KRB5_LIBS="$KRB5_LIBS -lgss"
],, $KRB5_LIBS)
+ # MIT has a #define for Heimdal acceptor_identity, but it's way too
+ # difficult to test for it..
+ old_LIBS=$LIBS
+ LIBS="$LIBS $KRB5_LIBS"
+ AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity krb5_gss_register_acceptor_identity)
+ LIBS=$old_LIBS
+
if test x$want_gssapi_plugin != xyes; then
AUTH_LIBS="$AUTH_LIBS $KRB5_LIBS"
AUTH_CFLAGS="$AUTH_CFLAGS $KRB5_CFLAGS"
pool_t pool;
};
+static bool gssapi_initialized = FALSE;
+
static void auth_request_log_gss_error(struct auth_request *request,
OM_uint32 status_value, int status_type,
const char *description)
} while (message_context != 0);
}
+static void mech_gssapi_initialize(void)
+{
+ const char *path;
+
+ path = getenv("KRB5_KTNAME");
+ if (path != NULL) {
+#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
+ gsskrb5_register_acceptor_identity(path);
+#elif defined (HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
+ krb5_gss_register_acceptor_identity(path);
+#endif
+ }
+}
+
static struct auth_request *mech_gssapi_auth_new(void)
{
struct gssapi_auth_request *request;
pool_t pool;
+ if (!gssapi_initialized) {
+ gssapi_initialized = TRUE;
+ mech_gssapi_initialize();
+ }
+
pool = pool_alloconly_create("gssapi_auth_request", 1024);
request = p_new(pool, struct gssapi_auth_request, 1);
request->pool = pool;
if (set->ntlm_use_winbind)
env_put("NTLM_USE_WINBIND=1");
if (*set->krb5_keytab != '\0') {
- /* Environment used by Kerberos 5 library directly */
+ /* Environment may be used by Kerberos 5 library directly,
+ although we also try to use it directly as well */
env_put(t_strconcat("KRB5_KTNAME=", set->krb5_keytab, NULL));
}
if (*set->gssapi_hostname != '\0') {
projects / thirdparty / dovecot / core.git / commitdiff
