mod_auth_kerb.git
4 years agoConf file is now in source tree moonshot
Sam Hartman [Thu, 21 May 2015 20:06:16 +0000 (16:06 -0400)]
Conf file is now in source tree

4 years agoVersion 1.0
Sam Hartman [Thu, 21 May 2015 19:24:21 +0000 (15:24 -0400)]
Version 1.0

4 years agoAdd install-sh
Sam Hartman [Thu, 21 May 2015 18:42:39 +0000 (14:42 -0400)]
Add install-sh

4 years agoRun autoreconf in spec
Sam Hartman [Thu, 21 May 2015 17:16:39 +0000 (13:16 -0400)]
Run autoreconf in spec

4 years agoWe don't include version numbers in our directory name
Sam Hartman [Thu, 21 May 2015 15:38:49 +0000 (11:38 -0400)]
We don't include version numbers in our directory name

4 years agoFix spec file typo
Sam Hartman [Wed, 20 May 2015 20:30:36 +0000 (16:30 -0400)]
Fix spec file typo

4 years agomake dist-gzip for our build process
Sam Hartman [Tue, 19 May 2015 15:54:38 +0000 (11:54 -0400)]
make dist-gzip for our build process

* Update configure.in header for package and version
* Add .gitignore

4 years agoAdding RHEL build support for mod_auth_gssapi
Stefan Paetow [Tue, 27 Jan 2015 12:12:22 +0000 (12:12 +0000)]
Adding RHEL build support for mod_auth_gssapi

[Sam Hartman]
* Let make dist handle running autoreconf for us
* Clean up whitespace

5 years agoMerge branch 'moonshot-negotiate' of file:///srv/git/mod_auth_kerb
Sam Hartman [Mon, 3 Feb 2014 10:08:56 +0000 (05:08 -0500)]
Merge branch 'moonshot-negotiate' of file:///srv/git/mod_auth_kerb

7 years agouse "Negotiate" mechanism moonshot-negotiate
Luke Howard [Sun, 25 Sep 2011 13:40:47 +0000 (23:40 +1000)]
use "Negotiate" mechanism

8 years agoBuild fixes to support DESTDIR
Sam Hartman [Mon, 9 May 2011 21:07:23 +0000 (17:07 -0400)]
Build fixes to support DESTDIR

8 years agolicense and copyright statements moonshot.branch
kouril [Fri, 6 May 2011 09:47:25 +0000 (09:47 +0000)]
license and copyright statements

8 years agoReturn even last token on GSS errors
kouril [Fri, 1 Apr 2011 10:45:06 +0000 (10:45 +0000)]
Return even last token on GSS errors

8 years agoAdding testing CLI client (based off the Heimdal testing sample)
kouril [Mon, 28 Mar 2011 20:21:23 +0000 (20:21 +0000)]
Adding testing CLI client (based off the Heimdal testing sample)

8 years agoImproved building
kouril [Mon, 28 Mar 2011 20:12:22 +0000 (20:12 +0000)]
Improved building

8 years agoFixed building with gss libs (by Sam Hartman)
kouril [Mon, 28 Mar 2011 19:13:37 +0000 (19:13 +0000)]
Fixed building with gss libs (by Sam Hartman)

8 years agoimporting current version of mod_auth_gssapi
kouril [Wed, 15 Dec 2010 13:25:05 +0000 (13:25 +0000)]
importing current version of mod_auth_gssapi

8 years agoremoved "legacy" of mod_auth_kerb
kouril [Wed, 15 Dec 2010 13:24:09 +0000 (13:24 +0000)]
removed "legacy" of mod_auth_kerb

8 years agoremoved unnecessary files
kouril [Wed, 15 Dec 2010 13:18:18 +0000 (13:18 +0000)]
removed unnecessary files

9 years agoBetter r.e. to prevent from substituing empty strings on some platforms origin
kouril [Thu, 22 Jul 2010 09:13:54 +0000 (09:13 +0000)]
Better r.e. to prevent from substituing empty strings on some platforms

10 years agoremove some cc warnings (thanks to Joe Orton)
kouril [Tue, 11 Aug 2009 07:37:27 +0000 (07:37 +0000)]
remove some cc warnings (thanks to Joe Orton)

10 years ago- own up Kerberos in the resulting mechanism id
kouril [Tue, 11 Aug 2009 07:26:14 +0000 (07:26 +0000)]
- own up Kerberos in the resulting mechanism id
- return an error when the client wants multiple iterations of GSSAPI authN

10 years agotweaked Basic provider support
baalberith [Tue, 5 May 2009 12:39:52 +0000 (12:39 +0000)]
tweaked Basic provider support

10 years agodocumented KrbLocalUserMapping directive
baalberith [Fri, 17 Apr 2009 09:38:23 +0000 (09:38 +0000)]
documented KrbLocalUserMapping directive

10 years agoticket [2421120], added krb5-config command locating
baalberith [Thu, 16 Apr 2009 17:26:02 +0000 (17:26 +0000)]
ticket [2421120], added krb5-config command locating

10 years agofixed return value when using basic provider to pass the auth to other modules (in...
baalberith [Mon, 9 Mar 2009 19:52:17 +0000 (19:52 +0000)]
fixed return value when using basic provider to pass the auth to other modules (in case of fail).

