diff options
author | Remi Collet <fedora@famillecollet.com> | 2012-11-17 07:41:38 +0100 |
---|---|---|
committer | Remi Collet <fedora@famillecollet.com> | 2012-11-17 07:41:38 +0100 |
commit | 307bb0cd3b0f3f8324cc5e570783c06fa3a4ae92 (patch) | |
tree | e110ebd81c6a06c543272cdb4a5b3eeb54182096 /mod_auth_kerb-5.4-s4u2proxy.patch | |
parent | 2f0a093ddcf1c9320b5d7ceac8cc597253c49125 (diff) |
Diffstat (limited to 'mod_auth_kerb-5.4-s4u2proxy.patch')
-rw-r--r-- | mod_auth_kerb-5.4-s4u2proxy.patch | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/mod_auth_kerb-5.4-s4u2proxy.patch b/mod_auth_kerb-5.4-s4u2proxy.patch index 23185f3..031f87e 100644 --- a/mod_auth_kerb-5.4-s4u2proxy.patch +++ b/mod_auth_kerb-5.4-s4u2proxy.patch @@ -1,4 +1,24 @@ -diff -up --recursive mod_auth_kerb-5.4.orig/README mod_auth_kerb-5.4/README + +Add S4U2Proxy feature: + +http://sourceforge.net/mailarchive/forum.php?thread_name=4EE665D1.3000308%40redhat.com&forum_name=modauthkerb-help + +The attached patches add support for using s4u2proxy +(http://k5wiki.kerberos.org/wiki/Projects/Services4User) to allow the +web service to obtain credentials on behalf of the authenticated user. + +The first patch adds basic support for s4u2proxy. This requires the web +administrator to manually create and manage the credentails cache for +the apache user (via a cron job, for example). + +The second patch builds on this and makes mod_auth_kerb manage the +ccache instead. + +These are patches against the current CVS HEAD (mod_auth_krb 5.4). + +I've added a new module option to enable this support, +KrbConstrainedDelegation. The default is off. + --- mod_auth_kerb-5.4.orig/README 2008-11-26 11:51:05.000000000 -0500 +++ mod_auth_kerb-5.4/README 2012-01-04 11:17:22.000000000 -0500 @@ -122,4 +122,16 @@ KrbSaveCredentials, the tickets will be |