for the client. Otherwise the client received an Negotiate header and tried to
authenticate using GSSAPI again and again, which is annoying when the user in
question pass the authentication but isn't authorized.
"GSS-API token of length %d bytes will be sent back",
output_token.length);
gss_release_buffer(&minor_status2, &output_token);
"GSS-API token of length %d bytes will be sent back",
output_token.length);
gss_release_buffer(&minor_status2, &output_token);
+ set_kerb_auth_headers(r, conf, 0, 0, *negotiate_ret_value);
}
if (GSS_ERROR(major_status)) {
}
if (GSS_ERROR(major_status)) {
if (conf->krb_save_credentials && delegated_cred != GSS_C_NO_CREDENTIAL)
store_gss_creds(r, conf, (char *)output_token.value, delegated_cred);
if (conf->krb_save_credentials && delegated_cred != GSS_C_NO_CREDENTIAL)
store_gss_creds(r, conf, (char *)output_token.value, delegated_cred);
- if (*negotiate_ret_value)
- set_kerb_auth_headers(r, conf, 0, 0, *negotiate_ret_value);
-
gss_release_buffer(&minor_status, &output_token);
ret = OK;
gss_release_buffer(&minor_status, &output_token);
ret = OK;