If you hammer on a page with Internet Explorer it will send what MIT Kerberos considers replays of the gss-init-sec-context tokens. So in order to get around this you either need to always use SSL and disable the replay cache on the server, (Which unless the api has changed in recent versions of MIT Kerberos there is no api to do this), or it might also work to tweak MIT's replay cache to include sequence numbers. (MS seems to pick a random number for their initial sequence number, and these seem to change with each request.)
-Christopher Nebergall -----Original Message----- From: Frank Balluffi To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: 9/3/2003 8:18 PM Subject: SPNEGO APIs and Apache modules Markus Moeller and I have made SPNEGO C APIs and Apache modules available at https://sourceforge.net/projects/modgssapache/. The project contains three packages: fbopenssl mod_spnego modgssapache fbopenssl (for lack of a better name) is a library of extensions to OpenSSL, including APIs for GSS-API and SPNEGO ASN.1 messages (or PDUs). fbopenssl has been tested on Linux, Microsoft Windows and Sun Solaris. fbopenssl still needs to be tested for memory leaks using a tool like Purify. mod_spnego is an Apache 2.0 SPNEGO module that supports Kerberos authentication and user-level authorization. mod_spnego uses fbopenssl, MIT GSS-API and OpenSSL. mod_spnego has been tested on Linux, Microsoft Windows and Sun Solaris using Microsoft Internet Explorer 6.0. Currently, mod_spnego does not support Apache 1.3 and group-level authorization. modgssapache is a modified version of the Apache 1.3 GSS-API module located at http://meta.cesnet.cz/software/heimdal/negotiate.en.html. This version has been modified to support SPNEGO using open-source SPNEGO APIs from Microsoft. modgssapache has been tested on Linux and Sun Solaris. Frank _________________________________________________________________ Get 10MB of e-mail storage! Sign up for Hotmail Extra Storage. http://join.msn.com/?PAGE=features/es _______________________________________________ krbdev mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/krbdev ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
