From: baalberith Date: Wed, 17 Sep 2008 14:01:55 +0000 (+0000) Subject: accepted patch [ 1809998 ] "Accept any incoming credential in keytab" with some minor... X-Git-Tag: v5.4~13 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_kerb.cvs%2F.git;a=commitdiff_plain;h=e9255f8d651e4c09d7f455ad8b51835f6fa204bf accepted patch [ 1809998 ] "Accept any incoming credential in keytab" with some minor changes --- diff --git a/README b/README index 4303e80..0906b7c 100644 --- a/README +++ b/README @@ -66,6 +66,8 @@ KrbServiceName server_principal is used. The FQDN part can contain any hostname and can be used to work around problems with misconfigured DNS. A corresponding key of this name must be stored in the keytab. + If this option is set to 'Any', then any prinicpal from the keytab which + matches the client's request may be used. Krb4Srvtab /path/to/srvtab This option takes one argument, specifying the path to the Kerberos V4 diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c index 587e930..3f3a3fb 100644 --- a/src/mod_auth_kerb.c +++ b/src/mod_auth_kerb.c @@ -897,6 +897,10 @@ authenticate_user_krb5pwd(request_rec *r, int all_principals_unkown; char *p = NULL; + //temporary fix for KrbServiceName Any + if (conf->krb_service_name && strcmp(conf->krb_service_name,"Any") == 0) + snprintf(conf->krb_service_name, 5,"%s","HTTP"); + code = krb5_init_context(&kcontext); if (code) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, @@ -1154,6 +1158,10 @@ get_gss_creds(request_rec *r, have_server_princ = conf->krb_service_name && strchr(conf->krb_service_name, '/') != NULL; if (have_server_princ) strncpy(buf, conf->krb_service_name, sizeof(buf)); + else if (conf->krb_service_name && strcmp(conf->krb_service_name,"Any") == 0) { + *server_creds = GSS_C_NO_CREDENTIAL; + return 0; + } else snprintf(buf, sizeof(buf), "%s@%s", (conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME,