /usr/include/krb5/krb5.h |
||
| − | | auth/kerberos/clikrb5.c |
||
| − | |||
| − | |- |
||
| − | | krb5_verify_checksum() |
||
| − | | same, almost |
||
| − | | function |
||
| − | | lib/krb5/crypto.c |
||
| − | | auth/kerberos/kerberos_pac.c |
||
| − | |||
| − | |- |
||
| − | | krb5_warnx() |
||
| − | | not MIT |
||
| − | | function |
||
| − | | lib/krb5/warn.c |
||
| − | | kdc/hdb-samba4.c |
||
| − | |||
| − | |- |
||
| − | | krb5_xfree() |
||
| − | | different |
||
| − | | function |
||
| − | | lib/krb5/free.c |
||
| − | | auth/credentials/credentials_krb5.c |
||
| − | |||
| − | |- |
||
| − | | KRB5_WINDC_PLUGING_MINOR |
||
| − | | not MIT |
||
| − | | macro |
||
| − | | kdc/windc_plugin.h |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | KRB5KDC_ERR_CLIENT_REVOKED |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | KRB5KDC_ERR_KEY_EXPIRED |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | KRB5KDC_ERR_POLICY |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | KRB5KDC_ERR_PREAUTH_FAILED |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | auth/gensec/gensec_gssapi.c, auth/gensec/gensec_krb5.c, auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | auth/gensec/gensec_gssapi.c, auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | KRB5KRB_AP_ERR_MSG_TYPE |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | KRB5KRB_AP_ERR_SKEW |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | auth/gensec/gensec_krb5.c, auth/kerberos/kerberos_util.c |
||
| − | |||
| − | |- |
||
| − | | KRB5KRB_AP_ERR_TKT_EXPIRED |
||
| − | | same value |
||
| − | | enum |
||
| − | | lib/krb5/krb5_err.h |
||
| − | | auth/gensec/gensec_krb5.c |
||
| − | |||
| − | |- |
||
| − | | OM_uint32 |
||
| − | | same, almost |
||
| − | | typedef |
||
| − | | lib/gssapi/gssapi/gssapi.h |
||
| − | | auth/credentials/credentials_krb5.c, auth/gensec/gensec_gssapi.c |
||
| − | |||
| − | |- |
||
| − | | PA_DATA |
||
| − | | not MIT |
||
| − | | typedef struct |
||
| − | | lib/asn1/krb5_asn1.h |
||
| − | | kdc/pac-glue.c |
||
| − | |||
| − | |- |
||
| − | | PLUGIN_TYPE_DATA |
||
| − | | not MIT |
||
| − | | enum |
||
| − | | lib/krb5/krb5.h |
||
| − | | kdc/kdc.c |
||
| − | |||
| − | |- |
||
| − | | Principal{} |
||
| − | | not MIT |
||
| − | | typedef struct |
||
| − | | lib/asn1/krb5_asn1.h |
||
| − | | dsdb/samdb/ldb_modules/password_hash.c |
||
| − | |||
| − | |- |
||
| − | | resource_record{} |
||
| − | | not MIT |
||
| − | | struct |
||
| − | | lib/roken/resolve.h |
||
| − | | libcli/resolve/dns_ex.c |
||
| − | |||
| − | |- |
||
| − | | SHA256_DIGEST_LENGTH |
||
| − | | same value |
||
| − | | macro |
||
| − | | lib/hcrypto/sha.h |
||
| − | | libcli/smb2/signing.c |
||
| − | |||
| − | |} |
||
| − | |||
| − | ---- |
||
Revision as of 11:39, 31 August 2009
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.
Introduction
Samba4 aims to provide a complete OSS replacement for Active Directory. Samba4, like earlier versions of Samba, uses Heimdal Kerberos. The Samba4 Port project proposes to enable Samba4 to use MIT kerberos as an alternative. The near-term goal is that mixed krb5+AD deployments could use Samba4 to provide better interoperation between AD realms and MIT-krb5 realms.
