From: kouril Date: Fri, 29 Apr 2005 15:51:53 +0000 (+0000) Subject: Only reply with the Negotiate set if the gss_accept_sec_context returned data X-Git-Tag: v5.0~22 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_kerb.cvs%2F.git;a=commitdiff_plain;h=bdad835de766bab10152fba1c50ffb14725f2d25 Only reply with the Negotiate set if the gss_accept_sec_context returned data for the client. Otherwise the client received an Negotiate header and tried to authenticate using GSSAPI again and again, which is annoying when the user in question pass the authentication but isn't authorized. --- diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c index 4b5505d..3b5393f 100644 --- a/src/mod_auth_kerb.c +++ b/src/mod_auth_kerb.c @@ -1285,6 +1285,7 @@ authenticate_user_gss(request_rec *r, kerb_auth_config *conf, "GSS-API token of length %d bytes will be sent back", output_token.length); gss_release_buffer(&minor_status2, &output_token); + set_kerb_auth_headers(r, conf, 0, 0, *negotiate_ret_value); } if (GSS_ERROR(major_status)) { @@ -1327,9 +1328,6 @@ authenticate_user_gss(request_rec *r, kerb_auth_config *conf, if (conf->krb_save_credentials && delegated_cred != GSS_C_NO_CREDENTIAL) store_gss_creds(r, conf, (char *)output_token.value, delegated_cred); - if (*negotiate_ret_value) - set_kerb_auth_headers(r, conf, 0, 0, *negotiate_ret_value); - gss_release_buffer(&minor_status, &output_token); ret = OK;