Simo Sorce
Simo Sorce
Keeping this open until the PR is actually merged
JFR I am not planning to make a release immediately just for this change.
How did you compile OpenSSL, did you compile it removing the deprecated functions ? I do get the warnings of course, but with my build of OpenSSL (Fedora 37) the...
In theory yes, but we defer that kind of action to the underlying krb5 library and then use the available APIs to extract that data like we do for other...
> > In theory yes, but we defer that kind of action to the underlying krb5 library and then use the available APIs to extract that > > data like...
> Is at least support for SSSD on your roadmap? I mean it could work even without PAC support, i.e.: httpd -> mod_auth_gssapi -> SSSD (query groups the authenticated user...
It contains all of the SIDs as unpacked by the KDC, SSSD is needed to translate those into Unix Groups.
The environment variable for GSSPROXY_SOCKET is observed by the gssproxy mechglue plugin in gssapi and mod_auth_gssapi is completely oblivious to that. The env var is a process level variable and...
can you check gssproxy to see if new connections are being made or if apahce opened a connection early and then child processes just keep using the same connections they...
Uhm actually the client will detect a fork or a change in euid/egid and reopen the socket ... so it seem like apache is running the authentication code before handing...