Andrew Bartlett [Wed, 5 Sep 2018 02:04:44 +0000 (14:04 +1200)]
lorikeet-heimdal: apply_heimdal: Try harder to apply patches from Samba
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 5 Sep 2018 01:57:35 +0000 (13:57 +1200)]
lorikeet-heimdal: apply_heimdal: Only show the Heimdal part of the patch to cherry-pick
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 5 Sep 2018 01:45:04 +0000 (13:45 +1200)]
lorikeet-heimdal: Include Samba commit in cherry-picked patches
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 21 Feb 2014 02:58:20 +0000 (15:58 +1300)]
lorikeet-heimdal: improve apply_heimdal.sh
Andrew Bartlett [Wed, 19 Feb 2014 09:06:57 +0000 (22:06 +1300)]
lorikeet-heimdal: specify hash to heimdal import, rather than using the date
Jelmer Vernooij [Fri, 26 Oct 2012 14:34:47 +0000 (06:34 -0800)]
lorikeet-heimdal: rebase-lorikeet: Explicitly use bash.
Standard sh doesn't have pushd/popd.
Andrew Tridgell [Wed, 1 Dec 2010 02:00:08 +0000 (13:00 +1100)]
lorikeet-heimdal: Add a new script to help merging patches from Samba4 to heimdal
Stefan Metzmacher [Thu, 14 Jul 2011 14:24:37 +0000 (16:24 +0200)]
lorikeet-heimdal: improve import-lorikeet.sh for the toplevel build
metze
Andrew Bartlett [Tue, 30 Nov 2010 23:54:49 +0000 (10:54 +1100)]
lorikeet-heimdal: Improve the heimdal import scripts
Stefan Metzmacher [Fri, 27 Mar 2009 06:31:11 +0000 (07:31 +0100)]
lorikeet-heimdal: add scipts to rebase and import the latest version into samba4
If you use this scripts, read them! :-)
metze
[abartlet@samba.org Removed lexyacc build step as this is no longer required
in Samba, which builds the files at compile time]
Stefan Metzmacher [Fri, 22 Aug 2008 09:57:06 +0000 (11:57 +0200)]
lorikeet-heimdal: add HEIMDAL-LICENCE.txt
metze
Stefan Metzmacher [Fri, 22 Aug 2008 09:43:50 +0000 (11:43 +0200)]
lorikeet-heimdal: camellia-ntt GPLv2+ license
metze
Stefan Metzmacher [Fri, 22 Aug 2008 09:42:21 +0000 (11:42 +0200)]
lorikeet-heimdal: autogen.sh modifications
metze
Andrew Sim [Sat, 10 Jun 2023 07:00:24 +0000 (09:00 +0200)]
Use perl module JSON:PP, part of core, instead of JSON package
This patch removes the need for an external package.
Ported from
https://github.com/openwrt/packages/blob/master/net/samba4/patches/105-perl-json-pp.patch
https://github.com/openwrt/packages/commit/
402f4ba4eff65b80a9deaa6085256112bec4d67b#diff-
208d4e0345c9d29fbec23d6f655ba794afd3052f5cb8dd73944db72ce81b847b
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Nicolas Williams [Mon, 5 Jun 2023 03:55:54 +0000 (22:55 -0500)]
kdc: Add global disable_pac config param
Nicolas Williams [Mon, 5 Jun 2023 03:55:28 +0000 (22:55 -0500)]
httpkadmind: Add auth-data-reqd attribute
Nicolas Williams [Mon, 5 Jun 2023 03:55:13 +0000 (22:55 -0500)]
kadmin: Add auth-data-reqd attribute
Nicolas Williams [Mon, 5 Jun 2023 03:54:28 +0000 (22:54 -0500)]
kadm5: Add KRB5_KDB_AUTH_DATA_REQUIRED attribute
Nicolas Williams [Mon, 5 Jun 2023 03:54:03 +0000 (22:54 -0500)]
hdb: Add auth-data-reqd flag
Nicolas Williams [Thu, 18 May 2023 02:17:13 +0000 (21:17 -0500)]
kdc: Honor no-auth-data-reqd on cross-real TGTs
Nowadays we use PACs instead of AD-SIGNEDPATH, so we want a PAC on every
TGT, but we don't necessarily want PACs on cross-realm TGTs.
