AC_ARG_WITH([apr-headers],
[AC_HELP_STRING([--with-apr-headers],[path to apr headers])],
[APR_INC=$withval],
- [APR_INC=/usr/include/apr-1])
+ [APR_INC=/usr/include/apr-1.0])
AC_SUBST(APR_INC)
AC_ARG_WITH([krb5-libs],
AC_ARG_WITH([apache-headers],
[AC_HELP_STRING([--with-apache-headers],[path to apache headers])],
[APACHE_INC=$withval],
- [APACHE_INC=/usr/include/apache-1.3])
+ [APACHE_INC=/usr/include/apache2])
AC_SUBST(APACHE_INC)
AC_ARG_WITH([apxs],
[AC_HELP_STRING([--with-apxs],[path to apxs])],
[APXS=$withval],
- [APXS=apxs])
+ [APXS=apxs2])
AC_SUBST(APXS)
AC_ARG_ENABLE(debug,
+libapache-mod-waklog (1.03) stable; urgency=low
+
+ * Enable weak crypto using secret API for openafs. Modern Kerberos
+ disallows DES crypto methods, but openafs for protocol reasons is
+ stuck using des for the time being. Rather than force all afs realms
+ to enable weak crypto, MIT added an undocumented API call to allow
+ openafs to skirt around the weak crypto restrictions. Since we're
+ implementing aklog for Apache, we have to be evil and use it too in
+ order to acquire tokens on a system where weak crypto is not
+ permitted.
+
+ -- Clinton Ebadi <clinton@unknownlamer.org> Sat, 08 Sep 2012 00:34:41 -0400
+
+libapache-mod-waklog (1.02) stable; urgency=low
+
+ [ megacz ]
+ * remove mod-auth-kerb from list of required modules
+
+ [ Ryan Jud Hughes ]
+ * Fix build issues on CentOS
+
+ [ Clinton Ebadi ]
+ * Update mod_waklog for 2012 * Build with apache2 by default (1.3 still works in theory) * Only build Debian package `libapache2-mod-waklog' (apache 1.3 is no longer in Debian) * Left alone otherwise (not quite conformant with the latest package standards)
+
+ -- Clinton Ebadi <clinton@unknownlamer.org> Sun, 02 Sep 2012 17:16:02 -0400
+
libapache-mod-waklog (1.01) unstable; urgency=low
* Applied patch Simon Wilkinson <simon@sxw.org.uk>, fixed a bug,
Section: web
Priority: optional
Maintainer: Adam Megacz <megacz@cs.berkeley.edu>
-Build-Depends: apache-dev, apache2-prefork-dev, libkrb5-dev, autoconf,
+Build-Depends: apache2-prefork-dev, libkrb5-dev, autoconf,
automake, libopenafs-dev
Standards-Version: 3.6.1
-Package: libapache-mod-waklog
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, apache-common, krb5-config
-Description: AFS Authentication for Apache
-
Package: libapache2-mod-waklog
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, apache2-mpm-prefork, krb5-config
+Depends: ${shlibs:Depends}, ${misc:Depends}, apache2-mpm-prefork | apache2-mpm-itk,
+ krb5-config
Description: AFS Authentication for Apache2
default:binary
-apache13:
- dh_testdir
- chmod +x regen.sh
- ./regen.sh
- ./configure \
- --with-afs-libs=/usr/lib/afs \
- --with-afs-headers=/usr/include/afs \
- --with-apxs=/usr/bin/apxs
- make clean
- $(MAKE)
- dh_installdirs
- mkdir -p debian/libapache-mod-waklog/usr/lib/apache/1.3/
- mkdir -p debian/libapache-mod-waklog/etc/apache/conf.d/
- cp mod_waklog.so debian/libapache-mod-waklog/usr/lib/apache/1.3/
- cp debian/waklog.load debian/libapache-mod-waklog/etc/apache/conf.d/waklog.conf
-
apache20:
dh_testdir
chmod +x regen.sh
binary-indep:
-binary-arch: apache13 apache20
+binary-arch: apache20
dh_testdir
dh_testroot
dh_installchangelogs
log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: retrieved data from ccache for %s", k5user);
increds.times.endtime = 0;
-
+
+ /* Since we're fetching a key for AFS, we have to use single DES
+ and explicitely enable weak crypto using the secret API
+ call */
increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+ krb5_allow_weak_crypto (child.kcontext, 1);
if ( ( kerror = krb5_get_credentials (child.kcontext, 0, clientccache, &increds, &v5credsp ) ) ) {
/* only complain once we've tried both afs@REALM and afs/cell@REALM */