Richard A Nelson <[EMAIL PROTECTED]> writes: > Not quite... my browser is capable of SPNEGO, but did not have a ticket > Therefore, the browser<->server auth should've been in basic mode.
Oh, okay, then yes, that should work. > mod-auth-kerb, however failed the request since the realm wasn't on its > list of approved realms... Where is the realm coming from? I think that's the part that confused me. I was assuming that you were doing SPNEGO, since that would then authenticate as a fully-qualified principal, but if you're doing basic auth, how did mod_auth_kerb get a realm? Did you enter one in the browser? > That is what I'd like to have changed, such that if the realm isn't > listed, the module (if configured to do so), delegates the auth request > instead of issuing the error and failing auth. > Most other users of the site will not even have SPNEGO enabled (assuming > they're on Firefox, IE I think does it by default). IE by default disables SPNEGO to any site that's not in its trusted zone. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
