Package: libapache2-mod-auth-kerb
Version: 4.996-5.0-rc6-1
Severity: important
krb5 1.4.3 has just been uploaded to experimental and will hopefully be
uploaded to unstable soon. In testing it, I found that mod_auth_kerb
(at least with Apache 2 -- I haven't tested with Apache 1) doesn't work
Be aware that there is special code to try and disable the replay
cache in mod-auth-kerb; it may interact badly with changes in krb5.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Sam Hartman [EMAIL PROTECTED] writes:
Be aware that there is special code to try and disable the replay
cache in mod-auth-kerb; it may interact badly with changes in krb5.
I must say that it's tempting to just set KRB5RCACHETYPE to none. Alas,
that's probably a bad idea in an Apache module
Russ Allbery [EMAIL PROTECTED] writes:
The special code to disable the replay cache is extremely ugly and
intrusive and won't even compile against krb5 1.4.3, so I'm sure that's
what broke.
I take that back; once Bug#300810 is fixed, the package does build fine
against 1.4.3. However, that
Russ Allbery [EMAIL PROTECTED] writes:
I'm going to try a few things and see if I can get the intrusive code to
work. I think it's currently a bit too complicated and there's a
simpler way to get the results that it's going for.
Okay, the first problem is that the definition of krb5_rc_ops
tags 340360 patch
thanks
Here's a tested patch that works with 1.4.3. Note that it won't work with
earlier versions of Kerberos since the none rcache type is new in 1.4 so
far as I can tell.
A possibly better solution would be to keep the old code but make it
conditional on the version of
Russ == Russ Allbery [EMAIL PROTECTED] writes:
Russ Sam Hartman [EMAIL PROTECTED] writes:
Be aware that there is special code to try and disable the
replay cache in mod-auth-kerb; it may interact badly with
changes in krb5.
Russ I must say that it's tempting to just set
7 matches
Mail list logo
