diff options
| -rw-r--r-- | mod_auth_kerb-5.4-fixes.patch | 3 | ||||
| -rw-r--r-- | mod_auth_kerb-5.4-s4u2proxy.patch | 22 | ||||
| -rw-r--r-- | mod_auth_kerb.spec | 26 |
3 files changed, 47 insertions, 4 deletions
diff --git a/mod_auth_kerb-5.4-fixes.patch b/mod_auth_kerb-5.4-fixes.patch index d9a08f6..b86be69 100644 --- a/mod_auth_kerb-5.4-fixes.patch +++ b/mod_auth_kerb-5.4-fixes.patch @@ -1,3 +1,6 @@ + +Compiler warning fixes. + --- mod_auth_kerb-5.4/src/mod_auth_kerb.c.fixes +++ mod_auth_kerb-5.4/src/mod_auth_kerb.c @@ -677,7 +677,8 @@ end: diff --git a/mod_auth_kerb-5.4-s4u2proxy.patch b/mod_auth_kerb-5.4-s4u2proxy.patch index 23185f3..031f87e 100644 --- a/mod_auth_kerb-5.4-s4u2proxy.patch +++ b/mod_auth_kerb-5.4-s4u2proxy.patch @@ -1,4 +1,24 @@ -diff -up --recursive mod_auth_kerb-5.4.orig/README mod_auth_kerb-5.4/README + +Add S4U2Proxy feature: + +http://sourceforge.net/mailarchive/forum.php?thread_name=4EE665D1.3000308%40redhat.com&forum_name=modauthkerb-help + +The attached patches add support for using s4u2proxy +(http://k5wiki.kerberos.org/wiki/Projects/Services4User) to allow the +web service to obtain credentials on behalf of the authenticated user. + +The first patch adds basic support for s4u2proxy. This requires the web +administrator to manually create and manage the credentails cache for +the apache user (via a cron job, for example). + +The second patch builds on this and makes mod_auth_kerb manage the +ccache instead. + +These are patches against the current CVS HEAD (mod_auth_krb 5.4). + +I've added a new module option to enable this support, +KrbConstrainedDelegation. The default is off. + --- mod_auth_kerb-5.4.orig/README 2008-11-26 11:51:05.000000000 -0500 +++ mod_auth_kerb-5.4/README 2012-01-04 11:17:22.000000000 -0500 @@ -122,4 +122,16 @@ KrbSaveCredentials, the tickets will be diff --git a/mod_auth_kerb.spec b/mod_auth_kerb.spec index e789650..839711d 100644 --- a/mod_auth_kerb.spec +++ b/mod_auth_kerb.spec @@ -1,5 +1,5 @@ %{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}} -%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo missing-httpd-devel)}} +%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn 2>/dev/null || echo missing-httpd-devel)}} %{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}} # /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4 %{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}} @@ -8,7 +8,9 @@ Summary: Kerberos authentication module for HTTP Name: mod_auth_kerb Version: 5.4 -Release: 19%{?dist} +Release: 22%{?dist} +# src/mod_auth_kerb.c is under 3-clause BSD, ASL 2.0 code is patched in (-s4u2proxy.patch) +# src/mit-internals.h contains MIT-licensed code. License: BSD and MIT and ASL 2.0 Group: System Environment/Daemons URL: http://modauthkerb.sourceforge.net/ @@ -26,6 +28,10 @@ BuildRequires: httpd-devel, krb5-devel Requires: httpd-mmn = %{_httpd_mmn} Requires(pre): httpd +# Suppres auto-provides for module DSO +%{?filter_provides_in: %filter_provides_in %{_libdir}/httpd/modules/.*\.so$} +%{?filter_setup} + %description mod_auth_kerb is module for the Apache HTTP Server designed to provide Kerberos authentication over HTTP. The module supports the @@ -75,7 +81,7 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) -%doc README LICENSE.ASL +%doc README LICENSE LICENSE.ASL %config(noreplace) %{_httpd_modconfdir}/*.conf %if "%{_httpd_modconfdir}" != "%{_httpd_confdir}" %doc example.conf @@ -85,6 +91,20 @@ rm -rf $RPM_BUILD_ROOT %attr(0700,apache,apache) %dir /run/httpd/krbcache %changelog +* Sat Nov 17 2012 Remi Collet <RPMS@FamilleCollet.com> - 5.4-22 +- sync with rawhide, rebuild for remi repo + +* Thu Nov 15 2012 Joe Orton <jorton@redhat.com> - 5.4-22 +- clarify licensing; clean up spec file + +* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 5.4-21 +- fix httpd_mmn stderr filter (thanks rcollet) + +* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 5.4-20 +- hide stderr if finding httpd_mmn +- package LICENSE +- filter DSO auto provides + * Thu Aug 9 2012 Remi Collet <RPMS@FamilleCollet.com> - 5.4-19 - sync with rawhide, rebuild for remi repo |