• Russ Allbery's avatar
    Add support for ad_base_instance · 50c9870a
    Russ Allbery authored
    Add a new string krb5.conf option, ad_base_instance, which, if set,
    changes the way that password synchronization is handled.  When this
    option is set, the password for the principal formed by appending that
    instance to a base principal is propagated to Active Directory as the
    password for the base principal.  So, for instance, if this is set to
    the string "windows", the password of the principal "user/windows" is
    propagated to Active Directory as the password for the principal
    "user" and password changes for the principal "user" are ignored.
    This special behavior only happens if "user/windows" exists in the
    local Kerberos KDC database; if not, password propagation for the
    principal "user" happens normally, just as if this option weren't set.
    This allows the Active Directory principal to be treated as an
    instance rather than a main account for specific users without
    affecting behavior for other users.
    
    No regressions, but currently untested otherwise.
    50c9870a
Name
Last commit
Last update
..
asprintf.c Loading commit data...
dummy.c Loading commit data...
kadmin.h Loading commit data...
krb5-extra.c Loading commit data...
krb5-profile.c Loading commit data...
krb5.h Loading commit data...
macros.h Loading commit data...
snprintf.c Loading commit data...
stdbool.h Loading commit data...
strlcat.c Loading commit data...
strlcpy.c Loading commit data...
strndup.c Loading commit data...
system.h Loading commit data...