| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
This code depends on a patch that has not yet been upstreamed in mod_ssl,
it also require client support whichis not available in Firefox, unclear if
available in Chrome or other similar browser.
It is available on Windows systems when Extended Protection Authentication
is enabled.
|
| | |
|
| |
|
|
| |
Obey the GSSSSLOnly setting.
|
| |
|
|
|
|
|
|
|
|
|
| |
This means the authentication is not repeated for every request but
is retained for the life of the connection.
This may be a security issue if a frontend proxy shares connections
between multiple users so must be used with care.
RFC 4559 warns that clients should not try SPNEGO if such a proxy
is present. Unfortuntely the RFC assumes a non-standard method to
determine if a proxy maintain separate connections.
|
| |
|
|
|
|
| |
The module structure name used throughout the code didn't match the
name of the initialized structure, so the one used was always
uninitialized.
|
| |
|
|
|
|
|
| |
Always preserves the received name in GSS_NAME.
In the kereberos case this will result in the environment variable
called GSS_NAME the user's principal, while REMOTE_USER will contain
the user name as mapped by the kerberos library.
|
| | |
|
| | |
|
| | |
|
| | |
|
|
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
