diff options
Diffstat (limited to 'network/mod_auth_kerb')
-rw-r--r-- | network/mod_auth_kerb/README | 13 | ||||
-rw-r--r-- | network/mod_auth_kerb/doinst.sh | 13 | ||||
-rw-r--r-- | network/mod_auth_kerb/mod_auth_kerb.SlackBuild | 85 | ||||
-rw-r--r-- | network/mod_auth_kerb/mod_auth_kerb.c.patch | 10 | ||||
-rw-r--r-- | network/mod_auth_kerb/mod_auth_kerb.conf | 27 | ||||
-rw-r--r-- | network/mod_auth_kerb/mod_auth_kerb.info | 10 | ||||
-rw-r--r-- | network/mod_auth_kerb/slack-desc | 19 |
7 files changed, 177 insertions, 0 deletions
diff --git a/network/mod_auth_kerb/README b/network/mod_auth_kerb/README new file mode 100644 index 0000000000..5b9f062970 --- /dev/null +++ b/network/mod_auth_kerb/README @@ -0,0 +1,13 @@ +Mod_auth_kerb is an Apache module designed to provide Kerberos +authentication to the Apache web server. The module also supports +the Negotiate authentication method, which performs full Kerberos +authentication based on ticket exchanges, and does not require +users to insert their passwords to the browser. + +This requires heimdal. + +You will need to add the following line to /etc/httpd/httpd.conf: + Include /etc/httpd/extra/mod_auth_kerb.conf + +Mod_auth_kerb can be further configured through the Apache configuration file; +see the README in the package's documentation directory for details. diff --git a/network/mod_auth_kerb/doinst.sh b/network/mod_auth_kerb/doinst.sh new file mode 100644 index 0000000000..accf625eb0 --- /dev/null +++ b/network/mod_auth_kerb/doinst.sh @@ -0,0 +1,13 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} +config etc/httpd/extra/mod_auth_kerb.conf.new diff --git a/network/mod_auth_kerb/mod_auth_kerb.SlackBuild b/network/mod_auth_kerb/mod_auth_kerb.SlackBuild new file mode 100644 index 0000000000..60adb3f377 --- /dev/null +++ b/network/mod_auth_kerb/mod_auth_kerb.SlackBuild @@ -0,0 +1,85 @@ +#!/bin/sh + +# Slackware build script for mod_auth_kerb +# Written by Thibaut Notteboom (tib at tibux dot org) + +PRGNAM=mod_auth_kerb +VERSION=${VERSION:-5.4} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +patch -p0 < $CWD/mod_auth_kerb.c.patch + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --without-krb4 \ + --with-krb5=/usr/heimdal \ + --build=$ARCH-slackware-linux + +make + +mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/httpd/modules +install -m 0755 src/.libs/mod_auth_kerb.so \ + $PKG/usr/lib${LIBDIRSUFFIX}/httpd/modules/mod_auth_kerb.so + +mkdir -p $PKG/etc/httpd/extra +sed "s%@baselibdir@%lib${LIBDIRSUFFIX}%" $CWD/mod_auth_kerb.conf > \ + $PKG/etc/httpd/extra/mod_auth_kerb.conf.new + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a ChangeLog INSTALL LICENSE README $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/mod_auth_kerb/mod_auth_kerb.c.patch b/network/mod_auth_kerb/mod_auth_kerb.c.patch new file mode 100644 index 0000000000..bbdf64f0a3 --- /dev/null +++ b/network/mod_auth_kerb/mod_auth_kerb.c.patch @@ -0,0 +1,10 @@ +--- src/mod_auth_kerb.c.orig 2011-11-14 22:54:54.457955883 +0100 ++++ src/mod_auth_kerb.c 2011-11-14 22:55:42.060334084 +0100 +@@ -89,6 +89,7 @@ + #include <krb5.h> + #ifdef HEIMDAL + # include <gssapi.h> ++# include <gssapi/gssapi_krb5.h> + #else + # include <gssapi/gssapi.h> + # include <gssapi/gssapi_generic.h> diff --git a/network/mod_auth_kerb/mod_auth_kerb.conf b/network/mod_auth_kerb/mod_auth_kerb.conf new file mode 100644 index 0000000000..a75e692bb6 --- /dev/null +++ b/network/mod_auth_kerb/mod_auth_kerb.conf @@ -0,0 +1,27 @@ + +# The mod_auth_kerb module implements Kerberos authentication over +# HTTP, following the "Negotiate" protocol. +# + +LoadModule auth_kerb_module @baselibdir@/httpd/modules/mod_auth_kerb.so + +# +# Sample configuration: Kerberos authentication must only be +# used over SSL to prevent replay attacks. The keytab file +# configured must be readable only by the "apache" user, and +# must contain service keys for "HTTP/www.example.com", where +# "www.example.com" is the FQDN of this server. +# + +#<Location /private> +# SSLRequireSSL +# AuthType Kerberos +# AuthName "Kerberos Login" +# KrbMethodNegotiate On +# KrbMethodK5Passwd Off +# KrbAuthRealms EXAMPLE.COM +# Krb5KeyTab /etc/httpd/krb5.keytab +# require valid-user +#</Location> + + diff --git a/network/mod_auth_kerb/mod_auth_kerb.info b/network/mod_auth_kerb/mod_auth_kerb.info new file mode 100644 index 0000000000..691f80b88d --- /dev/null +++ b/network/mod_auth_kerb/mod_auth_kerb.info @@ -0,0 +1,10 @@ +PRGNAM="mod_auth_kerb" +VERSION="5.4" +HOMEPAGE="http://modauthkerb.sourceforge.net/" +DOWNLOAD="http://fossies.org/unix/www/apache_httpd_modules/mod_auth_kerb-5.4.tar.gz" +MD5SUM="642b81763ad3ca81dba359cb952da5e3" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +MAINTAINER="Thibaut Notteboom" +EMAIL="tib@tibux.org" +APPROVED="rworkman" diff --git a/network/mod_auth_kerb/slack-desc b/network/mod_auth_kerb/slack-desc new file mode 100644 index 0000000000..f67744cb92 --- /dev/null +++ b/network/mod_auth_kerb/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +mod_auth_kerb: mod_auth_kerb (Kerberos Module for Apache) +mod_auth_kerb: +mod_auth_kerb: Mod_auth_kerb is an Apache module designed to provide Kerberos +mod_auth_kerb: authentication to the Apache web server. The module also supports +mod_auth_kerb: the Negotiate authentication method, which performs full Kerberos +mod_auth_kerb: authentication based on ticket exchanges, and does not require +mod_auth_kerb: users to insert their passwords to the browser. +mod_auth_kerb: +mod_auth_kerb: Homepage: http://modauthkerb.sourceforge.net/ +mod_auth_kerb: +mod_auth_kerb: |