which also determines if GSS-SPNEGO is handled by GSSAPI or winbind.
--HG--
branch : HEAD
# default (usually /etc/krb5.keytab) if not specified.
#auth_krb5_keytab =
-# Do NTLM authentication using Samba's winbind daemon and ntlm_auth helper.
-# <doc/wiki/Authentication/Mechanisms/Winbind.txt>
-#auth_ntlm_use_winbind = no
+# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
+# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
+#auth_use_winbind = no
# Path for Samba's ntlm_auth helper binary.
#auth_winbind_helper_path = /usr/bin/ntlm_auth
{
mech_register_module(&mech_gssapi);
#ifdef HAVE_GSSAPI_SPNEGO
- mech_register_module(&mech_gssapi_spnego);
+ if (getenv("NTLM_USE_WINBIND") == NULL)
+ mech_register_module(&mech_gssapi_spnego);
#endif
}
{
mech_unregister_module(&mech_gssapi);
#ifdef HAVE_GSSAPI_SPNEGO
- mech_unregister_module(&mech_gssapi_spnego);
+ if (getenv("NTLM_USE_WINBIND") == NULL)
+ mech_unregister_module(&mech_gssapi_spnego);
#endif
}
#endif
mech_register_module(&mech_apop);
mech_register_module(&mech_cram_md5);
mech_register_module(&mech_digest_md5);
- if (getenv("NTLM_USE_WINBIND") != NULL)
+ if (getenv("USE_WINBIND") != NULL) {
mech_register_module(&mech_winbind_ntlm);
- else
+ mech_register_module(&mech_winbind_spnego);
+ } else {
mech_register_module(&mech_ntlm);
- mech_register_module(&mech_winbind_spnego);
+#if defined(HAVE_GSSAPI_SPNEGO) && defined(BUILTIN_GSSAPI)
+ mech_register_module(&mech_gssapi_spnego);
+#endif
+ }
mech_register_module(&mech_otp);
mech_register_module(&mech_skey);
mech_register_module(&mech_rpa);
mech_register_module(&mech_anonymous);
#ifdef BUILTIN_GSSAPI
mech_register_module(&mech_gssapi);
-#ifdef HAVE_GSSAPI_SPNEGO
- mech_register_module(&mech_gssapi_spnego);
-#endif
#endif
}
mech_unregister_module(&mech_apop);
mech_unregister_module(&mech_cram_md5);
mech_unregister_module(&mech_digest_md5);
- if (getenv("NTLM_USE_WINBIND") != NULL)
+ if (getenv("NTLM_USE_WINBIND") != NULL) {
mech_unregister_module(&mech_winbind_ntlm);
- else
+ mech_unregister_module(&mech_winbind_spnego);
+ } else {
mech_unregister_module(&mech_ntlm);
- mech_unregister_module(&mech_winbind_spnego);
+#if defined(HAVE_GSSAPI_SPNEGO) && defined(BUILTIN_GSSAPI)
+ mech_unregister_module(&mech_gssapi_spnego);
+#endif
+ }
mech_unregister_module(&mech_otp);
mech_unregister_module(&mech_skey);
mech_unregister_module(&mech_rpa);
mech_unregister_module(&mech_anonymous);
#ifdef BUILTIN_GSSAPI
mech_unregister_module(&mech_gssapi);
-#ifdef HAVE_GSSAPI_SPNEGO
- mech_unregister_module(&mech_gssapi_spnego);
-#endif
#endif
}
env_put("SSL_REQUIRE_CLIENT_CERT=1");
if (set->ssl_username_from_cert)
env_put("SSL_USERNAME_FROM_CERT=1");
- if (set->ntlm_use_winbind)
- env_put("NTLM_USE_WINBIND=1");
+ if (set->use_winbind)
+ env_put("USE_WINBIND=1");
if (*set->krb5_keytab != '\0') {
/* Environment may be used by Kerberos 5 library directly,
although we also try to use it directly as well */
DEF_BOOL(debug_passwords),
DEF_BOOL(ssl_require_client_cert),
DEF_BOOL(ssl_username_from_cert),
- DEF_BOOL(ntlm_use_winbind),
+ DEF_BOOL(use_winbind),
DEF_INT(count),
DEF_INT(worker_max_count),
MEMBER(debug_passwords) FALSE,
MEMBER(ssl_require_client_cert) FALSE,
MEMBER(ssl_username_from_cert) FALSE,
- MEMBER(ntlm_use_winbind) FALSE,
+ MEMBER(use_winbind) FALSE,
MEMBER(count) 1,
MEMBER(worker_max_count) 30,
bool verbose, debug, debug_passwords;
bool ssl_require_client_cert;
bool ssl_username_from_cert;
- bool ntlm_use_winbind;
+ bool use_winbind;
unsigned int count;
unsigned int worker_max_count;
projects / thirdparty / dovecot / core.git / commitdiff
