+ if (ret == HTTP_UNAUTHORIZED)
+ set_kerb_auth_headers(r, conf, use_krb4, use_krb5, negotiate_ret_value);
+
+ } else {
+ ret = prevauth->last_return;
+ MK_USER = prevauth->user;
+ MK_AUTH_TYPE = prevauth->mech;
+ }
+
+ /*
+ * save who was auth'd, if it's not already stashed.
+ */
+ if(!prevauth) {
+ save_authorized(r, auth_line, auth_type, ret);
+ }
+
+ if (ret == OK && conf->krb5_do_auth_to_local) {
+ ret = do_krb5_an_to_ln(r);
+ }
+ return ret;
+}
+
+static authn_status authn_krb_password(request_rec *r, const char *user,
+ const char *password)
+{
+ char *auth_line = NULL;
+ int ret;
+ const char *type = NULL;
+
+ type = ap_auth_type(r);
+ auth_line = ap_pbase64encode (r->pool, apr_psprintf(r->pool, "%s:%s", user, password));
+ auth_line = apr_psprintf(r->pool, "Basic %s", auth_line);
+
+ ret = authenticate_user(r, auth_line, type, 1, 1);
+
+ if (ret == OK) return AUTH_GRANTED;
+ else return AUTH_USER_NOT_FOUND;
+}
+
+static int
+kerb_authenticate_user(request_rec *r)
+{
+ kerb_auth_config *conf =
+ (kerb_auth_config *) ap_get_module_config(r->per_dir_config,
+ &auth_kerb_module);
+ char *auth_line = NULL;
+ int ret, use_krb4 = 0, use_krb5 = 0;
+ const char *type = NULL;
+
+ /* get the type specified in .htaccess */
+ type = ap_auth_type(r);
+
+ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "kerb_authenticate_user entered with user %s and auth_type %s",
+ (MK_USER)?MK_USER:"(NULL)",type?type:"(NULL)");
+
+ if (type && strcasecmp(type, "Kerberos") == 0)
+ use_krb5 = use_krb4 = 1;
+ else if(type && strcasecmp(type, "KerberosV5") == 0)
+ use_krb5 = 1;
+ else if(type && strcasecmp(type, "KerberosV4") == 0)
+ use_krb4 = 1;
+ else
+ return DECLINED;
+
+#if 0
+ if (conf->krb_ssl_preauthentication) {
+ const char *ssl_client_verify = ssl_var_lookup(r->pool, r->server,
+ r->connection, r, "SSL_CLIENT_VERIFY");
+
+ if (ssl_client_verify && strcmp(ssl_client_verify, "SUCCESS") == 0)
+ return OK;
+ }
+#endif