From 5401c93b3d84a58357ccf8321ffe165aabca8656 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 10 Jul 2014 06:53:00 -0400 Subject: Add S4U2Proxy support SU2Proxy support is enabled when GssapiUseS4U2Proxy is set to On When S4U2Proxy is enabled GssapiDelegCcacheDir is used to determine where delegated credentials are stored. The ccache type used is always of type FILE and is located in the provided directory (defaults to /tmp). The credentials are stored in a file named after the client credentials so the directory SHOUL NOT be world writeable if a mutiuser system is used as ccache file names are predictable. --- src/mod_auth_gssapi.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/mod_auth_gssapi.h') diff --git a/src/mod_auth_gssapi.h b/src/mod_auth_gssapi.h index 6a21254..6d8ab1b 100644 --- a/src/mod_auth_gssapi.h +++ b/src/mod_auth_gssapi.h @@ -39,7 +39,9 @@ struct mag_config { bool map_to_local; bool gss_conn_ctx; bool use_sessions; - gss_key_value_set_desc cred_store; + bool use_s4u2proxy; + char *deleg_ccache_dir; + gss_key_value_set_desc *cred_store; struct seal_key *mag_skey; }; -- cgit