From: mike <mike@7a7537e8-13f0-0310-91df-b6672ffda945>
Date: Tue, 9 Apr 2013 14:32:10 +0000 (+0000)
Subject: Don't do Kerberos over the loopback interface.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1922cf85c505eb035f92e2c241ee1b74789d46eb;p=thirdparty%2Fcups.git

Don't do Kerberos over the loopback interface.


git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@10939 7a7537e8-13f0-0310-91df-b6672ffda945
---

diff --git a/CHANGES-1.6.txt b/CHANGES-1.6.txt
index 87813907ae..57a0ff5f82 100644
--- a/CHANGES-1.6.txt
+++ b/CHANGES-1.6.txt
@@ -5,6 +5,8 @@ CHANGES IN CUPS V1.6.3
 
 	- The configure script now prefers Clang over GCC.
 	- Fixed a compile problem on AIX (STR #4307)
+	- The scheduler no longer tries to do Kerberos authentication over the
+	  loopback interface.
 	- The IPP backend could fail to pause a job for authentication
 	  (STR #4298)
 	- Fixed a regression on the handling of auth keys on OS X if the
diff --git a/scheduler/client.c b/scheduler/client.c
index 82cd23ebc3..3713d156fc 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2619,7 +2619,14 @@ cupsdSendHeader(
 	       con->http.hostname);
 #ifdef HAVE_GSSAPI
     else if (auth_type == CUPSD_AUTH_NEGOTIATE)
+    {
+#  ifdef AF_LOCAL
+      if (_httpAddrFamily(con->http.hostaddr) == AF_LOCAL)
+        strlcpy(auth_str, "Basic realm=\"CUPS\"", sizeof(auth_str));
+      else
+#  endif /* AF_LOCAL */
       strlcpy(auth_str, "Negotiate", sizeof(auth_str));
+    }
 #endif /* HAVE_GSSAPI */
 
     if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE &&