From bdad835de766bab10152fba1c50ffb14725f2d25 Mon Sep 17 00:00:00 2001 From: kouril Date: Fri, 29 Apr 2005 15:51:53 +0000 Subject: [PATCH] Only reply with the Negotiate set if the gss_accept_sec_context returned data for the client. Otherwise the client received an Negotiate header and tried to authenticate using GSSAPI again and again, which is annoying when the user in question pass the authentication but isn't authorized. --- src/mod_auth_kerb.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c index 4b5505d..3b5393f 100644 --- a/src/mod_auth_kerb.c +++ b/src/mod_auth_kerb.c @@ -1285,6 +1285,7 @@ authenticate_user_gss(request_rec *r, kerb_auth_config *conf, "GSS-API token of length %d bytes will be sent back", output_token.length); gss_release_buffer(&minor_status2, &output_token); + set_kerb_auth_headers(r, conf, 0, 0, *negotiate_ret_value); } if (GSS_ERROR(major_status)) { @@ -1327,9 +1328,6 @@ authenticate_user_gss(request_rec *r, kerb_auth_config *conf, if (conf->krb_save_credentials && delegated_cred != GSS_C_NO_CREDENTIAL) store_gss_creds(r, conf, (char *)output_token.value, delegated_cred); - if (*negotiate_ret_value) - set_kerb_auth_headers(r, conf, 0, 0, *negotiate_ret_value); - gss_release_buffer(&minor_status, &output_token); ret = OK; -- 2.1.4