10 years agoforgot something
baalberith [Thu, 5 Mar 2009 17:30:45 +0000 (17:30 +0000)]
forgot something

10 years agocode reorganization caused by last update
baalberith [Thu, 5 Mar 2009 17:06:20 +0000 (17:06 +0000)]
code reorganization caused by last update

10 years agoadded password verification invocation vie the AuthBasicProvider with krb value
baalberith [Fri, 27 Feb 2009 00:07:08 +0000 (00:07 +0000)]
added password verification invocation vie the AuthBasicProvider with krb value

10 years agoincreased version number v5.4
baalberith [Thu, 4 Dec 2008 10:14:03 +0000 (10:14 +0000)]
increased version number

10 years agochangelog
baalberith [Thu, 4 Dec 2008 10:11:35 +0000 (10:11 +0000)]
changelog

10 years agoadded changelog
baalberith [Thu, 4 Dec 2008 09:48:00 +0000 (09:48 +0000)]
added changelog

10 years agoremoved compilation warnings
baalberith [Tue, 2 Dec 2008 15:17:17 +0000 (15:17 +0000)]
removed compilation warnings

10 years agoreverted to 1.146, this will be part of another commit
baalberith [Tue, 2 Dec 2008 15:01:17 +0000 (15:01 +0000)]
reverted to 1.146, this will be part of another commit

10 years agomoved sed command to its own script(for BSD with non-GNU make users) + improved confi...
baalberith [Tue, 2 Dec 2008 14:49:13 +0000 (14:49 +0000)]
moved sed command to its own script(for BSD with non-GNU make users) + improved configure script to correctly handle with --with-krb5=yes

10 years agotickets [ 1427467 ], [ 1399384 ], [ 1169067 ], [ 1289096 ] implemented KrbServiceName...
baalberith [Sun, 19 Oct 2008 19:25:44 +0000 (19:25 +0000)]
tickets [ 1427467 ], [ 1399384 ], [ 1169067 ], [ 1289096 ] implemented KrbServiceName Any for password auth

10 years agofixed bug [1323202] Configure script doesnt correctly handle "--with-krb5"
baalberith [Tue, 14 Oct 2008 19:00:50 +0000 (19:00 +0000)]
fixed bug [1323202] Configure script doesnt correctly handle "--with-krb5"

10 years agoaccepted ticket [1859455]: <sys/types.h> should be included explicitly
baalberith [Tue, 14 Oct 2008 10:59:19 +0000 (10:59 +0000)]
accepted ticket [1859455]: <sys/types.h> should be included explicitly

10 years agoaccepted ticket [1707336]: Include valid options when calling krb5_get_init_creds_passw
baalberith [Sat, 11 Oct 2008 23:09:00 +0000 (23:09 +0000)]
accepted ticket [1707336]: Include valid options when calling krb5_get_init_creds_passw

10 years agorewriten already_succeeded function, tickets [ 1774288 ], [ 1891230 ]
baalberith [Wed, 8 Oct 2008 20:12:10 +0000 (20:12 +0000)]
rewriten already_succeeded function, tickets [ 1774288 ], [ 1891230 ]

10 years agofixed threading issues as described in ticket [ 1971514 ]
baalberith [Sat, 4 Oct 2008 08:51:17 +0000 (08:51 +0000)]
fixed threading issues as described in ticket [ 1971514 ]

10 years agominor update "HTTP" -> default SERVICE_NAME
baalberith [Thu, 2 Oct 2008 11:01:01 +0000 (11:01 +0000)]
minor update "HTTP" -> default SERVICE_NAME

11 years agoaccepted patch [ 1809998 ] "Accept any incoming credential in keytab" with some minor...
baalberith [Wed, 17 Sep 2008 14:01:55 +0000 (14:01 +0000)]
accepted patch [ 1809998 ] "Accept any incoming credential in keytab" with some minor changes

