Simo Sorce

Absolutely fantastic, looks like a clean job so far.

It's probably a grey area at this point, but I will look into it once I am back from Red Hat Summit.

So the real breaker for upgrade seems to be mostly the RSA key derivation. HMAC and CMAC are just suspend/resume issues as far as I can see, but not necessarily...

So I am looking at the code, and I am not sure there is value in trying to use OpenSSL's function to derive RSA keys. Using a non CSPRNG random...

the double cookie bug is there since ages, to me it seem mod_session is kinda abandoned, but if you can find a contact please do.

this is unrelated, Sessions do work, they just have some annying side effect

Please produce mag_auth_gssapi debug logs

There is something suspicious here: ``` [Sun Mar 04 11:31:07.213697 2018] ... AH00007: ap_cookie: user '(null)' set cookie: 'gssapi_session= ... ``` If the user is set to null then the...

Does it work if you turn off GssapiLocalName ?

I am not sure what's interfeering here. Seem like DBD sessions do something inherently different that breaks auth ? In the FreeIPA project they do use RewriteRules sometimes because mod_session...