kouril [Wed, 8 Jun 2005 10:32:55 +0000 (10:32 +0000)]
- Be more compatible with the development apache branch. Allow working with
APR 1.x and 2.2.
- Avoid some warnings
(thanks to Joe Orton for this patch, 23 May 2005 14:00:57)
kouril [Fri, 3 Jun 2005 16:58:24 +0000 (16:58 +0000)]
mozilla prefs
kouril [Fri, 29 Apr 2005 15:51:53 +0000 (15:51 +0000)]
Only reply with the Negotiate set if the gss_accept_sec_context returned data
for the client. Otherwise the client received an Negotiate header and tried to
authenticate using GSSAPI again and again, which is annoying when the user in
question pass the authentication but isn't authorized.
kouril [Wed, 9 Mar 2005 12:27:26 +0000 (12:27 +0000)]
Added year 2005 to the license block
kouril [Thu, 17 Feb 2005 12:43:34 +0000 (12:43 +0000)]
Added a debug program that performs conversions from DNS names to realms.
(Thanks to Jari Ahonen for it).
kouril [Thu, 17 Feb 2005 12:38:59 +0000 (12:38 +0000)]
Don't prohibit specifying realm is user name
kouril [Fri, 11 Feb 2005 14:02:06 +0000 (14:02 +0000)]
Added type-casting to avoid warning from the compiler
kouril [Thu, 6 Jan 2005 10:25:40 +0000 (10:25 +0000)]
added a short note about Konqueror
kouril [Fri, 5 Nov 2004 13:42:26 +0000 (13:42 +0000)]
Used gsskrb5_register_acceptor_identity() to specify the keytab (some installations seems to have problems reading the filename from the environment)
kouril [Mon, 1 Nov 2004 22:25:07 +0000 (22:25 +0000)]
Added more debug messages
kouril [Tue, 5 Oct 2004 09:18:12 +0000 (09:18 +0000)]
Description of delegation support in Win AD (thanks Rob Sessink)
kouril [Thu, 16 Sep 2004 12:47:25 +0000 (12:47 +0000)]
don't dereference NULL pointer
kouril [Thu, 16 Sep 2004 11:53:06 +0000 (11:53 +0000)]
specify the realm name when calling krb5_parse_name(). MIT seems not to use the realm set by krb5_set_default_realm()
kouril [Thu, 16 Sep 2004 09:57:33 +0000 (09:57 +0000)]
forgot spnego-specific asn.1 sources
kouril [Thu, 16 Sep 2004 08:55:27 +0000 (08:55 +0000)]
Don't compile ASN.1 routines when using Heimdal -- use the ones from Heimdal
kouril [Thu, 16 Sep 2004 08:42:00 +0000 (08:42 +0000)]
delete .libs directories during 'clean'-ing
kouril [Thu, 2 Sep 2004 13:08:04 +0000 (13:08 +0000)]
Centrally #define:ed name of the Negotiate method
kouril [Thu, 26 Aug 2004 09:02:54 +0000 (09:02 +0000)]
corrected wrong parameters printed during debugging
kouril [Mon, 16 Aug 2004 13:20:53 +0000 (13:20 +0000)]
Added changes to enable compiling on Windows (most likely not sufficient)
- Added standard includes
- use {_vs,_s}nprintf instead of {vs,s}nprintf
- added implementation of the mkstemp() call (taken from heimdal)
kouril [Tue, 10 Aug 2004 12:01:01 +0000 (12:01 +0000)]
Added flag RSRC_CONF to the directives definitions so they can be set in the
server-wide config file as well
kouril [Thu, 8 Jul 2004 12:05:43 +0000 (12:05 +0000)]
Increased the release number
kouril [Thu, 8 Jul 2004 12:02:51 +0000 (12:02 +0000)]
typo
kouril [Thu, 8 Jul 2004 12:00:07 +0000 (12:00 +0000)]
note about debugging of Mozilla
kouril [Thu, 8 Jul 2004 11:52:03 +0000 (11:52 +0000)]
Changes by Jari Ahonen
kouril [Mon, 5 Jul 2004 20:47:42 +0000 (20:47 +0000)]
Don't remove the configure script during distclean
