Hi all, I'm trying to use the following setup (everything on Linux): server: Apache2 + mod_auth_kerb + MIT KDC klient: Firefox with properly configured MIT Kerberos support for the local server User has a kerberos ticket in its cache and is able to access protected webpage using firefox without entering their password, the ticket for HTTP/<server> is being successfully obtained. However, in .htaccess of that webpage I have set KrbSaveCredentials and this setting is only working when I enter the password for authentication directly, not use the ticket from cache to authenticate. In apache log I can see the following when not entering the password:
[Mon May 18 11:41:25 2009] [error] [client 192.168.13.133] Cannot store delegated credential (gss_krb5_copy_ccache: Invalid credential was supplied (No error)), referer: http://<server>/php/test.php I've found on several pages that this is related to the ok_as_delegate flag set for HTTP/<server> principal. So my first question is, whether this is true, whether this is needed in my situation. And if yes then my second question is how can I set this flag in kadmin (or any other way)? I've seen some activity going on on this feature recently in MIT Kerberos svn, so maybe it will be available in the next release of MIT Kerberos? I'm using version 1.6.3. Thanks for any help. David ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