11 years agorewritten whole an to ln name mapping
baalberith [Tue, 19 Aug 2008 12:29:45 +0000 (12:29 +0000)]
rewritten whole an to ln name mapping

11 years agominor update, some debugging info + better memory management
baalberith [Wed, 13 Aug 2008 01:05:52 +0000 (01:05 +0000)]
minor update, some debugging info + better memory management

11 years agoadded auth name to local name mapping. Tickets [1957143], [1303627], [2013838 ],...
baalberith [Fri, 8 Aug 2008 11:56:55 +0000 (11:56 +0000)]
added auth name to local name mapping. Tickets [1957143], [1303627], [2013838 ], [1809803], [1373783], [1611526]

11 years agofixed [1851056] problem with password beginning with ':'
baalberith [Fri, 25 Jul 2008 22:22:03 +0000 (22:22 +0000)]
fixed [1851056] problem with password beginning with ':'

11 years agoMerge from the 5.3 branch (security fix). Tagged as merge_53_src, merge_53_dst, merge... merge.53.dst.after
kouril [Tue, 24 Jun 2008 12:59:53 +0000 (12:59 +0000)]
Merge from the 5.3 branch (security fix). Tagged as merge_53_src, merge_53_dst, merge_53_dst_after.

12 years agoLogged a debug message saying if or not the client delegated his/her credential merge.53.dst
kouril [Wed, 22 Nov 2006 11:11:16 +0000 (11:11 +0000)]
Logged a debug message saying if or not the client delegated his/her credential

12 years agoPass the get_gss_error() call with a full request struct so it could log a debug...
kouril [Wed, 22 Nov 2006 10:53:53 +0000 (10:53 +0000)]
Pass the get_gss_error() call with a full request struct so it could log a debug message with the GSSAPI codes

12 years agoImproved displying of error messages
kouril [Thu, 16 Nov 2006 08:39:36 +0000 (08:39 +0000)]
Improved displying of error messages

12 years agoIncreased version numbers v5.2
kouril [Mon, 6 Nov 2006 17:33:53 +0000 (17:33 +0000)]
Increased version numbers

12 years agoAdded definition of KRB5_LIB_FUNCTION (taken from MIT), which seems not to be
kouril [Mon, 6 Nov 2006 15:48:45 +0000 (15:48 +0000)]
Added definition of KRB5_LIB_FUNCTION (taken from MIT), which seems not to be
included sometimes (MIT 1.5.1).

12 years agoThe shell functions supported by BSD make:s doesn't do what we are used to from
kouril [Mon, 6 Nov 2006 15:36:08 +0000 (15:36 +0000)]
The shell functions supported by BSD make:s doesn't do what we are used to from
GNU make. Added a comment with two lines which provide the same functionality
also on BSD platforms. It'd be greate if they were wrapped with a if
statetement.

13 years agoUse krb5_rc_resolve_full() to detect the "none" rcache type. The previous code was...
kouril [Sat, 9 Sep 2006 08:01:03 +0000 (08:01 +0000)]
Use krb5_rc_resolve_full() to detect the "none" rcache type. The previous code was based on an internal function using non-public data structure.

13 years agoChanges in krb4 code
kouril [Mon, 4 Sep 2006 10:44:17 +0000 (10:44 +0000)]
Changes in krb4 code
- switch to apr 1.x
- allow the client to specify the realm

13 years agoincreased versions to 5.1 v5.1
kouril [Fri, 1 Sep 2006 11:36:19 +0000 (11:36 +0000)]
increased versions to 5.1

13 years agoDefined GSS_KRB5_NT_PRINCIPAL_NAME as gss_nt_krb5_name to make it work with older...
kouril [Fri, 1 Sep 2006 09:32:34 +0000 (09:32 +0000)]
Defined GSS_KRB5_NT_PRINCIPAL_NAME as gss_nt_krb5_name to make it work with older MITs (eg. from RH ES3)

13 years agoSwitched to use APR 1.x
kouril [Wed, 30 Aug 2006 06:41:51 +0000 (06:41 +0000)]
Switched to use APR 1.x
- apr 1.0 stopped shipping the compat headers defining old ap_* calls

13 years agochanged type to unsigned to be consistent with prototype
kouril [Wed, 30 Aug 2006 06:38:14 +0000 (06:38 +0000)]
changed type to unsigned to be consistent with prototype

13 years agoAdded context declaration
kouril [Thu, 24 Aug 2006 11:43:07 +0000 (11:43 +0000)]
Added context declaration

13 years agoBetter check if SPNEGO is supported by the kerberos implementation. Patch accepted...
kouril [Thu, 24 Aug 2006 10:50:32 +0000 (10:50 +0000)]
Better check if SPNEGO is supported by the kerberos implementation. Patch accepted from https://sourceforge.net/tracker/?func=detail&atid=464526&aid=1533173&group_id=51775

