On Thu, Jul 14, 2005 at 10:53:07PM -0500, Christopher Mason wrote: > >[Thu Jul 14 16:37:52 2005] [error] [client 172.23.155.51] > >gss_accept_sec_context() failed: Miscellaneous failure (Wrong > >principal in request) > > This issue (neon SSPI doesn't expand host names in SPNs) still > exists. The work around is to use the FQDN, but I think the fix is a > pretty short patch. I'll see if I can code this up tomorrow.
There is some discussion of this issue in the neon list archive; the issue is AIUI that mod_auth_kerb *does* canonicalize the hostname but neon does not. neon doesn't canonicalize the server hostname in general because doing so would break name-based vhosting; I guess it could do so solely for use in the Kerberos principal, but that seems a bit dubious. joe _______________________________________________ neon mailing list [email protected] http://mailman.webdav.org/mailman/listinfo/neon
