From: baalberith Date: Fri, 8 Aug 2008 11:56:55 +0000 (+0000) Subject: added auth name to local name mapping. Tickets [1957143], [1303627], [2013838 ],... X-Git-Tag: v5.4~16 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_kerb.cvs%2F.git;a=commitdiff_plain;h=63e4b95f4590f55bfb90437754dce3ac46380ef9 added auth name to local name mapping. Tickets [1957143], [1303627], [2013838 ], [1809803], [1373783], [1611526] --- diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c index 1fb4603..b120a09 100644 --- a/src/mod_auth_kerb.c +++ b/src/mod_auth_kerb.c @@ -165,6 +165,7 @@ typedef struct { char *krb_5_keytab; int krb_method_gssapi; int krb_method_k5pass; + int krb5_do_auth_to_local; #endif #ifdef KRB4 char *krb_4_srvtab; @@ -227,6 +228,9 @@ static const command_rec kerb_auth_cmds[] = { command("KrbMethodK5Passwd", ap_set_flag_slot, krb_method_k5pass, FLAG, "Enable Kerberos V5 password authentication."), + + command("Krb5TrimRealm", ap_set_flag_slot, krb5_do_auth_to_local, + FLAG, "Set to 'on' to have Kerberos do auth_to_local mapping of principal names to system user names."), #endif #ifdef KRB4 @@ -303,6 +307,10 @@ const krb5_rc_ops_internal mod_auth_kerb_rc_ops = { }; #endif +/*************************************************************************** + Macro To Control krb5_aname_to_localname buffer size + ***************************************************************************/ +#define AN_TO_LN_BUFFSIZE_MAX 1024 /*************************************************************************** Auth Configuration Initialization @@ -320,6 +328,7 @@ static void *kerb_dir_create_config(MK_POOL *p, char *d) ((kerb_auth_config *)rec)->krb_ssl_preauthentication = 0; #endif #ifdef KRB5 + ((kerb_auth_config *)rec)->krb5_do_auth_to_local = 0; ((kerb_auth_config *)rec)->krb_method_k5pass = 1; ((kerb_auth_config *)rec)->krb_method_gssapi = 1; #endif @@ -1012,7 +1021,10 @@ authenticate_user_krb5pwd(request_rec *r, if (conf->krb_save_credentials) store_krb5_creds(kcontext, r, conf, ccache); - + + if (conf->krb5_do_auth_to_local) { + krb5_aname_to_localname(kcontext, client, AN_TO_LN_BUFFSIZE_MAX, MK_USER); + } ret = OK; end: