New port www/mod_auth_kerb: authenticate Web clients against Kerberos v5.

11 files changed, 123 insertions, 0 deletions

diff --git a/www/Makefile b/www/Makefile
index 03d58e9ccf01..ab17f4df73cf 100644
--- a/www/Makefile
+++ b/www/Makefile
@@ -127,6 +127,7 @@
     SUBDIR += mod_access_referer
     SUBDIR += mod_auth_any
     SUBDIR += mod_auth_external
+    SUBDIR += mod_auth_kerb
     SUBDIR += mod_auth_mysql
     SUBDIR += mod_auth_pam
     SUBDIR += mod_auth_pgsql
diff --git a/www/mod_auth_kerb/Makefile b/www/mod_auth_kerb/Makefile
new file mode 100644
index 000000000000..f8939c23f667
--- /dev/null
+++ b/www/mod_auth_kerb/Makefile
@@ -0,0 +1,42 @@
+# New ports collection makefile for:	mod_auth_kerb
+# Date created:				19 October 2001
+# Whom:					wollman
+#
+# $FreeBSD$
+#
+
+# Shamelessly stolen from will's mod_auth_any port.
+
+PORTNAME=	mod_auth_kerb
+PORTVERSION=	4.10
+CATEGORIES=	www
+MASTER_SITES=	http://stonecold.unity.ncsu.edu/software/mod_auth_kerb/downloads/
+
+MAINTAINER=	wollman@FreeBSD.org
+
+#
+# This module allows users to send their Kerberos password in
+# plain text; it should only be used over an encrypted connection
+# (i.e., HTTP over SSL/TLS).  Thus, we require as a dependency
+# a version of Apache which can do this.
+#
+BUILD_DEPENDS=	${APXS}:${PORTSDIR}/www/apache13-modssl
+RUN_DEPENDS=	${APXS}:${PORTSDIR}/www/apache13-modssl
+LIB_DEPENDS=	krb5.3:${PORTSDIR}/security/krb5
+
+WRKSRC=		${WRKDIR}/src/modules/kerberos
+
+APXS?=		${LOCALBASE}/sbin/apxs
+KRB5_HOME?=	${LOCALBASE}
+
+do-build:
+	cd ${WRKSRC} && \
+		${APXS} -I${KRB5_HOME}/include -L${KRB5_HOME}/lib \
+		-DKRB5 -DKRB5_VERIFY_TICKET -DKRB5_SAVE_CREDENTIALS \
+		-DKRB5_DEFAULT_KEYTAB=\"\\\"file:${LOCALBASE}/etc/apache/keytab\\\"\" \
+		-c ${PORTNAME}.c
+
+do-install:
+	${APXS} -i -A -n ${PORTNAME:S/mod_//g} ${WRKSRC}/${PORTNAME}.so
+
+.include <bsd.port.mk>
diff --git a/www/mod_auth_kerb/distinfo b/www/mod_auth_kerb/distinfo
new file mode 100644
index 000000000000..e9e8e1b7f5d9
--- /dev/null
+++ b/www/mod_auth_kerb/distinfo
@@ -0,0 +1 @@
+MD5 (mod_auth_kerb-4.10.tar.gz) = 5088f0bbdecbd120b9118273a3957510
diff --git a/www/mod_auth_kerb/pkg-comment b/www/mod_auth_kerb/pkg-comment
new file mode 100644
index 000000000000..f5a1f4c2f90c
--- /dev/null
+++ b/www/mod_auth_kerb/pkg-comment
@@ -0,0 +1 @@
+An Apache module for authenticating users with Kerberos v5
diff --git a/www/mod_auth_kerb/pkg-descr b/www/mod_auth_kerb/pkg-descr
new file mode 100644
index 000000000000..88d070bc10a1
--- /dev/null
+++ b/www/mod_auth_kerb/pkg-descr
@@ -0,0 +1,14 @@
+mod_auth_kerb is an Apache module for authenticating Web clients
+in a Kerberos v5 realm.  Because the Kerberos password is transmitted
+in plain text, this module MUST be used in conjunction with an
+encryption-capable Web server (by default, apache13-modssl).  There is
+no documentation provided; see the Web site for more details.  This
+package is built with the KRB5_VERIFY_TICKET and KRB5_SAVE_CREDENTIALS
+options, and *without* Kerberos v4 support.  In order to successfully
+authenticate users, the Web server will need a keytab file containing
+a key for the principal `www/my.host.name.example@MY.REALM.EXAMPLE'
+which is readable by the user Apache runs as; the location of this
+keytab defaults to ${LOCALBASE}/etc/apache/keytab but can be modified
+in the server configuration.
