From e9255f8d651e4c09d7f455ad8b51835f6fa204bf Mon Sep 17 00:00:00 2001 From: baalberith Date: Wed, 17 Sep 2008 14:01:55 +0000 Subject: [PATCH] accepted patch [ 1809998 ] "Accept any incoming credential in keytab" with some minor changes --- README | 2 ++ src/mod_auth_kerb.c | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/README b/README index 4303e80..0906b7c 100644 --- a/README +++ b/README @@ -66,6 +66,8 @@ KrbServiceName server_principal is used. The FQDN part can contain any hostname and can be used to work around problems with misconfigured DNS. A corresponding key of this name must be stored in the keytab. + If this option is set to 'Any', then any prinicpal from the keytab which + matches the client's request may be used. Krb4Srvtab /path/to/srvtab This option takes one argument, specifying the path to the Kerberos V4 diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c index 587e930..3f3a3fb 100644 --- a/src/mod_auth_kerb.c +++ b/src/mod_auth_kerb.c @@ -897,6 +897,10 @@ authenticate_user_krb5pwd(request_rec *r, int all_principals_unkown; char *p = NULL; + //temporary fix for KrbServiceName Any + if (conf->krb_service_name && strcmp(conf->krb_service_name,"Any") == 0) + snprintf(conf->krb_service_name, 5,"%s","HTTP"); + code = krb5_init_context(&kcontext); if (code) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, @@ -1154,6 +1158,10 @@ get_gss_creds(request_rec *r, have_server_princ = conf->krb_service_name && strchr(conf->krb_service_name, '/') != NULL; if (have_server_princ) strncpy(buf, conf->krb_service_name, sizeof(buf)); + else if (conf->krb_service_name && strcmp(conf->krb_service_name,"Any") == 0) { + *server_creds = GSS_C_NO_CREDENTIAL; + return 0; + } else snprintf(buf, sizeof(buf), "%s@%s", (conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME, -- 2.1.4