Specifically, we don't interop well yet with AD when issuing cross-realm
TGTs with AD realms as the destination realm (see #1091).
Taylor R Campbell [Wed, 21 Jun 2023 23:08:32 +0000 (23:08 +0000)]
Makefile.am: Set AM_YFLAGS and AM_LFLAGS, not YFLAGS or LFLAGS.
YFLAGS and LFLAGS are reserved for the user to set, not for makefiles
to set:
https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
fix https://github.com/heimdal/heimdal/issues/1171
Taylor R Campbell [Thu, 25 May 2023 23:07:13 +0000 (23:07 +0000)]
Pass -d to yacc(1) so it generates the header file.
Bison must generate this unsolicited, but BSD yacc does not.
The makefiles for lib/com_err and lib/sl already did this; this
change just adds it to lib/asn1 and lib/hx509 too.
fix https://github.com/heimdal/heimdal/issues/1100
Taylor R Campbell [Wed, 21 Jun 2023 01:54:46 +0000 (01:54 +0000)]
kinit: Update SecKeychainFindGenericPassword to SecItemCopyMatching.
Tested on macOS Venture 13.4. Not sure if this requires some
compatibility ifdefs for older macOS.
fix https://github.com/heimdal/heimdal/issues/1168
Taylor R Campbell [Sat, 27 May 2023 10:36:35 +0000 (10:36 +0000)]
hdb/hdb-mitdb: Nix unused variable key_data in mdb_seq.
key_data is unused. Presumably this was copypasta from DB_seq in
hdb/db.c, where it is used for the Heimdal database format in which
the value may be missing a principal but it can be recovered from the
key. In contrast, the mit-krb5 format appears to always store the
principal in the value and _hdb_mdb_value2entry always retrieves it,
with no need for a key2principal fallback.
fix https://github.com/heimdal/heimdal/issues/1102
Taylor R Campbell [Fri, 26 May 2023 02:02:53 +0000 (02:02 +0000)]
gssmask: Use asprintf to avoid having to think about max uname.
This way there is no truncation and no build failure due to
-Werror=format-truncation as is the default in some compilers, such
as gcc7.4 with -Wall -Werror.
This is presumably not space-constrained or performance-critical; the
very next thing it does is another asprintf and frees it immediately.
And uname is not usually under any adversary's control.
fix https://github.com/heimdal/heimdal/issues/1105
Joseph Sutton [Mon, 12 Jun 2023 04:20:06 +0000 (16:20 +1200)]
kdc: Overwrite ‘error_code’ only if we have an actual error
‘r->error_code’ might have been set earlier, and we don’t want to
overwrite it with a successful error code.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Wed, 7 Jun 2023 04:21:37 +0000 (16:21 +1200)]
kdc: Ensure that we emit a non-zero error code
If ‘r->error_code’ was zero, we would turn it into an ERR_GENERIC error
and return that to the client. Now we return the actual error code
instead.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Tue, 9 May 2023 23:11:14 +0000 (11:11 +1200)]
kdc: Fix discarded qualifiers warning
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Thu, 27 Apr 2023 01:11:40 +0000 (13:11 +1200)]
kdc: Don’t abort if krb5_generate_random_keyblock() fails
There are a few reasons that this function could fail (e.g., failure to
allocate memory) besides random number generation being unavailable. No
other caller abort()s on failure like this.
