X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=src%2Fmod_auth_kerb.c;h=a404b1f6e92b574722733818f978c16ecaadead7;hb=172de5ebb610946ac8a30cd0fc9f2eb00d6437ee;hp=b161c6a28004ba8082e58d08f72db079bf2e7712;hpb=c648522c15aacb2763de36086f1248aecce4fef1;p=mod_auth_kerb.git

diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c
index b161c6a..a404b1f 100644
--- a/src/mod_auth_kerb.c
+++ b/src/mod_auth_kerb.c
@@ -50,7 +50,7 @@
 #include <stdio.h>
 #include <stdarg.h>
 
-#define MODAUTHKERB_VERSION "5.0-rc6"
+#define MODAUTHKERB_VERSION "5.0-rc7"
 
 #define MECH_NEGOTIATE "Negotiate"
 #define SERVICE_NAME "HTTP"
@@ -1139,6 +1139,13 @@ get_gss_creds(request_rec *r,
    char buf[1024];
    int have_server_princ;
 
+#ifndef HEIMDAL
+   /* Suppress the MIT replay cache.  Requires MIT Kerberos 1.4.0 or later.
+      1.3.x are covered by the hack overiding the replay calls */
+   if (getenv("KRB5RCACHETYPE") == NULL)
+      putenv("KRB5RCACHETYPE=none");
+#endif
+
    have_server_princ = conf->krb_service_name && strchr(conf->krb_service_name, '/') != NULL;
    if (have_server_princ)
       strncpy(buf, conf->krb_service_name, sizeof(buf));
@@ -1199,11 +1206,15 @@ get_gss_creds(request_rec *r,
    {
       krb5_gss_cred_id_t gss_creds = (krb5_gss_cred_id_t) *server_creds;
 
-      if (gss_creds && gss_creds->rcache && gss_creds->rcache->ops &&
-	  gss_creds->rcache->ops->type &&  
-	  memcmp(gss_creds->rcache->ops->type, "dfl", 3) == 0)
+      /* First we try to verify we are linked with 1.3.x to prevent from
+         crashing when linked with 1.4.x */
+      if (gss_creds && (gss_creds->usage == GSS_C_ACCEPT)) {
+	 if (gss_creds->rcache && gss_creds->rcache->ops &&
+	     gss_creds->rcache->ops->type &&  
+	     memcmp(gss_creds->rcache->ops->type, "dfl", 3) == 0)
           /* Override the rcache operations */
 	 gss_creds->rcache->ops = &mod_auth_kerb_rc_ops;
+      }
    }
 #endif