Hi Simo, > On Thu, 2016-03-24 at 14:12 +0100, Andreas Ladanyi wrote: >> The login should also (like on the old system) be possible from a client >> outside the kerberos realm, so a username/password popup should appear. > If the basic auth header is received the browser will either show a > popup, or just send credentials if it had them previously cached. is this the HTTP 401 message from the server to the browser ? > >> I thought this is possible because the GssapiBasicAuth is On. > GssapiBasicAuth On enables Basic Auth fallback indeed, but this option > is supported only starting with version 1.2.0, what version do you use ? i use version 1.3.1 > >> So how i could debug/solve this issue ? > Check with developer tools if the browser is receiving a basic auth > header, if not check the apache error logs after raising debug level to > see if mod_auth_gssapi is logging any error. > > Keep in mind that browsers will attempt negotiate auth in preference.
i used the Live HTTP header addon for firefox and get this response from the Apache server: HTTP/1.1 200 OK Date: Mon, 04 Apr 2016 09:04:48 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_auth_gssapi/1.3.1 PHP/5.4.16 X-Powered-By: PHP/5.4.16 Set-Cookie: PHPSESSID=1he24b9k0igddspei4vnpt7sd6; path=/; HttpOnly Set-Cookie: MANTIS_secure_session=0; path=/; httponly Cache-Control: no-store, no-cache, must-revalidate Last-Modified: Mon, 04 Apr 2016 09:04:48 GMT x-content-type-options: nosniff Expires: Mon, 04 Apr 2016 09:04:48 GMT X-Frame-Options: DENY X-Content-Security-Policy: allow 'self'; options inline-script eval-script; frame-ancestors 'none' Content-Encoding: gzip Vary: Accept-Encoding Content-Length: 1470 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 I cant see a HTTP 401 server message in the firefox log. So the apache doesnt know (????) that 401 should be send to the browser so the username/password popup doesnt appear ? I cant see 401 messages in error_log/access_log from apache. regards, Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos