projects
/
mod_auth_kerb.cvs
/
.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
36747dc
)
accepted patch [ 1809998 ] "Accept any incoming credential in keytab" with some minor...
author
baalberith
<baalberith>
Wed, 17 Sep 2008 14:01:55 +0000
(14:01 +0000)
committer
baalberith
<baalberith>
Wed, 17 Sep 2008 14:01:55 +0000
(14:01 +0000)
README
patch
|
blob
|
history
src/mod_auth_kerb.c
patch
|
blob
|
history
diff --git
a/README
b/README
index
4303e80
..
0906b7c
100644
(file)
--- a/
README
+++ b/
README
@@
-66,6
+66,8
@@
KrbServiceName server_principal
is used. The FQDN part can contain any hostname and can be used to work
around problems with misconfigured DNS. A corresponding key of this name
must be stored in the keytab.
is used. The FQDN part can contain any hostname and can be used to work
around problems with misconfigured DNS. A corresponding key of this name
must be stored in the keytab.
+ If this option is set to 'Any', then any prinicpal from the keytab which
+ matches the client's request may be used.
Krb4Srvtab /path/to/srvtab
This option takes one argument, specifying the path to the Kerberos V4
Krb4Srvtab /path/to/srvtab
This option takes one argument, specifying the path to the Kerberos V4
diff --git
a/src/mod_auth_kerb.c
b/src/mod_auth_kerb.c
index
587e930
..
3f3a3fb
100644
(file)
--- a/
src/mod_auth_kerb.c
+++ b/
src/mod_auth_kerb.c
@@
-897,6
+897,10
@@
authenticate_user_krb5pwd(request_rec *r,
int all_principals_unkown;
char *p = NULL;
int all_principals_unkown;
char *p = NULL;
+ //temporary fix for KrbServiceName Any
+ if (conf->krb_service_name && strcmp(conf->krb_service_name,"Any") == 0)
+ snprintf(conf->krb_service_name, 5,"%s","HTTP");
+
code = krb5_init_context(&kcontext);
if (code) {
log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
code = krb5_init_context(&kcontext);
if (code) {
log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
@@
-1154,6
+1158,10
@@
get_gss_creds(request_rec *r,
have_server_princ = conf->krb_service_name && strchr(conf->krb_service_name, '/') != NULL;
if (have_server_princ)
strncpy(buf, conf->krb_service_name, sizeof(buf));
have_server_princ = conf->krb_service_name && strchr(conf->krb_service_name, '/') != NULL;
if (have_server_princ)
strncpy(buf, conf->krb_service_name, sizeof(buf));
+ else if (conf->krb_service_name && strcmp(conf->krb_service_name,"Any") == 0) {
+ *server_creds = GSS_C_NO_CREDENTIAL;
+ return 0;
+ }
else
snprintf(buf, sizeof(buf), "%s@%s",
(conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME,
else
snprintf(buf, sizeof(buf), "%s@%s",
(conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME,