| Age | Commit message (Collapse) | Author |
|---|
|
authenticate() doesn't handle the case of an ASCII login which
results in a continue request being required to complete the
transaction.
|
|
Various cryptography improvements
|
|
Also, correct the -DTACDEBUG_AT_RUNTIME scenario so that TACDEBUG()
binds correct when used in an if-body with an else following it, e.g.:
if (test)
TACDEBUG(LOG_DEBUG, "test is true");
else
return;
would previously have ended up as expanding to:
if (test)
if (tac_debug_enable) logmsg(LOG_DEBUG, "test is true");
else
return;
with the indent redone to reflect the nesting correctly. This now
expands (correctly) to:
if (test)
do { if (tac_debug_enable) logmsg(LOG_DEBUG, "test is true"); } while (0);
else
return;
|
|
Why make copies of the payload length to pass as parameters when
it's already present in the header?
|
|
Fix the prototyping in lib/md5.h.
Accommodate the function name differences between lib/md5.h and
the equivalent functions in openssl/md5.h.
Accommodate replacement of MD5_LEN with MD5_LBLOCK (note that
MD5_CBLOCK and MD5_DIGEST_LEN aren't referenced) and use this
consistently.
|
|
|
|
Allow pam_tacplus to do challenge/response authentication for TAC
backends that force password change during authentication flow. Also add
support for password change via 'passwd' by implementing
pam_sm_chauthtok. Amongst other things, this requires explicitly
managing the sequence number for compatability with some versions of
Cisco ACS.
|
|
|
|
|
|
|
|
|
|
|
