From 57c6cea80b61df0fd63b3ff80bdf8662e30d65dd Mon Sep 17 00:00:00 2001 From: JaysonHurst Date: Wed, 10 Feb 2016 11:50:24 -0700 Subject: [PATCH] Set the environment variable KRB5RCACHETYPE to none by default, this is to fix issues when rewrite rules cause multiple auth attempts that are sent for each URL which cause replay errors --- NEWS | 3 ++- mod_auth_vas4.c | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 7347be0..e62366d 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,8 @@ -4.0.2.3 (2016-02-03) +4.0.2.3 (2016-02-10) - No longer add /etc/*/conf.d* dir to rpm packages, only include the actual file from conf.d. This is to resolve conflicts on RHEL7 with the httpd package. Bug# 861 + - Set the environment variable KRB5RCACHETYPE to none by default. 4.0.2.2 (2014-11-13) - Added a negative group cache for invalid group name lookups. Bug# 851 diff --git a/mod_auth_vas4.c b/mod_auth_vas4.c index 63d550e..1503edf 100644 --- a/mod_auth_vas4.c +++ b/mod_auth_vas4.c @@ -1292,6 +1292,11 @@ static void auth_vas_server_init(apr_pool_t *p, server_rec *s) return; } + if(setenv("KRB5RCACHETYPE", "none", 1) == 0) + TRACE1_S(s, "%s: KRB5RCACHETYPE set to none, replay cache will be disabled", __func__); + else + ERROR_S(s, "%s: Failed to set KRB5RCACHETYPE", __func__); + /* If the server_principal has not been set by the user then set it here. * We no longer set a default when the server config is initialized * Bug #846 fix: jayson.hurst@software.dell.com (4-1-14)