httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 55178] New: [PATCH] mod_authnz_ldap SASL authentication support
Date Mon, 01 Jul 2013 20:25:51 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=55178

            Bug ID: 55178
           Summary: [PATCH] mod_authnz_ldap SASL authentication support
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_auth_ldap
          Assignee: bugs@httpd.apache.org
          Reporter: lubo.rintel@gooddata.com

Created attachment 30516
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=30516&action=edit
mod_authn_ldap: Allow authentication with SASL

There is not SASL support in mod_authnz_ldap and mod_ldap respectively.

The attachments (apply to development trunk) add SASL support to the extent
Kerberos authentication via GSSAPI mechanism can used. They are accompanied by
documentation (though I've sadly not been able to extend French language
version documentation for the modules):

* mod_authn_ldap: Allow authentication with SASL

The first patch adds a directive to specify the SASL mechanism. This alone is
not enough for much practical use (apart from anonymous binds, or credentials
supplied via other means, such as pre-initialized Kerberos credentials cache),
but lays foundation for sane extending. It would be easy to e.g. add PLAIN
authentication without hardcoding it, as is done in bug #51757.

* mod_authn_ldap: Allow specifying SASL interaction

This allows for running a command when SASL interaction is required to obtain
credentials. The actual conversation is very mechanism dependent (bug #51757 is
a good example how could it be extended for PLAIN mechanism), this just
delegates the work to a command. An example in documentation shows how to use
this to obtain Kerberos TGT to initialize credentials cache for GSSAPI
mechanism to succeed.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message