Update README and bump version in Makefile

pyhalov · Sep 26, 2012 · 9f04ee4 · 9f04ee4
1 parent 44bbdef
commit 9f04ee4
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 40 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,9 @@
+commit 44bbdef3f10aa719fa3a150001314ff508e08f87
+Author: Sean Noonan <[email protected]>
+Date:   Wed Sep 26 21:10:52 2012 +0000
+
+    remove spnegohelp
+
 commit fc2a777d4eb65d9f3bf14f3d6fac1a7d21f94a6a
 Author: Sean Noonan <[email protected]>
 Date:   Wed Sep 26 20:46:37 2012 +0000

diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 
 NAME=ngx_http_auth_spnego_module
-VERSION=0.0.4
+VERSION=1.0.0
 
 NPKG=$(NAME)-$(VERSION)
 NHEAD=$(NAME)-HEAD

diff --git a/README b/README
@@ -1,33 +1,35 @@
 Nginx module to use SPNEGO+GSSAPI+Kerberos for HTTP authentication
 ==================================================================
-
-Foreword From Mike
-------------------
-Michael Shadle paid YoctoPetaBorg from RentACoder to develop this extension.
-
-YPB's notes are what make up the rest of this document.
-
-I (Michael Shadle) have tried to string replace and rename this to be called
-"ngx_http_auth_spnego_module" instead of the previous "ngx_http_auth_sso_module" name.
-
-There may be some oddities due to this. Hopefully not.
-
-[email protected]
-
-Whatsizit
----------
-
-Code 97% stolen from mod_auth_gss_krb5 (http://modgssapache.sf.net);
-version 0.0.5.
+Testing
+-------
+Authentication has been tested with (at least) the following:
+  Software
+  Nginx             1.2.3
+  Internet Explorer 8.0.7600.16385
+  Firefox           10.0.6
+  Chrome            20.0.1132.57
+  Curl              7.19.5 (GSS-Negotiate), 7.27.0 (SPNEGO/fbopenssl)
+
+The underlying kerberos library used for these tests was MIT KRB5 1.7
+
+History
+-------
+Michael Shadle paid YoctoPetaBorg from RentACoder to develop this extension as
+ngx_http_auth_sso_module.  Michael then renamed it to
+ngx_http_auth_spnego_module.  This initial module provided spnego support using
+Microsoft's sample spnegohelp files.  Since then, SPNEGO support has made its
+way into various GSS/Kerberos libraries.
+
+Various other people have contributed minor patches to make the extension work
+in their environments.
+
+Provenance
+----------
+The initial codebase was a fork of Apache's mod_auth_gss_krb5 0.0.5
+(http://modgssapache.sf.net) with changes to support nginx.
 
 Compilation
 -----------
-
-First you need to compile the spnegohelp dynamic library. 'make' in that
-subdirectory should do it, then place it by hand somewhere where linker
-and loader can find it by default (probably /usr/lib or perhaps even
-/usr/local/lib depending on your setup).
-
 When compiling from source build as usual adding the --add-module option:
 
   ./configure --add-module=$PATH_TO_MODULE
@@ -36,7 +38,6 @@ inside top Nginx source directory.
 
 Configuration
 -------------
-
 The module has following directives:
 
 - auth_gss: "on"/"off", for ease of unsecuring while leaving other
@@ -67,9 +68,8 @@ location /topsecret {
   auth_gss_service_name HTTP;
 }
 
-Additional steps...
--------------------
-
-pray for no segfaults...
-
-TOFIX: perhaps add instructions on how to create the service keytab...
+Additional Information
+----------------------
+Generating a keytab with an HTTP SPN will be specific to your environment. As
+with many things, ask your local administrators or try examples on Google until
+you find something that works.
diff --git a/TODO b/TODO
@@ -1,4 +1,3 @@
 TODO
 ----
-Change "auth_gss" to "auth_spnego" - this is probably more appropriate - mike503
 Change basic auth support to properly strip port number - stnoonan
diff --git a/config b/config
@@ -1,4 +1,4 @@
 ngx_addon_name=ngx_http_auth_spnego_module
 HTTP_MODULES="$HTTP_MODULES ngx_http_auth_spnego_module"
 NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_auth_spnego_module.c"
-CORE_LIBS="$CORE_LIBS -L$ngx_addon_dir/spnegohelp -Wl,-rpath $ngx_addon_dir/spnegohelp -lspnegohelp -lgssapi_krb5 -lkrb5 -lcom_err"
+CORE_LIBS="$CORE_LIBS -Wl -lgssapi_krb5 -lkrb5 -lcom_err"
diff --git a/ngx_http_auth_spnego_module.c b/ngx_http_auth_spnego_module.c
@@ -536,14 +536,9 @@ ngx_http_auth_spnego_auth_user_gss(ngx_http_request_t * r,
         ngx_http_auth_spnego_ctx_t * ctx,
         ngx_http_auth_spnego_loc_conf_t * alcf)
 {
-    static u_char ntlmProtocol[] =
-    { 'N', 'T', 'L', 'M', 'S', 'S', 'P', 0 };
-
     /* nginx stuff */
     ngx_str_t host_name;
     ngx_int_t ret = NGX_DECLINED;
-    int rc;
-    int spnego_flag = 0;
     char *p;
 
     /* kerberos stuff */