13 years agoDetect if the "none" replay cache type is supported before enforcing its use
kouril [Thu, 24 Aug 2006 10:48:38 +0000 (10:48 +0000)]
Detect if the "none" replay cache type is supported before enforcing its use

13 years agoBumbed version v5.0
kouril [Tue, 15 Aug 2006 13:35:53 +0000 (13:35 +0000)]
Bumbed version

13 years agotypo in error message
kouril [Tue, 15 Aug 2006 13:14:27 +0000 (13:14 +0000)]
typo in error message

13 years agoBetter solution to the "array type has incomplete element type" problem
kouril [Tue, 15 Aug 2006 12:58:01 +0000 (12:58 +0000)]
Better solution to the "array type has incomplete element type" problem

13 years agoCompatibilizing define's are pulled out from apr_compat.h and apu_compat.h
kouril [Tue, 15 Aug 2006 12:48:26 +0000 (12:48 +0000)]
Compatibilizing define's are pulled out from apr_compat.h and apu_compat.h

13 years agoThe KRB5RCACHETYPE variable is set in initialization calls. Its parameter is allocate...
kouril [Tue, 15 Aug 2006 12:42:03 +0000 (12:42 +0000)]
The KRB5RCACHETYPE variable is set in initialization calls. Its parameter is allocated using strdup().

13 years agoSome calls declared static to make gcc stop complainig about non existing prototypes
kouril [Tue, 15 Aug 2006 11:34:49 +0000 (11:34 +0000)]
Some calls declared static to make gcc stop complainig about non existing prototypes

13 years agoIgnore .libs
kouril [Tue, 15 Aug 2006 11:31:52 +0000 (11:31 +0000)]
Ignore .libs

13 years agoIgnore *.lo, *.slo
kouril [Tue, 15 Aug 2006 11:08:19 +0000 (11:08 +0000)]
Ignore *.lo, *.slo

13 years agoCommented out ContextFlags_units, which makes problem on SuSE 10
kouril [Tue, 15 Aug 2006 10:34:28 +0000 (10:34 +0000)]
Commented out ContextFlags_units, which makes problem on SuSE 10

13 years agoTry also locating apxs2 binary if apxs isn't found
kouril [Tue, 15 Aug 2006 10:21:46 +0000 (10:21 +0000)]
Try also locating apxs2 binary if apxs isn't found

13 years ago- Use the KRB5RCACHETYPE variable to disable the replay attacks checks in
kouril [Sat, 22 Apr 2006 12:46:53 +0000 (12:46 +0000)]
- Use the KRB5RCACHETYPE variable to disable the replay attacks checks in
  MIT 1.4
- Make the 1.3 hack more robust, it tryies to verify it works with 1.3 libs
  (it crashes with 1.4)
(patches submited from Russ Allbery and Jari Ahonen)

13 years agoBumped version
kouril [Tue, 28 Feb 2006 23:01:44 +0000 (23:01 +0000)]
Bumped version

13 years agoWrap compiler and linker options passed via apxs
kouril [Mon, 20 Feb 2006 21:46:35 +0000 (21:46 +0000)]
Wrap compiler and linker options passed via apxs

13 years ago#ifdef 0 doesn't work
kouril [Mon, 20 Feb 2006 21:38:28 +0000 (21:38 +0000)]
#ifdef 0 doesn't work

13 years agoBumped years in Licenses and similar stuff
kouril [Sun, 19 Feb 2006 21:45:05 +0000 (21:45 +0000)]
Bumped years in Licenses and similar stuff

13 years agoTypo (fix for bug 1424794)
kouril [Sun, 19 Feb 2006 21:04:44 +0000 (21:04 +0000)]
Typo (fix for bug 1424794)

13 years agoCommented out all KrbEnableSSLPreauthentication related stuff as it depends on
kouril [Sun, 19 Feb 2006 14:58:41 +0000 (14:58 +0000)]
Commented out all KrbEnableSSLPreauthentication related stuff as it depends on
the mod_ssl internals (ssl_var_lookup).

13 years agoAdded SSL_preauthentication option
kouril [Thu, 2 Feb 2006 15:35:42 +0000 (15:35 +0000)]
Added SSL_preauthentication option

14 years ago- Don't build the SPNEGO library at all if using latest heimdal (or another
kouril [Fri, 5 Aug 2005 15:16:29 +0000 (15:16 +0000)]
- Don't build the SPNEGO library at all if using latest heimdal (or another
  distributions supporting SPNEGO, are there any?)
- Changed the semantics of the KrbServiceName directive. It can contain not
  only the service name (HTTP) but also a full principal name that will be used
  for authentication of the server. This should help in solving some DNS
  issues.