kouril [Thu, 1 Jul 2004 08:54:54 +0000 (08:54 +0000)]
when logging a service name use the name processed by GSSAPI
kouril [Thu, 1 Jul 2004 07:20:41 +0000 (07:20 +0000)]
Use cannonical DNS name when constructing the principal for passwd verification (to be consistent with GSSAPI)
kouril [Tue, 29 Jun 2004 10:56:01 +0000 (10:56 +0000)]
Added warning when NTLM authenticator is received
kouril [Fri, 25 Jun 2004 06:42:25 +0000 (06:42 +0000)]
rather FIXME notes
kouril [Thu, 24 Jun 2004 08:02:04 +0000 (08:02 +0000)]
Added more debug messages
kouril [Thu, 24 Jun 2004 07:01:41 +0000 (07:01 +0000)]
Handle KerberosV5/KerberosV4 values of AuthType properly
kouril [Tue, 22 Jun 2004 14:36:26 +0000 (14:36 +0000)]
Corrected debug messages
kouril [Sun, 6 Jun 2004 21:49:00 +0000 (21:49 +0000)]
Rewritten installation guide
kouril [Fri, 4 Jun 2004 09:10:44 +0000 (09:10 +0000)]
two more debugging messages
kouril [Fri, 4 Jun 2004 08:52:48 +0000 (08:52 +0000)]
Added a new directive (KrbDelegateBasic), which can be used to pass on authentication decision to another modules.
kouril [Fri, 4 Jun 2004 08:39:00 +0000 (08:39 +0000)]
Allow the module to work in the proxy mode correctly (don't swallow authentication headers). This commit fixes bug reported at
http://sourceforge.net/tracker/index.php?func=detail&aid=954085&group_id=51775&atid=464524
kouril [Tue, 1 Jun 2004 14:13:49 +0000 (14:13 +0000)]
Use the resolv library when checking for krb5_init_context()
kouril [Tue, 1 Jun 2004 12:28:50 +0000 (12:28 +0000)]
Added fields to the module declaration (in 1.3.x part) required by EAPI
kouril [Mon, 3 May 2004 06:46:22 +0000 (06:46 +0000)]
Added suffix '_internal' to all definitions copied from provate MIT header to avoid possible conflicts
kouril [Fri, 30 Apr 2004 11:51:41 +0000 (11:51 +0000)]
added a debugging message
kouril [Tue, 27 Apr 2004 14:17:20 +0000 (14:17 +0000)]
typos
kouril [Tue, 27 Apr 2004 14:14:08 +0000 (14:14 +0000)]
increase version number to be ready for a new release
kouril [Tue, 27 Apr 2004 14:05:24 +0000 (14:05 +0000)]
Added MIT license statements
kouril [Tue, 27 Apr 2004 12:12:06 +0000 (12:12 +0000)]
basicaly typos
kouril [Fri, 23 Apr 2004 12:19:37 +0000 (12:19 +0000)]
krb5 ccache is initialized only after the password verification succeeds
kouril [Wed, 21 Apr 2004 16:15:22 +0000 (16:15 +0000)]
Added header includes and other minor fixes
kouril [Wed, 21 Apr 2004 10:15:04 +0000 (10:15 +0000)]
really use auth_context prepared
kouril [Fri, 16 Apr 2004 22:19:58 +0000 (22:19 +0000)]
added header containing internal MIT definitions
kouril [Fri, 16 Apr 2004 20:44:37 +0000 (20:44 +0000)]
First attempt of working around replay cache (thanks to Jari Ahonen for the GSSAPI part)
kouril [Tue, 13 Apr 2004 15:58:39 +0000 (15:58 +0000)]
- Don't use global structures to persistently store gss context. Support only
krb5 which requires single gssapi authentication iteration.
kouril [Fri, 9 Apr 2004 13:05:29 +0000 (13:05 +0000)]
Mark a few places where a debug logging should be added
kouril [Thu, 1 Apr 2004 08:21:44 +0000 (08:21 +0000)]
- Use macro AC_PATH_PROG to find the apxs command, don't look for the apache
binary at all since information about apache version are fetched from headers
at compile time.
