From 11e57ba5a1b929f95447e453e3e03babbaca8cd8 Mon Sep 17 00:00:00 2001
From: kouril <kouril>
Date: Thu, 24 Aug 2006 10:48:38 +0000
Subject: [PATCH] Detect if the "none" replay cache type is supported before
 enforcing its use

---
 src/mod_auth_kerb.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c
index 0d5c1a2..4784fe7 100644
--- a/src/mod_auth_kerb.c
+++ b/src/mod_auth_kerb.c
@@ -1546,6 +1546,26 @@ kerb_authenticate_user(request_rec *r)
    return ret;
 }
 
+int
+have_rcache_type(const char *type)
+{
+   krb5_error_code ret;
+   krb5_rcache id;
+   int found;
+
+   memset(&id, 0, sizeof(id));
+
+   ret = krb5_init_context(&context);
+   if (ret)
+      return 0;
+
+   ret = krb5_rc_resolve_type(context, id, type);
+   found = (ret == 0);
+
+   krb5_free_context(context);
+
+   return found;
+}
 
 /*************************************************************************** 
  Module Setup/Configuration
@@ -1557,7 +1577,7 @@ kerb_module_init(server_rec *dummy, pool *p)
 #ifndef HEIMDAL
    /* Suppress the MIT replay cache.  Requires MIT Kerberos 1.4.0 or later.
       1.3.x are covered by the hack overiding the replay calls */
-   if (getenv("KRB5RCACHETYPE") == NULL)
+   if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none"))
       putenv(strdup("KRB5RCACHETYPE=none"));
 #endif
 }
@@ -1598,7 +1618,7 @@ kerb_init_handler(apr_pool_t *p, apr_pool_t *plog,
 #ifndef HEIMDAL
    /* Suppress the MIT replay cache.  Requires MIT Kerberos 1.4.0 or later.
       1.3.x are covered by the hack overiding the replay calls */
-   if (getenv("KRB5RCACHETYPE") == NULL)
+   if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none"))
       putenv(strdup("KRB5RCACHETYPE=none"));
 #endif
    
-- 
2.1.4