Re: [CalendarServer-users] calendarserver on debian via nss and kerberos

Tue, 24 Mar 2009 07:26:18 -0700 

On 03/24/2009 03:03 PM, Marco Ghidinelli wrote:

On Mon, Mar 23, 2009 at 07:10:51AM +0100, Guido Günther wrote:
 > On Tue, Mar 03, 2009 at 12:27:45PM +0100, Marco Ghidinelli wrote:
 > > hello,
 > > anyone was able to use calendarserver on debian 5 with users from
 > > nssswitch and authentication via SPNEGO/Kerberos?
 > >
 > > I followed the README.Debian, but with no results.
 > To verify if NSS really works you can change:

[...]
 >
 > in twistedcaldav/directory/nss.py. This will disable *all*
 > authentication but the first/lastValUid etc checks will still be in
 > place. Once this works we can try to work out why kerberos fails.

hello guido,

i changed the line above, but with or without the change the result is
the same:

i always get an
2009-03-24 14:33:46+0100 [-] [caldav-8008] [NegotiateCredentialFactory]
'authGSSServerStep: Unspecified GSS failure. Minor code may provide
more information(No error)'

so i changed the twistedcalendar/authkerb.py at about the line 231
to print the base64data associated to the failed request.

when i connect from internetexplorer i get an ntlm base64data,
when i connect from firefox (from a kerberos authenticated linux
machine) i get a long message, that i'll send you in a private mail.


from the firefox machine, i tried to

export NSPR_LOG_MODULES=negotiateauth:5
export NSPR_LOG_FILE=/tmp/moz.log

and i got those error messages:

-1211647776[9878060]:   using REQ_DELEGATE
-1211647776[9878060]:   service = muttley.domain.local
-1211647776[9878060]:   using negotiate-gss
-1211647776[9878060]: entering nsAuthGSSAPI::nsAuthGSSAPI()
-1211647776[9878060]: entering nsAuthGSSAPI::Init()
-1211647776[9878060]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=negotiate] 
-1211647776[9878060]: entering nsAuthGSSAPI::GetNextToken()
-1211647776[9878060]:   leaving nsAuthGSSAPI::GetNextToken [rv=0]
-1211647776[9878060]:   Sending a token of length 1376
-1211647776[9878060]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=negotiate] 
-1211647776[9878060]: entering nsAuthGSSAPI::GetNextToken()
-1211647776[9878060]: Cannot restart authentication sequence!

but i don't know hot to use this informations.

_______________________________________________
calendarserver-users mailing list
calendarserver-users@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users

Reply via email to