summaryrefslogtreecommitdiffstats
path: root/README
Commit message (Collapse)AuthorAgeFilesLines
* Add support for GssapiImpersonate.Jan Pazdziora2016-06-091-0/+16
| | | | | | | | | | | | | | | | This is can be enabled on locations that are authenticated by another module to obtain a ticket for the user, so that the application gets access to krb5 credentials and all named attributes for the client. The service needs to be authorized by the KDC if there is the need to use credentials for further ticket acquisition by setting the ok_to_auth_as_delegate flag on the service principal. This will provide a forwardable ticket that can be used to obtain additional tickets via consrained delegation (also subkect to KDC access control). Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> Signed-off-by: Simo Sorce <simo@redhat.com> Close #92
* Additional python modules are needed.Jan Pazdziora2016-06-061-1/+2
| | | | | | | | Failed imports were found in tracebacks in ./scratchdir/tests.log. Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> Close #89
* The distribution does not ship ./configure, generate it.Jan Pazdziora2016-06-061-0/+1
| | | | | | Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> Close #88
* Clarify make test dependencies.Jan Pazdziora2016-06-021-3/+5
| | | | | | Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> Close #85
* Implement unique ccache namesRobbie Harwood2016-05-181-0/+13
| | | | | | | | | | | Unique ccache names may be requested using the GssapiDelegCcacheUnique configuration option. This option is off by default. If both unique ccache names and session use are enabled, then a mechanism for removing old ccaches must be supplied. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Also-authored-by: Petr Vobornik <pvoborni@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Cleanup s4u2proxy in mag_auth_basicIsaac Boukris2016-02-171-0/+3
| | | | | | | | | | | | | | It doesn't have any effect since we set GSS_C_DELEG_FLAG when we initiate client credentials so we always get delegated TGT regardless of constrained delegation. This commit is not intended to change the current behaviour. See #70 Reviewed-by: Simo Sorce <simo@redhat.com> Closes #70 Closes #72
* Add option to not send a Negotiate headersJames Groffen2016-02-171-0/+26
| | | | | | | | | | | | | | | | If negotiation was attempted but failed do not send a new Negotiate header. Useful when only one single sign on mechanism is allowed and to avoid misleading login prompts in some browsers. Added a test of the GssapiDontReauth option to the test suite. Also added SPNEGO no auth test. [SS: reworded and fixed commit subject/comment] [SS: fixed whitespace errors and 80 column wrappings] Reviewed-by: Simo Sorce <simo@redhat.com> Close #65
* Corrected two typos in the README file.James Groffen2016-02-171-2/+2
| | | | | | Reviewed-by: Simo Sorce <simo@redhat.com> Close #71
* Minor formatting changes to the README.James Groffen2016-02-031-7/+7
| | | | | | | | [Changes to original commit: removed trailing whitespace] Reviewed-by: Simo Sorce <simo@redhat.com> Closes #67
* Add code to set attribute names in the environmentname_attrsSimo Sorce2015-12-031-0/+27
| | | | | | | | | | | | This code allows to specify which attributes in a name are interesting to the application and set them as named environemnt variables. Optionally the whole set of attributes can be exported in a json formatted structure. Signed-off-by: Simo Sorce <simo@redhat.com> Close #62 Close #63
* Mention test dependencies in READMEDennis Schridde2015-09-031-0/+8
| | | | | Reviewed-by: Simo Sorce <simo@redhat.com> Closes #56
* Update and rename README to README.mdJames Groffen2015-09-031-39/+39
| | | | | | | | | Add symlink to .md so the markdown is picked up. Updated styling and fixed a couple of typos. Simo: Changed rename into a symlink. Reworded commit message Reviewed-by: Simo Sorce <simo@redhat.com> Closes #51
* Add GssapiBasicAuthMech optionSimo Sorce2015-06-201-0/+13
| | | | | | | | | This option allows to set a different list of mechanisms to use with Basic Auth (Basic Auth must be explicitly enabled) than the list of mechs that are allowed with Negotiate or Raw GSSAPI Client authentication. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add GssapiAllowedMech optionSimo Sorce2015-06-031-0/+12
| | | | | This option allows the admin to list the mechanisms that can be used for authentication. An empty list allows any locally supported mechanisms.
* Add GssapiSignalPersistentAuth directiveIsaac Boukris2015-05-241-3/+8
| | | | | | | Controls whether to send the Persistent-Auth header, and sets it only when necessary/appropriate Reviewed-by: Simo Sorce <simo@redhat.com>
* Documentation fixesSimo Sorce2015-03-091-2/+9
| | | | | | | Fix GssapiDelegCcacheDir examples and add all the required options to make GssapiUseS4U2Proxy really work. Thanks to David Kupka for testing that highlighted these issues.
* Remove forward basic auth and fix docsSimo Sorce2015-03-061-4/+14
| | | | Fixes #8
* Add support for handling Basic AuthSimo Sorce2015-03-051-0/+10
| | | | | | | Support either passing Basic Auth Through to another module, or handling it directly through gss_acquire_cred_with_password() Fixes #8
* Add instructions to README fileSimo Sorce2014-08-261-0/+171
|
* Add initial configure scriptsSimo Sorce2014-02-151-0/+3
generated by cgit (git 2.34.1) at 2024-06-01 06:34:07 +0000