const char *krb_service_name;
int krb_authoritative;
int krb_delegate_basic;
+#ifdef 0
int krb_ssl_preauthentication;
+#endif
#ifdef KRB5
char *krb_5_keytab;
int krb_method_gssapi;
command("KrbDelegateBasic", ap_set_flag_slot, krb_delegate_basic,
FLAG, "Always offer Basic authentication regardless of KrbMethodK5Pass and pass on authentication to lower modules if Basic headers arrive."),
+#ifdef 0
command("KrbEnableSSLPreauthentication", ap_set_flag_slot, krb_ssl_preauthentication,
FLAG, "Don't do Kerberos authentication if the user is already authenticated using SSL and her client certificate."),
+#endif
#ifdef KRB5
command("Krb5Keytab", ap_set_file_slot, krb_5_keytab,
((kerb_auth_config *)rec)->krb_service_name = NULL;
((kerb_auth_config *)rec)->krb_authoritative = 1;
((kerb_auth_config *)rec)->krb_delegate_basic = 0;
+#if 0
((kerb_auth_config *)rec)->krb_ssl_preauthentication = 0;
+#endif
#ifdef KRB5
((kerb_auth_config *)rec)->krb_method_k5pass = 1;
((kerb_auth_config *)rec)->krb_method_gssapi = 1;
else
return DECLINED;
+#if 0
if (conf->krb_ssl_preauthentication) {
const char *ssl_client_verify = ssl_var_lookup(r->pool, r->server,
r->connection, r, "SSL_CLIENT_VERIFY");
if (ssl_client_verify && strcmp(ssl_client_verify, "SUCCESS") == 0)
return OK;
}
+#endif
/* get what the user sent us in the HTTP header */
auth_line = MK_TABLE_GET(r->headers_in, (r->proxyreq == PROXYREQ_PROXY)