- Require version 2.57 of autoconf as 2.53 seems to have an error in the
AC_PATH_PROG macro
kouril [Mon, 29 Mar 2004 15:16:38 +0000 (15:16 +0000)]
In order to distinguish between apache API v1.3 and v.2.0 use define
STANDARD20_MODULE_STUFF (from ap_config.h) instead of own APXS[12] variables
kouril [Mon, 29 Mar 2004 14:41:04 +0000 (14:41 +0000)]
- note_kerb_auth_failure() renamed to set_kerb_auth_headers()
- return also last value from gss_accept_sec_context() so client can perform
mutual authentication
kouril [Mon, 29 Mar 2004 13:49:00 +0000 (13:49 +0000)]
- don't pass a prompter callback to the password veryfying call
- Heimdal is able to handle anonymous memory caches so it's not necessary to use different (non-portable) code for ccache generation
kouril [Thu, 25 Mar 2004 11:27:56 +0000 (11:27 +0000)]
License changed from Apache to BSD
kouril [Tue, 23 Mar 2004 15:32:35 +0000 (15:32 +0000)]
Use GSS_C_NT_HOSTBASED_SERVICE instead of GSS_C_NT_USER_NAME in the gss_import_name()
Don't free the gss structs when additional GSS iterations are required
kouril [Wed, 25 Feb 2004 17:43:31 +0000 (17:43 +0000)]
Updated year in the license block
kouril [Wed, 25 Feb 2004 17:16:20 +0000 (17:16 +0000)]
Don't use DNS lookups when constructing the server principal name. This allows
to use the VirtualServer names as specified in the httpd.conf
kouril [Thu, 19 Feb 2004 15:17:18 +0000 (15:17 +0000)]
Added logging of error messages to the password verification part.
kouril [Wed, 11 Feb 2004 13:26:19 +0000 (13:26 +0000)]
restructuralized checks for krb5 enviroment
kouril [Tue, 10 Feb 2004 13:52:44 +0000 (13:52 +0000)]
Don't use the service name when reading the keytab. This should prevent from
problems between the MS and MIT krb5 implementation. (this fix works only with
1.3.x).
kouril [Thu, 5 Feb 2004 15:17:00 +0000 (15:17 +0000)]
Use different calls when generating memory ccache with Heimdal or MIT
kouril [Thu, 5 Feb 2004 15:12:08 +0000 (15:12 +0000)]
moved check for nonempty password to a proper place
kouril [Thu, 5 Feb 2004 14:05:50 +0000 (14:05 +0000)]
don't accept empty passwords
kouril [Thu, 5 Feb 2004 10:21:02 +0000 (10:21 +0000)]
Allow also authentication against a proxy server.
(see bug #880378 https://sourceforge.net/tracker/?func=detail&atid=464524&aid=880378&group_id=51775)
kouril [Tue, 13 Jan 2004 14:31:53 +0000 (14:31 +0000)]
Added omitted directive in the sample config
kouril [Mon, 12 Jan 2004 16:19:39 +0000 (16:19 +0000)]
really log minor GSS error messages
kouril [Mon, 12 Jan 2004 15:28:12 +0000 (15:28 +0000)]
fixed deleting files
kouril [Mon, 12 Jan 2004 15:17:43 +0000 (15:17 +0000)]
Copied installation guide from web pages
kouril [Mon, 12 Jan 2004 15:03:17 +0000 (15:03 +0000)]
better cleanup
kouril [Mon, 12 Jan 2004 13:49:52 +0000 (13:49 +0000)]
removed support for HAVE_KRB5_CC_GEN_NEW
kouril [Mon, 12 Jan 2004 13:44:21 +0000 (13:44 +0000)]
- Extended directories where the apache binaries are looked for
- A bit better support for installation without krb5-config
kouril [Wed, 7 Jan 2004 16:31:12 +0000 (16:31 +0000)]
Make sure local headers are used first
kouril [Wed, 7 Jan 2004 16:15:44 +0000 (16:15 +0000)]
Removed recursively called make; all objects required are set by the configure
script. This change should make it possible to use non-GNU make's.
