Import mod_auth_kerb 5.0rc6

This is the Apache Kerberos authentication module. It
allows any Apache web-server to become a Kerberos client
for authentication requests.

From Chris Kuethe <ckuethe@ualberta.ca>

www/mod_auth_kerb/Makefile

@@ -0,0 +1,42 @@
+# $OpenBSD: Makefile,v 1.1.1.1 2005/11/03 16:23:13 alek Exp $
+
+SHARED_ONLY=	Yes
+
+COMMENT=	"Apache Kerberos authentication module"
+
+VERSION=	5.0-rc6
+DISTNAME=	mod_auth_kerb-${VERSION}
+PKGNAME=	mod_auth_kerb-${VERSION:S/-//}
+CATEGORIES=	www
+
+HOMEPAGE=	http://modauthkerb.sourceforge.net/
+
+MAINTAINER=	Chris Kuethe <ckuethe@ualberta.ca>
+
+# combination of 2- and 3-clause BSD, MIT, and export crypto warnings
+PERMIT_PACKAGE_CDROM=	Yes
+PERMIT_PACKAGE_FTP=	Yes
+PERMIT_DISTFILES_CDROM=	Yes
+PERMIT_DISTFILES_FTP=	Yes
+WANTLIB=		ssl gssapi krb5 crypto
+
+MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=modauthkerb/}
+
+NO_REGRESS=	Yes
+
+CONFIGURE_STYLE=gnu
+CONFIGURE_ENV=	KRB5_CPPFLAGS="-I/usr/include/kerberosV" \
+		KRB5_LDFLAGS="-lkrb5 -lgssapi -lssl -lcrypto"
+
+post-build:
+	sed 's,!!PREFIX!!,${PREFIX},' \
+		< ${FILESDIR}/mod_auth_kerb-enable \
+		> ${WRKBUILD}/mod_auth_kerb-enable
+
+do-install:
+	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/mod_auth_kerb
+	${INSTALL_DATA} ${FILESDIR}/README ${PREFIX}/share/doc/mod_auth_kerb
+	${INSTALL_DATA} ${WRKBUILD}/src/mod_auth_kerb.so ${PREFIX}/lib
+	${INSTALL_SCRIPT} ${WRKBUILD}/mod_auth_kerb-enable ${PREFIX}/sbin
+
+.include <bsd.port.mk>

www/mod_auth_kerb/distinfo

@@ -0,0 +1,4 @@
+MD5 (mod_auth_kerb-5.0-rc6.tar.gz) = 274edfb950af20ce6ef0ddcb7c20263a
+RMD160 (mod_auth_kerb-5.0-rc6.tar.gz) = a9a277c532e7f72b3a649346e88db7aea1889036
+SHA1 (mod_auth_kerb-5.0-rc6.tar.gz) = b1700b4eca2d50691977849750f5e614c7caa80d
+SIZE (mod_auth_kerb-5.0-rc6.tar.gz) = 68761

www/mod_auth_kerb/files/README

@@ -0,0 +1,41 @@
+$OpenBSD: README,v 1.1.1.1 2005/11/03 16:23:13 alek Exp $
+
+If you haven't already run the module enabler, you can manually enable
+Kerberos support by adding the following lines into httpd.conf near the
+other authentication modules.
+
+	# user authentication using kerberos
+	LoadModule auth_kerb_module /usr/lib/apache/modules/mod_auth_kerb.so
+
+To require Kerberos authenication for a directory (or file or location),
+enclose that location in a block that looks like this. The mod_auth_kerb
+documenation is a bit sketchy yet, but this was taken from a working openbsd
+machine using mod_auth_kerb. Only the names have been changed to protect
+the realm. Obviously, you must have working Kerberos before this module can
+do anything useful.
+
+	# A Kerberos Authenticated Directory
+	<Directory /var/www/htdocs/private>
+		AuthType Kerberos
+		AuthName "Kerberos Userid and Password"
+		KrbMethodNegotiate off
+		KrbMethodK5Passwd on
+		KrbAuthRealms YOUR.REALM
+		KrbVerifyKDC on
+		Krb5Keytab /var/www/conf/httpd.keytab
+		KrbServiceName http
+		require valid-user
+	</Directory>
+
+It is suggested that you create a keytab for httpd that is readable but not
+writeable by apache, and has no relation to your other Kerberos keys. One
+way to do this:
+
+	ktutil -k /var/www/conf/httpd.keytab add -V 1 -e des-cbc-crc \
+		-w PASSWORD -p http/host.domain.tld@REALM.TLD
+	chown root:www /var/www/conf/httpd.keytab
+	chmod 0440 /var/www/conf/httpd.keytab
+
+Thus, if httpd is ever convinced to give access to the keytab, it will be
+unable to make changes to the keytab, and will be unable to do anything more
+than serve up its own keytab (which is bad enough).

www/mod_auth_kerb/files/mod_auth_kerb-enable

@@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# $OpenBSD: mod_auth_kerb-enable,v 1.1.1.1 2005/11/03 16:23:13 alek Exp $
+
+MODULE=!!PREFIX!!/lib/mod_auth_kerb.so
+
+if [ `id -u` -ne 0 ]; then
+    echo "You must be root to run this script."
+    exit
+fi
+
+if [ ! -f ${MODULE} ]; then
+    echo "Cannot find mod_auth_krb module (${MODULE})"
+    exit 1
+else
+    echo "Enabling Kerberos Authentication module..."
+    /usr/sbin/apxs -i -a -n auth_kerb ${MODULE}
+fi

www/mod_auth_kerb/pkg/DESCR

@@ -0,0 +1,3 @@
+This is the Apache Kerberos authentication module. It
+allows any Apache web-server to become a Kerberos client
+for authentication requests.

www/mod_auth_kerb/pkg/MESSAGE

@@ -0,0 +1,8 @@
+To finish the install of mod_auth_krb, you need
+to enable the module using the following command
+
+  ${PREFIX}/sbin/mod_auth_kerb-enable
+
+If you already have Apache running on your machine,
+you should not use "apachectl restart" - instead,
+you should fully stop and then restart the server.

www/mod_auth_kerb/pkg/PLIST

@@ -0,0 +1,6 @@
+@comment $OpenBSD: PLIST,v 1.1.1.1 2005/11/03 16:23:13 alek Exp $
+lib/mod_auth_kerb.so
+sbin/mod_auth_kerb-enable
+share/doc/mod_auth_kerb/
+share/doc/mod_auth_kerb/README
+@unexec rm -f /usr/lib/apache/modules/mod_auth_kerb.so

www/mod_auth_kerb/pkg/UNMESSAGE

@@ -0,0 +1,8 @@
+To completely deinstall the mod_auth_kerb package you
+need to perform these steps as root:
+
+       edit /var/www/conf/httpd.conf
+       remove the line LoadModule auth_kerb_module
+
+Do not do this if you plan on re-installing the
+mod_auth_radius package at some future time.