kouril [Thu, 17 Feb 2005 12:43:34 +0000 (12:43 +0000)]
Added a debug program that performs conversions from DNS names to realms.
(Thanks to Jari Ahonen for it).
kouril [Thu, 17 Feb 2005 12:38:59 +0000 (12:38 +0000)]
Don't prohibit specifying realm is user name
kouril [Fri, 11 Feb 2005 14:02:06 +0000 (14:02 +0000)]
Added type-casting to avoid warning from the compiler
kouril [Thu, 6 Jan 2005 10:25:40 +0000 (10:25 +0000)]
added a short note about Konqueror
kouril [Fri, 5 Nov 2004 13:42:26 +0000 (13:42 +0000)]
Used gsskrb5_register_acceptor_identity() to specify the keytab (some installations seems to have problems reading the filename from the environment)
kouril [Mon, 1 Nov 2004 22:25:07 +0000 (22:25 +0000)]
Added more debug messages
kouril [Tue, 5 Oct 2004 09:18:12 +0000 (09:18 +0000)]
Description of delegation support in Win AD (thanks Rob Sessink)
kouril [Thu, 16 Sep 2004 12:47:25 +0000 (12:47 +0000)]
don't dereference NULL pointer
kouril [Thu, 16 Sep 2004 11:53:06 +0000 (11:53 +0000)]
specify the realm name when calling krb5_parse_name(). MIT seems not to use the realm set by krb5_set_default_realm()
kouril [Thu, 16 Sep 2004 09:57:33 +0000 (09:57 +0000)]
forgot spnego-specific asn.1 sources
kouril [Thu, 16 Sep 2004 08:55:27 +0000 (08:55 +0000)]
Don't compile ASN.1 routines when using Heimdal -- use the ones from Heimdal
kouril [Thu, 16 Sep 2004 08:42:00 +0000 (08:42 +0000)]
delete .libs directories during 'clean'-ing
kouril [Thu, 2 Sep 2004 13:08:04 +0000 (13:08 +0000)]
Centrally #define:ed name of the Negotiate method
kouril [Thu, 26 Aug 2004 09:02:54 +0000 (09:02 +0000)]
corrected wrong parameters printed during debugging
kouril [Mon, 16 Aug 2004 13:20:53 +0000 (13:20 +0000)]
Added changes to enable compiling on Windows (most likely not sufficient)
- Added standard includes
- use {_vs,_s}nprintf instead of {vs,s}nprintf
- added implementation of the mkstemp() call (taken from heimdal)
kouril [Tue, 10 Aug 2004 12:01:01 +0000 (12:01 +0000)]
Added flag RSRC_CONF to the directives definitions so they can be set in the
server-wide config file as well
kouril [Thu, 8 Jul 2004 12:05:43 +0000 (12:05 +0000)]
Increased the release number
kouril [Thu, 8 Jul 2004 12:02:51 +0000 (12:02 +0000)]
typo
kouril [Thu, 8 Jul 2004 12:00:07 +0000 (12:00 +0000)]
note about debugging of Mozilla
kouril [Thu, 8 Jul 2004 11:52:03 +0000 (11:52 +0000)]
Changes by Jari Ahonen
kouril [Mon, 5 Jul 2004 20:47:42 +0000 (20:47 +0000)]
Don't remove the configure script during distclean
kouril [Thu, 1 Jul 2004 08:54:54 +0000 (08:54 +0000)]
when logging a service name use the name processed by GSSAPI
kouril [Thu, 1 Jul 2004 07:20:41 +0000 (07:20 +0000)]
Use cannonical DNS name when constructing the principal for passwd verification (to be consistent with GSSAPI)
kouril [Tue, 29 Jun 2004 10:56:01 +0000 (10:56 +0000)]
Added warning when NTLM authenticator is received
kouril [Fri, 25 Jun 2004 06:42:25 +0000 (06:42 +0000)]
rather FIXME notes
kouril [Thu, 24 Jun 2004 08:02:04 +0000 (08:02 +0000)]
Added more debug messages
kouril [Thu, 24 Jun 2004 07:01:41 +0000 (07:01 +0000)]
Handle KerberosV5/KerberosV4 values of AuthType properly
kouril [Tue, 22 Jun 2004 14:36:26 +0000 (14:36 +0000)]
Corrected debug messages
kouril [Sun, 6 Jun 2004 21:49:00 +0000 (21:49 +0000)]
Rewritten installation guide
kouril [Fri, 4 Jun 2004 09:10:44 +0000 (09:10 +0000)]
two more debugging messages
kouril [Fri, 4 Jun 2004 08:52:48 +0000 (08:52 +0000)]
Added a new directive (KrbDelegateBasic), which can be used to pass on authentication decision to another modules.