Furthermore, krb5_generate_random_block(), which is called by
krb5_generate_random_keyblock(), already aborts if random generation
fails.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Wed, 26 Apr 2023 05:01:05 +0000 (17:01 +1200)]
kdc: Fix missing space in log messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Wed, 26 Apr 2023 04:55:34 +0000 (16:55 +1200)]
kdc: Remove trailing space from log message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Tue, 25 Apr 2023 23:52:21 +0000 (11:52 +1200)]
kdc: Remove trailing space from log message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Mon, 9 Jan 2023 03:31:48 +0000 (16:31 +1300)]
krb5: Return appropriate error code
Joseph Sutton [Wed, 14 Dec 2022 01:28:08 +0000 (14:28 +1300)]
kdc: Fix log message typo
Joseph Sutton [Fri, 23 Sep 2022 04:58:36 +0000 (16:58 +1200)]
third_party/heimdal: Fix deprecation messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Siva Mahadevan [Mon, 19 Jun 2023 18:36:55 +0000 (14:36 -0400)]
kadmin/check: move error messages to stderr
This helps with certain automation tools, such as ansible, that usually
expect failure to be visible in stderr.
Other minor changes:
* replace "doesn't" with "does not" to keep messages consistent and
avoid escaping quotes in grep, etc.
* add newlines
Robert Manner [Wed, 11 Jan 2023 15:24:23 +0000 (16:24 +0100)]
hx509/hxtool.c: ensure parse_bytes() result does not overflow
Robert Manner [Fri, 18 Nov 2022 13:49:37 +0000 (14:49 +0100)]
asn1/check-gen.c: disable some non working bignum tests on 32 bit systems
Robert Manner [Wed, 11 Jan 2023 15:02:23 +0000 (16:02 +0100)]
kcm,kdc/config.c: detect too big max_request sizes (>= 64 MB)
Robert Manner [Tue, 8 Nov 2022 13:47:40 +0000 (14:47 +0100)]
roken/parse_bytes: fix test for >= terabyte units on 32 bit systems
On 32 bit systems, sizeof(ssize_t) and sizeof(unsigned long aka UL) is
32 bits which is not able to hold the value of a terabyte.
Taylor R Campbell [Sun, 28 May 2023 20:34:34 +0000 (20:34 +0000)]
krb5: Make heimdal_version and heimdal_long_version const.
Pretty sure it is not useful for applications to be able to write to
this.
However, caveat: this could break programs that expect to pass around
&heimdal_version or &heimdal_long_version to functions that expect
pointers to non-const objects even if they don't modify them.
Taylor R Campbell [Sun, 28 May 2023 21:13:55 +0000 (21:13 +0000)]
com_err: Constify xyz_error_strings arrays.
Note: This changes the types of public symbols. It is unlikely that
any applications would rightly _write_ to these arrays, but it is
possible they might require some UNCONST in order to pass the
pointers to other functions that are missing const qualifiers.
Taylor R Campbell [Sun, 28 May 2023 19:06:40 +0000 (19:06 +0000)]
krb5/constants.c: Make some constants constant.
This changes the public header file but I doubt it was ever intended
that applications could change these by writing to them. (Not sure
why they're not declared as const arrays in any case.)
Taylor R Campbell [Sun, 28 May 2023 21:11:56 +0000 (21:11 +0000)]
ipc/client.c: Make never-modified global ipcstable const.
Taylor R Campbell [Sun, 28 May 2023 21:11:36 +0000 (21:11 +0000)]
krb5/send_to_kdc.c: Constify plugin stuff.
Taylor R Campbell [Sun, 28 May 2023 21:11:26 +0000 (21:11 +0000)]
krb5/pcache.c: Constify plugin stuff.
Taylor R Campbell [Sun, 28 May 2023 21:11:14 +0000 (21:11 +0000)]
krb5/kuserok.c: Constify plugin stuff.
Taylor R Campbell [Sun, 28 May 2023 21:10:45 +0000 (21:10 +0000)]
krb5/krbhst.c: Constify plugin stuff.
Taylor R Campbell [Sun, 28 May 2023 21:10:32 +0000 (21:10 +0000)]
krb5/db_plugin.c: Constify plugin stuff.
Taylor R Campbell [Sun, 28 May 2023 21:07:25 +0000 (21:07 +0000)]
krb5/aname_to_localname.c: Constify plugin stuff.
