X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=src%2Fmod_auth_kerb.c;h=b161c6a28004ba8082e58d08f72db079bf2e7712;hb=c648522c15aacb2763de36086f1248aecce4fef1;hp=64a0a1203238ad60a9652352ac78aea21e2c5b0f;hpb=4d19deb987125bd037657838ff05c5fd52fb553c;p=mod_auth_kerb.git

diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c
index 64a0a12..b161c6a 100644
--- a/src/mod_auth_kerb.c
+++ b/src/mod_auth_kerb.c
@@ -11,7 +11,7 @@
  */
 
 /*
- * Copyright (c) 2004-2005 Masarykova universita
+ * Copyright (c) 2004-2006 Masarykova universita
  * (Masaryk University, Brno, Czech Republic)
  * All rights reserved.
  *
@@ -154,7 +154,9 @@ typedef struct {
 	const char *krb_service_name;
 	int krb_authoritative;
 	int krb_delegate_basic;
+#if 0
 	int krb_ssl_preauthentication;
+#endif
 #ifdef KRB5
 	char *krb_5_keytab;
 	int krb_method_gssapi;
@@ -207,8 +209,10 @@ static const command_rec kerb_auth_cmds[] = {
    command("KrbDelegateBasic", ap_set_flag_slot, krb_delegate_basic,
      FLAG, "Always offer Basic authentication regardless of KrbMethodK5Pass and pass on authentication to lower modules if Basic headers arrive."),
 
+#if 0
    command("KrbEnableSSLPreauthentication", ap_set_flag_slot, krb_ssl_preauthentication,
      FLAG, "Don't do Kerberos authentication if the user is already authenticated using SSL and her client certificate."),
+#endif
 
 #ifdef KRB5
    command("Krb5Keytab", ap_set_file_slot, krb_5_keytab,
@@ -308,7 +312,9 @@ static void *kerb_dir_create_config(MK_POOL *p, char *d)
 	((kerb_auth_config *)rec)->krb_service_name = NULL;
 	((kerb_auth_config *)rec)->krb_authoritative = 1;
 	((kerb_auth_config *)rec)->krb_delegate_basic = 0;
+#if 0
 	((kerb_auth_config *)rec)->krb_ssl_preauthentication = 0;
+#endif
 #ifdef KRB5
 	((kerb_auth_config *)rec)->krb_method_k5pass = 1;
 	((kerb_auth_config *)rec)->krb_method_gssapi = 1;
@@ -1487,6 +1493,7 @@ kerb_authenticate_user(request_rec *r)
    else
       return DECLINED;
 
+#if 0
    if (conf->krb_ssl_preauthentication) {
       const char *ssl_client_verify = ssl_var_lookup(r->pool, r->server,
 	    	r->connection, r, "SSL_CLIENT_VERIFY");
@@ -1494,6 +1501,7 @@ kerb_authenticate_user(request_rec *r)
       if (ssl_client_verify && strcmp(ssl_client_verify, "SUCCESS") == 0)
 	 return OK;
    }
+#endif
 
    /* get what the user sent us in the HTTP header */
    auth_line = MK_TABLE_GET(r->headers_in, (r->proxyreq == PROXYREQ_PROXY)