kouril [Fri, 4 Jun 2004 08:39:00 +0000 (08:39 +0000)]
Allow the module to work in the proxy mode correctly (don't swallow authentication headers). This commit fixes bug reported at
http://sourceforge.net/tracker/index.php?func=detail&aid=954085&group_id=51775&atid=464524
kouril [Tue, 1 Jun 2004 14:13:49 +0000 (14:13 +0000)]
Use the resolv library when checking for krb5_init_context()
kouril [Tue, 1 Jun 2004 12:28:50 +0000 (12:28 +0000)]
Added fields to the module declaration (in 1.3.x part) required by EAPI
kouril [Mon, 3 May 2004 06:46:22 +0000 (06:46 +0000)]
Added suffix '_internal' to all definitions copied from provate MIT header to avoid possible conflicts
kouril [Fri, 30 Apr 2004 11:51:41 +0000 (11:51 +0000)]
added a debugging message
kouril [Tue, 27 Apr 2004 14:17:20 +0000 (14:17 +0000)]
typos
kouril [Tue, 27 Apr 2004 14:14:08 +0000 (14:14 +0000)]
increase version number to be ready for a new release
kouril [Tue, 27 Apr 2004 14:05:24 +0000 (14:05 +0000)]
Added MIT license statements
kouril [Tue, 27 Apr 2004 12:12:06 +0000 (12:12 +0000)]
basicaly typos
kouril [Fri, 23 Apr 2004 12:19:37 +0000 (12:19 +0000)]
krb5 ccache is initialized only after the password verification succeeds
kouril [Wed, 21 Apr 2004 16:15:22 +0000 (16:15 +0000)]
Added header includes and other minor fixes
kouril [Wed, 21 Apr 2004 10:15:04 +0000 (10:15 +0000)]
really use auth_context prepared
kouril [Fri, 16 Apr 2004 22:19:58 +0000 (22:19 +0000)]
added header containing internal MIT definitions
kouril [Fri, 16 Apr 2004 20:44:37 +0000 (20:44 +0000)]
First attempt of working around replay cache (thanks to Jari Ahonen for the GSSAPI part)
kouril [Tue, 13 Apr 2004 15:58:39 +0000 (15:58 +0000)]
- Don't use global structures to persistently store gss context. Support only
krb5 which requires single gssapi authentication iteration.
kouril [Fri, 9 Apr 2004 13:05:29 +0000 (13:05 +0000)]
Mark a few places where a debug logging should be added
kouril [Thu, 1 Apr 2004 08:21:44 +0000 (08:21 +0000)]
- Use macro AC_PATH_PROG to find the apxs command, don't look for the apache
binary at all since information about apache version are fetched from headers
at compile time.
