You might try setting KrbMethodNegotiate off , KrbSaveCredentials on in the .htaccess file and exporting the KRB5CCNAME within apache if possible
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, February 13, 2006 11:02 AM To: [email protected] Subject: Kerberos Digest, Vol 38, Issue 15 Send Kerberos mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://mailman.mit.edu/mailman/listinfo/kerberos or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Kerberos digest..." Today's Topics: 1. [Re: auth with apache] (Lukas Pataki) 2. <failed to verify krb5 credentials: Request is a replay> error (FM) ---------------------------------------------------------------------- Message: 1 Date: Mon, 13 Feb 2006 12:40:30 +0100 From: Lukas Pataki <[EMAIL PROTECTED]> Subject: [Re: auth with apache] To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-15 Martin v. L?wis wrote: > If you meant to say: "The HTTP server does not request a ticket". > then I respond: of course not. In Kerberos, there is not > any communication between the service and the KDC at all. > Instead, the client is supposed to send the ticket to the server, > and then the server uses the service ticket, plus its keytab > entry, to validate the ticket. > > You should set the Apache DebugLevel to the highest value > (is that "all"?), nope => debug :) allready done that: [Sun Feb 12 22:02:37 2006] [debug] src/mod_auth_kerb.c(1322): [client 192.168.0.12] kerb_authenticate_user entered with user (NULL) and auth_type KerberosV5 [Sun Feb 12 22:02:37 2006] [debug] src/mod_auth_kerb.c(879): [client 192.168.0.12] kerb_authenticate_user_krb5pwd ret=0 [EMAIL PROTECTED] authtype=Basic [Sun Feb 12 22:02:37 2006] [debug] src/mod_auth_kerb.c(1322): [client 192.168.0.12] kerb_authenticate_user entered with user [EMAIL PROTECTED] and auth_type KerberosV5 [Sun Feb 12 22:02:37 2006] [debug] src/mod_auth_kerb.c(1322): [client 192.168.0.12] kerb_authenticate_user entered with user [EMAIL PROTECTED] and auth_type KerberosV5 any ideas ? thanks luke ------------------------------ Message: 2 Date: Mon, 13 Feb 2006 10:06:58 -0500 From: FM <[EMAIL PROTECTED]> Subject: <failed to verify krb5 credentials: Request is a replay> error To: Mailing List Kerberos <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=UTF-8; format=flowed Hello, I configure subversion (web_dav) to use mod_auth_kerb in shell, no prob it's using ticket_cache but from eclipse (for ex), it use basic auth. Some commits fail because of this error : "failed to verify krb5 credentials": Request is a replay I know that it is a kdc error but what does it mean ? Do you know a work around ? thanks ! ------------------------------ _______________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos End of Kerberos Digest, Vol 38, Issue 15 **************************************** ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
