| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| |
|
|
| |
Remove unnecessary cruft, that was only making things harder to read.
|
| |
|
|
|
| |
On my system I have high UIds, without tar-pax make dist fails.
Also add other useful parameters
|
| |
|
|
|
|
| |
This way the context is available for the duration of the connection.
It is also properly freed if the connection is interrupted before the context
is fully established.
|
| |
|
|
|
| |
On errors mc->ctx would be left pointing at the freed context,
make sure it is cleared if we delete the context.
|
| |
|
|
|
|
|
|
| |
The token was being trunkated as the total length should have been:
replen + 10
Just remove this line, apr_base64_encode() already properly terminate
the buffer.
|
| | |
|
| |
|
|
| |
Obey the GSSSSLOnly setting.
|
| |
|
|
|
|
|
|
|
|
|
| |
This means the authentication is not repeated for every request but
is retained for the life of the connection.
This may be a security issue if a frontend proxy shares connections
between multiple users so must be used with care.
RFC 4559 warns that clients should not try SPNEGO if such a proxy
is present. Unfortuntely the RFC assumes a non-standard method to
determine if a proxy maintain separate connections.
|
| |
|
|
|
|
| |
The module structure name used throughout the code didn't match the
name of the initialized structure, so the one used was always
uninitialized.
|
| |
|
|
|
|
|
| |
Always preserves the received name in GSS_NAME.
In the kereberos case this will result in the environment variable
called GSS_NAME the user's principal, while REMOTE_USER will contain
the user name as mapped by the kerberos library.
|
| | |
|
| | |
|
| | |
|
| | |
|
|
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