14 years ago- renamed enum CONTEXT into KERB_CTXT to address name clashes on Windows
kouril [Wed, 8 Jun 2005 10:36:46 +0000 (10:36 +0000)]
- renamed enum CONTEXT into KERB_CTXT to address name clashes on Windows
- added a few missing calling conventions to the calls
(thanks to Pascal Davoust, 20 May 2005 14:56:15)

14 years ago- Be more compatible with the development apache branch. Allow working with
kouril [Wed, 8 Jun 2005 10:32:55 +0000 (10:32 +0000)]
- Be more compatible with the development apache branch. Allow working with
  APR 1.x and 2.2.
- Avoid some warnings
(thanks to Joe Orton for this patch, 23 May 2005 14:00:57)

14 years agomozilla prefs
kouril [Fri, 3 Jun 2005 16:58:24 +0000 (16:58 +0000)]
mozilla prefs

14 years agoOnly reply with the Negotiate set if the gss_accept_sec_context returned data
kouril [Fri, 29 Apr 2005 15:51:53 +0000 (15:51 +0000)]
Only reply with the Negotiate set if the gss_accept_sec_context returned data
for the client. Otherwise the client received an Negotiate header and tried to
authenticate using GSSAPI again and again, which is annoying when the user in
question pass the authentication but isn't authorized.

14 years agoAdded year 2005 to the license block
kouril [Wed, 9 Mar 2005 12:27:26 +0000 (12:27 +0000)]
Added year 2005 to the license block

14 years agoAdded a debug program that performs conversions from DNS names to realms.
kouril [Thu, 17 Feb 2005 12:43:34 +0000 (12:43 +0000)]
Added a debug program that performs conversions from DNS names to realms.
(Thanks to Jari Ahonen for it).

14 years agoDon't prohibit specifying realm is user name
kouril [Thu, 17 Feb 2005 12:38:59 +0000 (12:38 +0000)]
Don't prohibit specifying realm is user name

14 years agoAdded type-casting to avoid warning from the compiler
kouril [Fri, 11 Feb 2005 14:02:06 +0000 (14:02 +0000)]
Added type-casting to avoid warning from the compiler

14 years agoadded a short note about Konqueror
kouril [Thu, 6 Jan 2005 10:25:40 +0000 (10:25 +0000)]
added a short note about Konqueror

14 years agoUsed gsskrb5_register_acceptor_identity() to specify the keytab (some installations...
kouril [Fri, 5 Nov 2004 13:42:26 +0000 (13:42 +0000)]
Used gsskrb5_register_acceptor_identity() to specify the keytab (some installations seems to have problems reading the filename from the environment)

14 years agoAdded more debug messages
kouril [Mon, 1 Nov 2004 22:25:07 +0000 (22:25 +0000)]
Added more debug messages

14 years agoDescription of delegation support in Win AD (thanks Rob Sessink)
kouril [Tue, 5 Oct 2004 09:18:12 +0000 (09:18 +0000)]
Description of delegation support in Win AD (thanks Rob Sessink)

15 years agodon't dereference NULL pointer
kouril [Thu, 16 Sep 2004 12:47:25 +0000 (12:47 +0000)]
don't dereference NULL pointer

15 years agospecify the realm name when calling krb5_parse_name(). MIT seems not to use the realm...
kouril [Thu, 16 Sep 2004 11:53:06 +0000 (11:53 +0000)]
specify the realm name when calling krb5_parse_name(). MIT seems not to use the realm set by krb5_set_default_realm()

15 years agoforgot spnego-specific asn.1 sources
kouril [Thu, 16 Sep 2004 09:57:33 +0000 (09:57 +0000)]
forgot spnego-specific asn.1 sources

15 years agoDon't compile ASN.1 routines when using Heimdal -- use the ones from Heimdal
kouril [Thu, 16 Sep 2004 08:55:27 +0000 (08:55 +0000)]
Don't compile ASN.1 routines when using Heimdal -- use the ones from Heimdal

15 years agodelete .libs directories during 'clean'-ing
kouril [Thu, 16 Sep 2004 08:42:00 +0000 (08:42 +0000)]
delete .libs directories during 'clean'-ing

15 years agoCentrally #define:ed name of the Negotiate method
kouril [Thu, 2 Sep 2004 13:08:04 +0000 (13:08 +0000)]
Centrally #define:ed name of the Negotiate method