From 34f8670124e63d9baa50c6cfa3e6945725b72cd8 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Fri, 27 Oct 2017 11:07:35 -0400
Subject: [PATCH] Document gssapi-no-negotiate

---
 Document-gssapi-no-negotiate.patch | 38 ++++++++++++++++++++++++++++++
 mod_auth_gssapi.spec               |  6 ++++-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 Document-gssapi-no-negotiate.patch

diff --git a/Document-gssapi-no-negotiate.patch b/Document-gssapi-no-negotiate.patch
new file mode 100644
index 0000000..e3e142c
--- /dev/null
+++ b/Document-gssapi-no-negotiate.patch
@@ -0,0 +1,38 @@
+From 850e6d452e3ce4d46122f216613c4a14ec398686 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 19 Oct 2017 16:35:29 -0400
+Subject: [PATCH] Document gssapi-no-negotiate
+
+Adds new section for apache env vars.
+
+(cherry picked from commit 5330fa4959ca9317bf5943decfaaf0bbe86f1853)
+---
+ README | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/README b/README
+index 1fdfe98..1393760 100644
+--- a/README
++++ b/README
+@@ -418,3 +418,21 @@ Note: The GSS_C_NT_HOSTBASED_SERVICE format is used for names (see example).
+ #### Example
+     GssapiAcceptorName HTTP@www.example.com
+ 
++Environment Variables
++---------------------
++
++(Note: these are not process environment variables, but rather Apache
++environment variables, as described
++[in the apache docs](https://httpd.apache.org/docs/2.4/env.html).)
++
++### gssapi-no-negotiate
++
++This environment variable is used to suppress setting Negotiate headers.  Not
++sending these headers is useful to work around browsers that do not handle
++them properly (and incorrectly show authentication popups to users).
++
++#### Example
++
++For instance, to suppress negotiation on Windows browsers, one could set:
++
++    BrowserMatch Windows gssapi-no-negotiate
diff --git a/mod_auth_gssapi.spec b/mod_auth_gssapi.spec
index e28ec5c..c96a3ff 100644
--- a/mod_auth_gssapi.spec
+++ b/mod_auth_gssapi.spec
@@ -1,6 +1,6 @@
 Name:           mod_auth_gssapi
 Version:        1.5.1
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        A GSSAPI Authentication module for Apache
 
 Group:          System Environment/Daemons
@@ -11,6 +11,7 @@ Source0:        https://github.com/modauthgssapi/%{name}/releases/download/v%{ve
 Patch0: Allow-admins-to-selectively-suppress-negotiation.patch
 Patch1: Fix-strtol-error-checking.patch
 Patch2: Handle-extra-large-NSS-entries.patch
+Patch3: Document-gssapi-no-negotiate.patch
 
 BuildRequires:  httpd-devel, krb5-devel, openssl-devel, autoconf, automake, libtool
 BuildRequires:  gssntlmssp-devel
@@ -48,6 +49,9 @@ install -m 644 10-auth_gssapi.conf %{buildroot}%{_httpd_modconfdir}
 %{_httpd_moddir}/mod_auth_gssapi.so
 
 %changelog
+* Fri Oct 27 2017 Robbie Harwood <rharwood@redhat.com> - 1.5.1-6
+- Document gssapi-no-negotiate
+
 * Tue Oct 03 2017 Robbie Harwood <rharwood@redhat.com> - 1.5.1-5
 - Handle extra large NSS entries
 - Resolves: #1498175