Set the environment variable KRB5RCACHETYPE to none by default, this …

…is to fix issues when rewrite rules cause multiple auth attempts that are sent for each URL which cause replay errors
OneIdentity · Feb 10, 2016 · 57c6cea · 57c6cea
1 parent 3c1a5c4
commit 57c6cea
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/NEWS b/NEWS
@@ -1,7 +1,8 @@
-4.0.2.3 (2016-02-03)
+4.0.2.3 (2016-02-10)
         - No longer add /etc/*/conf.d* dir to rpm packages, only include
           the actual file from conf.d. This is to resolve conflicts on RHEL7
           with the httpd package. Bug# 861
+        - Set the environment variable KRB5RCACHETYPE to none by default.
 
 4.0.2.2 (2014-11-13)
         - Added a negative group cache for invalid group name lookups. Bug# 851

diff --git a/mod_auth_vas4.c b/mod_auth_vas4.c
@@ -1292,6 +1292,11 @@ static void auth_vas_server_init(apr_pool_t *p, server_rec *s)
         return;
     }
 
+    if(setenv("KRB5RCACHETYPE", "none", 1) == 0)
+        TRACE1_S(s, "%s: KRB5RCACHETYPE set to none, replay cache will be disabled", __func__);
+    else
+        ERROR_S(s, "%s: Failed to set KRB5RCACHETYPE", __func__);
+
     /* If the server_principal has not been set by the user then set it here.
      * We no longer set a default when the server config is initialized
      * Bug #846 fix: [email protected] (4-1-14)