1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Index: libapache-mod-auth-kerb-5.3/README
===================================================================
--- libapache-mod-auth-kerb-5.3.orig/README 2008-05-08 08:25:26.000000000 +0200
+++ libapache-mod-auth-kerb-5.3/README 2008-05-08 08:26:15.000000000 +0200
@@ -66,6 +66,8 @@
is used. The FQDN part can contain any hostname and can be used to work
around problems with misconfigured DNS. A corresponding key of this name
must be stored in the keytab.
+ If this option is set to 'Any', then any prinicpal from the keytab which
+ matches the client's request may be used.
Krb4Srvtab /path/to/srvtab
This option takes one argument, specifying the path to the Kerberos V4
Index: libapache-mod-auth-kerb-5.3/src/mod_auth_kerb.c
===================================================================
--- libapache-mod-auth-kerb-5.3.orig/src/mod_auth_kerb.c 2008-05-08 08:25:26.000000000 +0200
+++ libapache-mod-auth-kerb-5.3/src/mod_auth_kerb.c 2008-05-08 08:26:15.000000000 +0200
@@ -1140,7 +1140,10 @@
have_server_princ = conf->krb_service_name && strchr(conf->krb_service_name, '/') != NULL;
if (have_server_princ)
strncpy(buf, conf->krb_service_name, sizeof(buf));
- else
+ else if (conf->krb_service_name && strcmp(conf->krb_service_name, "Any") == 0) {
+ *server_creds = GSS_C_NO_CREDENTIAL;
+ return 0;
+ } else
snprintf(buf, sizeof(buf), "%s@%s",
(conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME,
ap_get_server_name(r));
|
