From: kouril Date: Sun, 19 Feb 2006 14:58:41 +0000 (+0000) Subject: Commented out all KrbEnableSSLPreauthentication related stuff as it depends on X-Git-Tag: v5.0~16 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_kerb.git;a=commitdiff_plain;h=c3b8ef8fc0362ecc9c30737109a2e20998ccf4d1 Commented out all KrbEnableSSLPreauthentication related stuff as it depends on the mod_ssl internals (ssl_var_lookup). --- diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c index 64a0a12..7c495c4 100644 --- a/src/mod_auth_kerb.c +++ b/src/mod_auth_kerb.c @@ -154,7 +154,9 @@ typedef struct { const char *krb_service_name; int krb_authoritative; int krb_delegate_basic; +#ifdef 0 int krb_ssl_preauthentication; +#endif #ifdef KRB5 char *krb_5_keytab; int krb_method_gssapi; @@ -207,8 +209,10 @@ static const command_rec kerb_auth_cmds[] = { command("KrbDelegateBasic", ap_set_flag_slot, krb_delegate_basic, FLAG, "Always offer Basic authentication regardless of KrbMethodK5Pass and pass on authentication to lower modules if Basic headers arrive."), +#ifdef 0 command("KrbEnableSSLPreauthentication", ap_set_flag_slot, krb_ssl_preauthentication, FLAG, "Don't do Kerberos authentication if the user is already authenticated using SSL and her client certificate."), +#endif #ifdef KRB5 command("Krb5Keytab", ap_set_file_slot, krb_5_keytab, @@ -308,7 +312,9 @@ static void *kerb_dir_create_config(MK_POOL *p, char *d) ((kerb_auth_config *)rec)->krb_service_name = NULL; ((kerb_auth_config *)rec)->krb_authoritative = 1; ((kerb_auth_config *)rec)->krb_delegate_basic = 0; +#if 0 ((kerb_auth_config *)rec)->krb_ssl_preauthentication = 0; +#endif #ifdef KRB5 ((kerb_auth_config *)rec)->krb_method_k5pass = 1; ((kerb_auth_config *)rec)->krb_method_gssapi = 1; @@ -1487,6 +1493,7 @@ kerb_authenticate_user(request_rec *r) else return DECLINED; +#if 0 if (conf->krb_ssl_preauthentication) { const char *ssl_client_verify = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_VERIFY"); @@ -1494,6 +1501,7 @@ kerb_authenticate_user(request_rec *r) if (ssl_client_verify && strcmp(ssl_client_verify, "SUCCESS") == 0) return OK; } +#endif /* get what the user sent us in the HTTP header */ auth_line = MK_TABLE_GET(r->headers_in, (r->proxyreq == PROXYREQ_PROXY)