- Require version 2.57 of autoconf as 2.53 seems to have an error in the
AC_PATH_PROG macro
kouril [Mon, 29 Mar 2004 15:16:38 +0000 (15:16 +0000)]
In order to distinguish between apache API v1.3 and v.2.0 use define
STANDARD20_MODULE_STUFF (from ap_config.h) instead of own APXS[12] variables
kouril [Mon, 29 Mar 2004 14:41:04 +0000 (14:41 +0000)]
- note_kerb_auth_failure() renamed to set_kerb_auth_headers()
- return also last value from gss_accept_sec_context() so client can perform
mutual authentication
kouril [Mon, 29 Mar 2004 13:49:00 +0000 (13:49 +0000)]
- don't pass a prompter callback to the password veryfying call
- Heimdal is able to handle anonymous memory caches so it's not necessary to use different (non-portable) code for ccache generation
kouril [Thu, 25 Mar 2004 11:27:56 +0000 (11:27 +0000)]
License changed from Apache to BSD
kouril [Tue, 23 Mar 2004 15:32:35 +0000 (15:32 +0000)]
Use GSS_C_NT_HOSTBASED_SERVICE instead of GSS_C_NT_USER_NAME in the gss_import_name()
Don't free the gss structs when additional GSS iterations are required
kouril [Wed, 25 Feb 2004 17:43:31 +0000 (17:43 +0000)]
Updated year in the license block
kouril [Wed, 25 Feb 2004 17:16:20 +0000 (17:16 +0000)]
Don't use DNS lookups when constructing the server principal name. This allows
to use the VirtualServer names as specified in the httpd.conf
kouril [Thu, 19 Feb 2004 15:17:18 +0000 (15:17 +0000)]
Added logging of error messages to the password verification part.
kouril [Wed, 11 Feb 2004 13:26:19 +0000 (13:26 +0000)]
restructuralized checks for krb5 enviroment
kouril [Tue, 10 Feb 2004 13:52:44 +0000 (13:52 +0000)]
Don't use the service name when reading the keytab. This should prevent from
problems between the MS and MIT krb5 implementation. (this fix works only with
1.3.x).
kouril [Thu, 5 Feb 2004 15:17:00 +0000 (15:17 +0000)]
Use different calls when generating memory ccache with Heimdal or MIT
kouril [Thu, 5 Feb 2004 15:12:08 +0000 (15:12 +0000)]
moved check for nonempty password to a proper place
kouril [Thu, 5 Feb 2004 14:05:50 +0000 (14:05 +0000)]
don't accept empty passwords
kouril [Thu, 5 Feb 2004 10:21:02 +0000 (10:21 +0000)]
Allow also authentication against a proxy server.
(see bug #880378 https://sourceforge.net/tracker/?func=detail&atid=464524&aid=880378&group_id=51775)
kouril [Tue, 13 Jan 2004 14:31:53 +0000 (14:31 +0000)]
Added omitted directive in the sample config
kouril [Mon, 12 Jan 2004 16:19:39 +0000 (16:19 +0000)]
really log minor GSS error messages
kouril [Mon, 12 Jan 2004 15:28:12 +0000 (15:28 +0000)]
fixed deleting files
kouril [Mon, 12 Jan 2004 15:17:43 +0000 (15:17 +0000)]
Copied installation guide from web pages
kouril [Mon, 12 Jan 2004 15:03:17 +0000 (15:03 +0000)]
better cleanup
kouril [Mon, 12 Jan 2004 13:49:52 +0000 (13:49 +0000)]
removed support for HAVE_KRB5_CC_GEN_NEW
kouril [Mon, 12 Jan 2004 13:44:21 +0000 (13:44 +0000)]
- Extended directories where the apache binaries are looked for
- A bit better support for installation without krb5-config
kouril [Wed, 7 Jan 2004 16:31:12 +0000 (16:31 +0000)]
Make sure local headers are used first
kouril [Wed, 7 Jan 2004 16:15:44 +0000 (16:15 +0000)]
Removed recursively called make; all objects required are set by the configure
script. This change should make it possible to use non-GNU make's.
kouril [Tue, 6 Jan 2004 14:31:39 +0000 (14:31 +0000)]
don't log automaticaly errno error messages
kouril [Tue, 6 Jan 2004 14:28:02 +0000 (14:28 +0000)]
enclose minor GSS error message into parenthesis
kouril [Sat, 27 Dec 2003 07:59:25 +0000 (07:59 +0000)]
- Added forgotten parenthesis
- The KrbMethodK4Pass and KrbMethodK5Pass options renamed to KrbMethodK4Passwd
and KrbMethodK5Passwd, respectively
kouril [Fri, 19 Dec 2003 16:45:02 +0000 (16:45 +0000)]
Don't overwrite the minor status from accept_sec_context()
kouril [Fri, 19 Dec 2003 16:41:54 +0000 (16:41 +0000)]
Don't offer the Negotiate method again when the client has failed to authenticate using GSS.