+
+WWW: http://stonecold.unity.ncsu.edu/software/mod_auth_kerb/
diff --git a/www/mod_auth_kerb/pkg-plist b/www/mod_auth_kerb/pkg-plist
new file mode 100644
index 000000000000..9c53a963e65a
--- /dev/null
+++ b/www/mod_auth_kerb/pkg-plist
@@ -0,0 +1,3 @@
+libexec/apache/mod_auth_kerb.so
+@exec %D/sbin/apxs -e -A -n auth_kerb %D/%F
+@unexec %D/sbin/apxs -e -A -n auth_kerb %D/%F
diff --git a/www/mod_auth_kerb2/Makefile b/www/mod_auth_kerb2/Makefile
new file mode 100644
index 000000000000..f8939c23f667
--- /dev/null
+++ b/www/mod_auth_kerb2/Makefile
@@ -0,0 +1,42 @@
+# New ports collection makefile for:	mod_auth_kerb
+# Date created:				19 October 2001
+# Whom:					wollman
+#
+# $FreeBSD$
+#
+
+# Shamelessly stolen from will's mod_auth_any port.
+
+PORTNAME=	mod_auth_kerb
+PORTVERSION=	4.10
+CATEGORIES=	www
+MASTER_SITES=	http://stonecold.unity.ncsu.edu/software/mod_auth_kerb/downloads/
+
+MAINTAINER=	wollman@FreeBSD.org
+
+#
+# This module allows users to send their Kerberos password in
+# plain text; it should only be used over an encrypted connection
+# (i.e., HTTP over SSL/TLS).  Thus, we require as a dependency
+# a version of Apache which can do this.
+#
+BUILD_DEPENDS=	${APXS}:${PORTSDIR}/www/apache13-modssl
+RUN_DEPENDS=	${APXS}:${PORTSDIR}/www/apache13-modssl
+LIB_DEPENDS=	krb5.3:${PORTSDIR}/security/krb5
+
+WRKSRC=		${WRKDIR}/src/modules/kerberos
+
+APXS?=		${LOCALBASE}/sbin/apxs
+KRB5_HOME?=	${LOCALBASE}
+
+do-build:
+	cd ${WRKSRC} && \
+		${APXS} -I${KRB5_HOME}/include -L${KRB5_HOME}/lib \
+		-DKRB5 -DKRB5_VERIFY_TICKET -DKRB5_SAVE_CREDENTIALS \
+		-DKRB5_DEFAULT_KEYTAB=\"\\\"file:${LOCALBASE}/etc/apache/keytab\\\"\" \
+		-c ${PORTNAME}.c
+
+do-install:
+	${APXS} -i -A -n ${PORTNAME:S/mod_//g} ${WRKSRC}/${PORTNAME}.so
+
+.include <bsd.port.mk>
diff --git a/www/mod_auth_kerb2/distinfo b/www/mod_auth_kerb2/distinfo
new file mode 100644
index 000000000000..e9e8e1b7f5d9
--- /dev/null
+++ b/www/mod_auth_kerb2/distinfo
@@ -0,0 +1 @@
+MD5 (mod_auth_kerb-4.10.tar.gz) = 5088f0bbdecbd120b9118273a3957510
diff --git a/www/mod_auth_kerb2/pkg-comment b/www/mod_auth_kerb2/pkg-comment
new file mode 100644
index 000000000000..f5a1f4c2f90c
--- /dev/null
+++ b/www/mod_auth_kerb2/pkg-comment
@@ -0,0 +1 @@
+An Apache module for authenticating users with Kerberos v5
diff --git a/www/mod_auth_kerb2/pkg-descr b/www/mod_auth_kerb2/pkg-descr
new file mode 100644
index 000000000000..88d070bc10a1
--- /dev/null
+++ b/www/mod_auth_kerb2/pkg-descr
@@ -0,0 +1,14 @@
+mod_auth_kerb is an Apache module for authenticating Web clients
+in a Kerberos v5 realm.  Because the Kerberos password is transmitted
+in plain text, this module MUST be used in conjunction with an
+encryption-capable Web server (by default, apache13-modssl).  There is
+no documentation provided; see the Web site for more details.  This
+package is built with the KRB5_VERIFY_TICKET and KRB5_SAVE_CREDENTIALS
+options, and *without* Kerberos v4 support.  In order to successfully
+authenticate users, the Web server will need a keytab file containing
+a key for the principal `www/my.host.name.example@MY.REALM.EXAMPLE'
+which is readable by the user Apache runs as; the location of this
+keytab defaults to ${LOCALBASE}/etc/apache/keytab but can be modified
+in the server configuration.
+
+WWW: http://stonecold.unity.ncsu.edu/software/mod_auth_kerb/
diff --git a/www/mod_auth_kerb2/pkg-plist b/www/mod_auth_kerb2/pkg-plist
new file mode 100644
index 000000000000..9c53a963e65a
--- /dev/null
+++ b/www/mod_auth_kerb2/pkg-plist
@@ -0,0 +1,3 @@
+libexec/apache/mod_auth_kerb.so
+@exec %D/sbin/apxs -e -A -n auth_kerb %D/%F
+@unexec %D/sbin/apxs -e -A -n auth_kerb %D/%F