kouril [Tue, 6 Jan 2004 14:31:39 +0000 (14:31 +0000)]
don't log automaticaly errno error messages
kouril [Tue, 6 Jan 2004 14:28:02 +0000 (14:28 +0000)]
enclose minor GSS error message into parenthesis
kouril [Sat, 27 Dec 2003 07:59:25 +0000 (07:59 +0000)]
- Added forgotten parenthesis
- The KrbMethodK4Pass and KrbMethodK5Pass options renamed to KrbMethodK4Passwd
and KrbMethodK5Passwd, respectively
kouril [Fri, 19 Dec 2003 16:45:02 +0000 (16:45 +0000)]
Don't overwrite the minor status from accept_sec_context()
kouril [Fri, 19 Dec 2003 16:41:54 +0000 (16:41 +0000)]
Don't offer the Negotiate method again when the client has failed to authenticate using GSS.
kouril [Fri, 19 Dec 2003 15:27:40 +0000 (15:27 +0000)]
let GSS error code propagate properly to the caller
kouril [Fri, 19 Dec 2003 11:34:13 +0000 (11:34 +0000)]
Increased version number before publishing a new release
kouril [Fri, 19 Dec 2003 09:53:46 +0000 (09:53 +0000)]
How to initialize the module
kouril [Thu, 18 Dec 2003 16:18:21 +0000 (16:18 +0000)]
removed '-o $@' since it has been announced to making troubles on Solaris (see
https://sourceforge.net/forum/forum.php?thread_id=991025&forum_id=171554)
kouril [Thu, 18 Dec 2003 15:16:14 +0000 (15:16 +0000)]
mark place to fix (don't offer Negotiate when some GSS call failed)
kouril [Thu, 18 Dec 2003 15:12:11 +0000 (15:12 +0000)]
properly initialize memory space so that it can be unallocated later.
kouril [Thu, 18 Dec 2003 14:12:54 +0000 (14:12 +0000)]
Don't wrap tokens returned by the acceptor with the SPNEGO oid specs
kouril [Wed, 17 Dec 2003 14:04:17 +0000 (14:04 +0000)]
Use `HTTP' as a default principal name for authentication, instead of `khttp'.
kouril [Wed, 17 Dec 2003 13:57:44 +0000 (13:57 +0000)]
Added the -c switch to apxs when doing installation. This enforce a new
compilation of the module itself but (hopefuly) prevents problems with libtool
and different target names generated by libtool on different platforms.
kouril [Sun, 14 Dec 2003 19:00:06 +0000 (19:00 +0000)]
Extended format of GSS error messages (human readable info on both minor_status
and major stator is printed out)
kouril [Thu, 11 Dec 2003 21:48:47 +0000 (21:48 +0000)]
use krb5_cc_resolve() and manualy created temporary files (generated with mkstemp) to create ccache. This should more portable.
kouril [Fri, 28 Nov 2003 22:45:57 +0000 (22:45 +0000)]
gssapi lib added to the `openbsd part'
kouril [Fri, 28 Nov 2003 22:41:18 +0000 (22:41 +0000)]
updated list of Heimdal libs for Openbsd
kouril [Sun, 23 Nov 2003 22:38:38 +0000 (22:38 +0000)]
Make configure work also with krb5 installations where the krb5-config command
is not available (suppose only Heimdal libraries in this case)
kouril [Mon, 17 Nov 2003 00:14:44 +0000 (00:14 +0000)]
Added 'make install' line
kouril [Sun, 16 Nov 2003 23:20:49 +0000 (23:20 +0000)]
Added #include <string.h> to make compiler stop complaining of memset() and memcmp() not being declared
kouril [Thu, 13 Nov 2003 15:18:51 +0000 (15:18 +0000)]
Check error values
kouril [Thu, 13 Nov 2003 15:01:28 +0000 (15:01 +0000)]
Corrected targets to prevent from useles compiling files that hasn't changed
kouril [Fri, 7 Nov 2003 15:29:25 +0000 (15:29 +0000)]
increased version number before creating a new release
kouril [Fri, 7 Nov 2003 15:23:15 +0000 (15:23 +0000)]
note the configure script