kouril [Fri, 19 Dec 2003 15:27:40 +0000 (15:27 +0000)]
let GSS error code propagate properly to the caller
kouril [Fri, 19 Dec 2003 11:34:13 +0000 (11:34 +0000)]
Increased version number before publishing a new release
kouril [Fri, 19 Dec 2003 09:53:46 +0000 (09:53 +0000)]
How to initialize the module
kouril [Thu, 18 Dec 2003 16:18:21 +0000 (16:18 +0000)]
removed '-o $@' since it has been announced to making troubles on Solaris (see
https://sourceforge.net/forum/forum.php?thread_id=991025&forum_id=171554)
kouril [Thu, 18 Dec 2003 15:16:14 +0000 (15:16 +0000)]
mark place to fix (don't offer Negotiate when some GSS call failed)
kouril [Thu, 18 Dec 2003 15:12:11 +0000 (15:12 +0000)]
properly initialize memory space so that it can be unallocated later.
kouril [Thu, 18 Dec 2003 14:12:54 +0000 (14:12 +0000)]
Don't wrap tokens returned by the acceptor with the SPNEGO oid specs
kouril [Wed, 17 Dec 2003 14:04:17 +0000 (14:04 +0000)]
Use `HTTP' as a default principal name for authentication, instead of `khttp'.
kouril [Wed, 17 Dec 2003 13:57:44 +0000 (13:57 +0000)]
Added the -c switch to apxs when doing installation. This enforce a new
compilation of the module itself but (hopefuly) prevents problems with libtool
and different target names generated by libtool on different platforms.
kouril [Sun, 14 Dec 2003 19:00:06 +0000 (19:00 +0000)]
Extended format of GSS error messages (human readable info on both minor_status
and major stator is printed out)
kouril [Thu, 11 Dec 2003 21:48:47 +0000 (21:48 +0000)]
use krb5_cc_resolve() and manualy created temporary files (generated with mkstemp) to create ccache. This should more portable.
kouril [Fri, 28 Nov 2003 22:45:57 +0000 (22:45 +0000)]
gssapi lib added to the `openbsd part'
kouril [Fri, 28 Nov 2003 22:41:18 +0000 (22:41 +0000)]
updated list of Heimdal libs for Openbsd
kouril [Sun, 23 Nov 2003 22:38:38 +0000 (22:38 +0000)]
Make configure work also with krb5 installations where the krb5-config command
is not available (suppose only Heimdal libraries in this case)
kouril [Mon, 17 Nov 2003 00:14:44 +0000 (00:14 +0000)]
Added 'make install' line
kouril [Sun, 16 Nov 2003 23:20:49 +0000 (23:20 +0000)]
Added #include <string.h> to make compiler stop complaining of memset() and memcmp() not being declared
kouril [Thu, 13 Nov 2003 15:18:51 +0000 (15:18 +0000)]
Check error values
kouril [Thu, 13 Nov 2003 15:01:28 +0000 (15:01 +0000)]
Corrected targets to prevent from useles compiling files that hasn't changed
kouril [Fri, 7 Nov 2003 15:29:25 +0000 (15:29 +0000)]
increased version number before creating a new release
kouril [Fri, 7 Nov 2003 15:23:15 +0000 (15:23 +0000)]
note the configure script
kouril [Thu, 6 Nov 2003 18:30:50 +0000 (18:30 +0000)]
- make krb_authoritative really work as it's supposed to
- use proper option type for the ServiceName option
kouril [Thu, 6 Nov 2003 18:29:54 +0000 (18:29 +0000)]
- don't forgot krb4 libs
kouril [Thu, 6 Nov 2003 16:58:14 +0000 (16:58 +0000)]
added -Ispnegokrb5
kouril [Tue, 4 Nov 2003 20:12:48 +0000 (20:12 +0000)]
Added support for the KrbAuthoritative option (if set by the admin to 'off' it
allows authentication control to pass on to another modules).