Taylor R Campbell [Sun, 28 May 2023 21:05:50 +0000 (21:05 +0000)]
krb5/plugin.c: Constify.
Taylor R Campbell [Sun, 28 May 2023 21:00:15 +0000 (21:00 +0000)]
base/plugin.c: Constify.
As a bonus, eliminate an unnecessary rk_UNCONST.
Taylor R Campbell [Sun, 28 May 2023 20:29:48 +0000 (20:29 +0000)]
krb5/send_to_kdc.c: Sprinkle const on global data never changed.
Taylor R Campbell [Sun, 28 May 2023 20:27:14 +0000 (20:27 +0000)]
libkrb5, libkdc: Constify salted s2k default iterator counts.
These externs should really be in a .h file shared by definition and
usage sites so the C compiler can verify that they match.
Taylor R Campbell [Sun, 28 May 2023 20:24:53 +0000 (20:24 +0000)]
krb/pac.c: Sprinkle const on global data never changed.
Taylor R Campbell [Sun, 28 May 2023 20:17:11 +0000 (20:17 +0000)]
krb5/init_creds_pw.c: Sprinkle const on global data not changed.
Taylor R Campbell [Sun, 28 May 2023 19:51:02 +0000 (19:51 +0000)]
krb5/get_in_tkt.c: Sprinkle const on global data never changed.
Taylor R Campbell [Sun, 28 May 2023 19:47:39 +0000 (19:47 +0000)]
krb5/get_host_realm.c: Sprinkle const on global data never changed.
Taylor R Campbell [Sun, 28 May 2023 19:13:12 +0000 (19:13 +0000)]
krb5/context.c: Sprinkle const for global data never changed.
Taylor R Campbell [Sun, 28 May 2023 19:10:27 +0000 (19:10 +0000)]
krb5/changepw.c: Sprinkle const for global data never changed.
Taylor R Campbell [Sun, 28 May 2023 18:59:43 +0000 (18:59 +0000)]
krb5/addr_families.c: Sprinkle const for global data never changed.
Taylor R Campbell [Sun, 28 May 2023 20:13:58 +0000 (20:13 +0000)]
libheimbase: Allow static const heim types.
Taylor R Campbell [Sun, 28 May 2023 20:21:05 +0000 (20:21 +0000)]
krb5/mk_error.c: Constify and rk_UNCONST a static buffer.
This is almost certainly intended never to be written to, so let's
let the operating system detect that mistake for us by mapping it in
a .rodata segment mapped read-only that will cause SIGSEGV on write.
fix https://github.com/heimdal/heimdal/issues/1136
Taylor R Campbell [Sun, 28 May 2023 20:08:15 +0000 (20:08 +0000)]
krb5_decrypt_iov_ivec: Make sure const zero IV is actually const.
This way if anything _does_ write to it, it has the opportunity to be
caught by SIGSEGV, by having zero_ivec in a .rodata segment mapped
read-only.
fix https://github.com/heimdal/heimdal/issues/1135
Joseph Sutton [Tue, 16 May 2023 05:06:17 +0000 (17:06 +1200)]
kdc: Pass in HDB_F_ARMOR_PRINCIPAL when fetching armor ticket client principal
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Tue, 16 May 2023 05:05:49 +0000 (17:05 +1200)]
hdb: Add flag to indicate a fetch for the client of an armor ticket
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Tue, 16 May 2023 05:03:44 +0000 (17:03 +1200)]
kdc: Have caller pass HDB_F_FOR_TGS_REQ into _kdc_fast_check_armor_pac()
We shall soon want to use this function for AS-REQs as well as TGS-REQs.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Stefan Metzmacher [Thu, 29 Dec 2022 10:19:02 +0000 (11:19 +0100)]
kdc: don't announce KRB5_PADATA_GSS unless gss_preauth is enabled
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15273
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 29 Dec 2022 10:18:22 +0000 (11:18 +0100)]
kdc: don't announce KRB5_PADATA_PKINIT_KX unless anonymous is allowed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15273
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 29 Dec 2022 10:16:06 +0000 (11:16 +0100)]
kdc: don't announce KRB5_PADATA_FX_FAST unless fast is enabled
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15273
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeffrey Altman [Tue, 6 Jun 2023 13:55:27 +0000 (09:55 -0400)]
roken: qsort provide ANSI C prototype for swapfunc()
K&R is no longer acceptable.
