+ if ( ( kerror = krb5_kt_resolve(child.kcontext, keytab, &krb5kt ) ) ) {
+ log_error( APLOG_MARK, APLOG_ERR, 0, s,
+ "mod_waklog: krb5_kt_resolve %s", error_message(kerror) );
+ goto cleanup;
+ }
+
+ if ((kerror = krb5_get_init_creds_keytab (child.kcontext, &v5creds,
+ kprinc, krb5kt, 0, NULL, &kopts ) ) ) {
+ log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_get_init_creds_keytab %s",
+ error_message(kerror) );
+ goto cleanup;
+ }
+ } else if (k5secret) {
+
+ /* If the WebSSO is lame enough to provide a secret, then try and use that to get a token */
+
+ if ((kerror = krb5_get_init_creds_password ( child.kcontext, &v5creds,
+ kprinc, k5secret, NULL, NULL, 0, NULL, &kopts ) ) ) {
+ log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_get_init_creds_password %s",
+ error_message(kerror) );
+ /* nuke the password so it doesn't end up in core files */
+ memset(k5secret, 0, sizeof(k5secret));
+ goto cleanup;
+ }
+
+ memset(k5secret, 0, sizeof(k5secret));
+ }
+
+ /* initialize the credentials cache and store the stuff we just got */
+ if ( ( kerror = krb5_cc_initialize (child.kcontext, child.ccache, kprinc) ) ) {
+ log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: init credentials cache %s",
+ error_message(kerror));
+ goto cleanup;
+ }
+
+ if ( ( kerror = krb5_cc_store_cred(child.kcontext, child.ccache, &v5creds) ) ) {
+ log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: cannot store credentials %s",
+ error_message(kerror));