Use case: For example, suppose a kerberos customer is deploying a network with mixed operating systems using kerberos and would want to use one KDC for all of them. In this case, a single MIT Kerberos deployment should be able to support both traditonal UNIX clients and servers, intermixed with Windows clients and Samba servers:
- The Windows clients should be able to use the MIT KDC(s) as AD servers, so as to authenticate themselves to Samba file-servers and to Windows servers;
- A Windows client's tickets will carry PACs, as usual for AD;
- The UNIX clients should be able to access the KDC as a traditional non-AD-style KDC, so as to access UNIX services securely;
- A UNIX client's ticket will not carry a PAC, except when the UNIX client accesses a Windows server.
The Samba4 team, the MIT Krb Consortium, RedHat, Ubuntu, and Sun all have
shown some interest in this Samba4 Port project.
Key to the asterisks in the Table of Contents
- No asterisks: Work that needs to be done.
- *: Some work to be done, some already done.
- **: Nothing much to do.
- ***: Can be done later, if at all.
Concise to-do list
This is a condensed version of the task-list offered by Samba4's Andrew Bartlett, containing only what hasn't yet been done already by MIT.
The two big chunks of work are LDAP Driver and Replacing / improving MIT's DAL, but the DAL work may not be needed.
Replace the MIT KDC's LDAP driver
Samba4's LDAP driver for the MIT KDB needs to know how to do AD's intricate naming:
- Canonicalization of server names, user-names, and realm names. MIT 1.7 already supports canonicalization.
- AD-style aliases for HOST/ service names.
- Implicit names for Win2k accounts.
- Principal "types": client / server / krbtgs
- Flexible server-naming
- Keytabs & name-canonicalization
Most or all of Heimdal's LDAP driver code is in three Samba4 source files, ~1000 lines in all.
Small changes
Of the things on this list, only NTLM support (bullet 2) is needed for the Samba4 KDC port. The other tasks are all application-library stuff, and arguably aren't needed at all, because Samba3 already works well with MIT application libraries.
- MIT library changes
- Samba4/AD libraries: NTLM support
- Key-handling changes]
- Extra Krb library functions
- Error-handling, logging, testing
Use 1.7's AD-support features
This stuff should already just work:
- PAC handling;
- AD-style name canonicalization;
- NT-ENTERPRISE names, which carry two realm-suffixes;
- CHECK_POLICY/AUDIT methods (needed for TGS access-control);
- DCE_STYLE Challenge/Response handshakes: see Krb lib & GSSAPI.
- Accept legacy Samba3 clients' bad GSSAPI checksums;
- Principal-manipulation functions;
- State-machine safety;
Controversial proposed changes for the port
Maybe: Improve or replace MIT's DAL
Rewrite the MIT KDC's Data-Abstraction Layer (DAL), mostly because the MIT KDC needs to see & manipulate more LDAP detail, on Samba4's behalf;
** Maybe not: Add a KDC-as-library API
Samba4 currently runs as a single process, and Samba4 invokes the Heimdal KDC via a libkdc interface (KDC as library).
- Andrew Bartlett says this libkdc interface is "nice to have", but not essential.
- Tom Yu says adding a libkdc interface to MIT's code would be a lot of work, but would tie naturally into code-cleanup work that MIT wants to do, anyway.
- If we build a libkdc interface for MIT's KDC, Samba4 will need the KDC to use Samba's socket library correctly.
*** Later: TGS access-control
MIT krb will need to support these AD features, once Samba4 does. Alternatively, this could be seen as an opportunity for MIT-based Samba4 to surpass Heimdal-based Samba.
- Add HBAC to the TGS,
so that Samba4 can refuse TGTs to kinit,
based on time-of-day & IP-addr constraints;
- DTD: This is natural; the TGS should enforce its own access-control, as all other services do.
- TGS-HBAC is part of the rationale for rewriting the DAL.
- Failed-kinit counts: Add a KDC heuristic for tracking intervals between kinits, so that Samba4 can enforce AD's unified account-lockout on kinit. Samba4 already does lockouts for other PW-based authentication methods (NTLM, LDAP simple bind, etc).
