char *krb_auth_realms;
int krb_save_credentials;
int krb_verify_kdc;
+ char *krb_service_name;
#ifdef KRB5
char *krb_5_keytab;
int krb_method_gssapi;
command("KrbVerifyKDC", ap_set_flag_slot, krb_verify_kdc,
FLAG, "Verify tickets against keytab to prevent KDC spoofing attacks."),
+ command("KrbServiceName", ap_set_file_slot, krb_service_name,
+ TAKE1, "Service name to be used by Apache for authentication."),
+
#ifdef KRB5
command("Krb5Keytab", ap_set_file_slot, krb_5_keytab,
TAKE1, "Location of Kerberos V5 keytab file."),
rec = (kerb_auth_config *) ap_pcalloc(p, sizeof(kerb_auth_config));
((kerb_auth_config *)rec)->krb_verify_kdc = 1;
+ ((kerb_auth_config *)rec)->krb_service_name = "khttp";
#ifdef KRB5
((kerb_auth_config *)rec)->krb_method_k5pass = 1;
((kerb_auth_config *)rec)->krb_method_gssapi = 1;
ret = verify_krb4_user(r, (char *)sent_name,
(sent_instance) ? sent_instance : "",
- (char *)realm, (char *)sent_pw, "khttp",
+ (char *)realm, (char *)sent_pw,
+ conf->krb_service_name,
conf->krb_4_srvtab, conf->krb_verify_kdc);
if (ret == 0)
break;
if (code)
continue;
- code = verify_krb5_user(r, kcontext, client, ccache, sent_pw, "khttp",
+ code = verify_krb5_user(r, kcontext, client, ccache, sent_pw,
+ conf->krb_service_name,
keytab, conf->krb_verify_kdc);
if (code == 0)
break;
gss_name_t server_name = GSS_C_NO_NAME;
char buf[1024];
- snprintf(buf, sizeof(buf), "%s/%s", "khttp", ap_get_server_name(r));
+ snprintf(buf, sizeof(buf), "%s/%s", conf->krb_service_name, ap_get_server_name(r));
input_token.value = buf;
input_token.length = strlen(buf) + 1;