}
/* And this is the operations vector for our replay cache */
-const krb5_rc_ops_internal mod_auth_kerb_rc_ops = {
+static const krb5_rc_ops_internal mod_auth_kerb_rc_ops = {
0,
"dfl",
krb5_rc_dfl_init,
user = apr_pstrcat(r->pool, user, "@", realm, NULL);
MK_USER = user;
- MK_AUTH_TYPE = "Basic";
+ MK_AUTH_TYPE = "Kerberos";
apr_table_setn(r->subprocess_env, "KRBTKFILE", tkt_file_p);
if (!conf->krb_save_credentials)
static krb5_error_code
verify_krb5_user(request_rec *r, krb5_context context, krb5_principal principal,
const char *password, krb5_principal server,
- krb5_keytab keytab, int krb_verify_kdc, const char *krb_service_name, krb5_ccache *ccache)
+ krb5_keytab keytab, int krb_verify_kdc,
+ const char *krb_service_name, krb5_ccache *ccache)
{
krb5_creds creds;
krb5_get_init_creds_opt options;
goto end;
}
MK_USER = apr_pstrdup (r->pool, name);
- MK_AUTH_TYPE = "Basic";
+ MK_AUTH_TYPE = "Kerberos";
free(name);
if (conf->krb_save_credentials)
return 0;
}
+#ifndef GSSAPI_SUPPORTS_SPNEGO
static int
cmp_gss_type(gss_buffer_t token, gss_OID oid)
{
return memcmp(p, oid->elements, oid->length);
}
+#endif
static int
authenticate_user_gss(request_rec *r, kerb_auth_config *conf,
goto end;
}
-#if 0
- /* This is a _Kerberos_ module so multiple authentication rounds aren't
- * supported. If we wanted a generic GSS authentication we would have to do
- * some magic with exporting context etc. */
+ /* Multiple authentication rounds aren't supported. If we wanted a generic
+ * GSS authentication we would have to do some magic with exporting context
+ * etc. */
if (major_status & GSS_S_CONTINUE_NEEDED) {
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Multi-iteration authentication isn't supported");
ret = HTTP_UNAUTHORIZED;
goto end;
}
-#endif
major_status = gss_display_name(&minor_status, client_name, &output_token, NULL);
gss_release_name(&minor_status, &client_name);
return ret;
}
-int
+static int
have_rcache_type(const char *type)
{
krb5_error_code ret;