Jeffrey Altman [Tue, 6 Jun 2023 13:32:33 +0000 (09:32 -0400)]
roken: snprintf properly account for char widths
If a char width is specified the number of output buffer bytes
consumed might be greater than one. Update append_char() to
return the number of bytes consumed and use that value in xyzprintf()
instead of one.
Jeffrey Altman [Tue, 6 Jun 2023 13:11:29 +0000 (09:11 -0400)]
krb5: krb5_enctype_to_keytype cast krb5_enctype to krb5_keytype
The struct _krb5_key_type.type is krb5_enctype. Cast it to
krb5_keytype before assigning to the 'krb5_keytype *keytype'
output variable to avoid a warning from Clang 1500 on Darwin.
Nicolas Williams [Wed, 31 May 2023 18:56:11 +0000 (13:56 -0500)]
ipropd-slave: Fetch new credentials more often
If the master is unreachable for a while we can end up with expired
tickets that don't get refreshed, then ipropd-slave gets stuck until
it's manually restarted.
Nicolas Williams [Sat, 27 May 2023 21:30:15 +0000 (16:30 -0500)]
kinit: Translate context init error codes (fix #1126)
Nicolas Williams [Sat, 27 May 2023 21:30:09 +0000 (16:30 -0500)]
base: Translate context init error codes
Nicolas Williams [Sat, 27 May 2023 21:27:30 +0000 (16:27 -0500)]
base: Do support /dev/null as a config file
Nicolas Williams [Sat, 27 May 2023 04:52:07 +0000 (23:52 -0500)]
kadmin: Add missing options to kadmin(1) page (fix #1118)
Taylor R Campbell [Fri, 26 May 2023 02:04:44 +0000 (02:04 +0000)]
Fix ctype.h misuse.
Excluded: libtomath and libedit files, most of which appear to be
testing or example code not involved in production, and which are
derived from an upstream that should perhaps have patches submitted
upstream instead.
fix https://github.com/heimdal/heimdal/issues/1111
Nicolas Williams [Fri, 26 May 2023 18:47:26 +0000 (13:47 -0500)]
krb5: Fix crash in resolving "DIR" as a ccache name (Fix #1108)
Nicolas Williams [Fri, 26 May 2023 18:24:06 +0000 (13:24 -0500)]
doc: Document KRB5CCNAME and KRB5_KTNAME
Nicolas Williams [Fri, 26 May 2023 18:23:47 +0000 (13:23 -0500)]
admin: Document KRB5_KTNAME env var
Nicolas Williams [Fri, 26 May 2023 18:07:45 +0000 (13:07 -0500)]
wind: Fix build (snprintf overflow warning in test)
Nicolas Williams [Fri, 26 May 2023 17:42:22 +0000 (12:42 -0500)]
GHA: Upgrade to Python 3
Nicolas Williams [Fri, 26 May 2023 17:35:05 +0000 (12:35 -0500)]
GHA: Upgrade to Ubuntu 22.04 (fix #1114)
Nicolas Williams [Fri, 26 May 2023 17:30:29 +0000 (12:30 -0500)]
kinit: Document KRB5CCNAME value syntax
Dan McGregor [Tue, 4 Apr 2023 19:30:02 +0000 (13:30 -0600)]
cf: Honour OpenSSL library and include paths
Check for OpenSSL features while LDFLAGS and CFLAGS are set with
the paths provided in the configure command line. This allows
detecting a non-default OpenSSL's version correctly, such as
on FreeBSD with one of the OpenSSL 3.0 ports.
