summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Simo Sorce [Sat, 12 Apr 2014 22:14:37 +0000 (18:14 -0400)]
Register optional functions
Simo Sorce [Thu, 13 Mar 2014 20:02:03 +0000 (16:02 -0400)]
Implement checking for TLS connections
Obey the GSSSSLOnly setting.
Simo Sorce [Sun, 9 Mar 2014 20:24:34 +0000 (16:24 -0400)]
Allow context to be attached to the connection
This means the authentication is not repeated for every request but
is retained for the life of the connection.
This may be a security issue if a frontend proxy shares connections
between multiple users so must be used with care.
RFC 4559 warns that clients should not try SPNEGO if such a proxy
is present. Unfortuntely the RFC assumes a non-standard method to
determine if a proxy maintain separate connections.
Simo Sorce [Sun, 9 Mar 2014 21:16:12 +0000 (17:16 -0400)]
Fix module name
The module structure name used throughout the code didn't match the
name of the initialized structure, so the one used was always
uninitialized.
Simo Sorce [Sat, 8 Mar 2014 19:23:28 +0000 (14:23 -0500)]
Add option to map GSS Name to local Name
Always preserves the received name in GSS_NAME.
In the kereberos case this will result in the environment variable
called GSS_NAME the user's principal, while REMOTE_USER will contain
the user name as mapped by the kerberos library.
Simo Sorce [Sat, 15 Feb 2014 22:33:31 +0000 (17:33 -0500)]
Use the cred_store extension to save credentials
Simo Sorce [Sat, 15 Feb 2014 22:33:00 +0000 (17:33 -0500)]
Fix warnings
Simo Sorce [Sat, 15 Feb 2014 20:59:06 +0000 (15:59 -0500)]
Add initial configure scripts
Simo Sorce [Thu, 13 Feb 2014 22:52:39 +0000 (17:52 -0500)]
Example apache module conf
Simo Sorce [Tue, 28 Jan 2014 02:26:55 +0000 (21:26 -0500)]
Initial code
Signed-off-by: Simo Sorce <simo@redhat.com>
projects / mod_auth_gssapi.git / log