Jeffrey Altman [Wed, 3 May 2023 21:18:01 +0000 (17:18 -0400)]
krb5: fixup crypto.c avoid realloc to trim memory allocation
1b1ff8fdd571f66624cf744b2333493cc7e781d4 ("krb5: crypto.c avoid realloc
to trim memory allocation") removed the realloc() but failed to assign
'p' to 'result->data'.
Jeffrey Altman [Wed, 19 Apr 2023 12:33:25 +0000 (08:33 -0400)]
krb5: crypto.c avoid realloc to trim memory allocation
decrypt_internal_derived(), decrypt_internal_enc_then_cksum(),
decrypt_internal(), and decrypt_internal_special() execute the
following pattern where 'p' is an allocation of size 'len'
l = len - n
memmove(p, p + n, l);
result->data = realloc(p, l);
if (result->data == NULL && l != 0) {
free(p);
return krb5_enomem(context);
}
result->length = l;
which when compiled by gcc 13.0.1-0.12.fc38 or gcc-13.0.1-0.13.fc39
generates the following warning
warning: pointer 'p' may be used after 'realloc' [-Wuse-after-free]
The C language specification indicates that it is only safe to free()
the pointer passed to realloc() if errno is set to ENOMEM. Yet the
warning is generated by the following pattern
l = len - n
memmove(p, p + n, l);
errno = 0;
result->data = realloc(p, l);
if (result->data == NULL && l != 0) {
if (errno == ENOMEM)
free(p);
return krb5_enomem(context);
}
result->length = l;
The value of performing the realloc() is questionable. realloc()
in many cases will need to perform a second allocation of the
smaller size and then perform a memcpy() which will slow down
the operation without saving much memory. The allocation is already
very small.
This change avoids the warning by removing the realloc() entirely.
Nicolas Williams [Mon, 6 Feb 2023 23:40:33 +0000 (17:40 -0600)]
kinit: w/ command ignore SIGINT/SIGQUIT (fix #1077)
Robert Manner [Fri, 25 Nov 2022 14:27:37 +0000 (15:27 +0100)]
spnego/context_storage: undef sc_flags (for hpux)
On hpux this is seems to be a define from sys/signal.h:
which renders the variable name invalid.
Norbert Bokor [Thu, 1 Dec 2022 10:08:46 +0000 (11:08 +0100)]
heimdal/asn1: do not throw error when trying to allocate 0 bytes of memory
Robert Manner [Thu, 24 Nov 2022 14:46:16 +0000 (15:46 +0100)]
heimbase-atomics.h: replace heim_base_atomic_barrier with syntax valid noop
in case there is no implementation available.
Nicolas Williams [Fri, 27 Jan 2023 17:00:23 +0000 (11:00 -0600)]
hcrypto: Fix performance regression
Luke Howard [Fri, 13 Jan 2023 23:43:13 +0000 (10:43 +1100)]
gss: colaesce DCE_STYLE padding/trailer buffer check
Luke Howard [Mon, 16 Jan 2023 08:11:03 +0000 (19:11 +1100)]
gss: use mechglue instead of gssntlm encoders
Replace calls to {en,de}code...() with mechglue equivalents.
Luke Howard [Sat, 14 Jan 2023 23:20:54 +0000 (10:20 +1100)]
gss: don't truncate authtime in gsskrb5_extract_authtime_from_sec_context()
The interface between the krb5 mechanism and the mechglue API
gsskrb5_extract_authtime_from_sec_context() assumed the authtime would fit into
an uint32_t, which is not the case on platforms where time_t is 64-bit.
Fixes: #1073
Luke Howard [Sat, 14 Jan 2023 23:17:21 +0000 (10:17 +1100)]
gss: add 64-bit int {en,de}coders to mechglue
Luke Howard [Sat, 14 Jan 2023 23:00:50 +0000 (10:00 +1100)]
gss: use mechglue instead of gsskrb5 encoders
Replace calls to _gsskrb5_{en,de}code...() with mechglue equivalents.
ChristianBoehm [Thu, 12 Jan 2023 15:20:29 +0000 (16:20 +0100)]
Update krb5.conf
proposal adding include or include.d in krb5.conf as comment