On Fri, 21 Dec 2007, Russ Allbery wrote:
Oh, okay. So you're typing in something that looks like a fully qualified
principal and mod_auth_kerb is rejecting it rather than bailing on it even
though you're telling it to do fall-through.
Exactly
Yeah, that sounds like a simple and fixable bug
Richard A Nelson [EMAIL PROTECTED] writes:
I just ran into this again, whilst setting up a new server :(
Are there complications with this, or is it just still fairly
low on the list ?
I'm very surprised that this hasn't been reported more often - there
must be very little kerberos use
On Fri, 21 Dec 2007, Russ Allbery wrote:
Oh, okay. So you're typing in something that looks like a fully qualified
principal and mod_auth_kerb is rejecting it rather than bailing on it even
though you're telling it to do fall-through.
Yes, that is exactly the issue I am stuck with - sorry
Package: libapache2-mod-auth-kerb
Version: 5.3-1.3
Severity: important
Here is a fragment of what I was attempting to accomplish:
AuthType Basic
AuthName w3
AuthBasicProvider ldap file
AuthUserFile /etc/apache2/htpasswd
AuthzLDAPAuthoritative off
Richard A Nelson [EMAIL PROTECTED] writes:
Here is a fragment of what I was attempting to accomplish:
AuthType Basic
AuthName w3
AuthBasicProvider ldap file
AuthUserFile /etc/apache2/htpasswd
AuthzLDAPAuthoritative off
AuthLDAPURL
Richard A Nelson [EMAIL PROTECTED] writes:
Not quite... my browser is capable of SPNEGO, but did not have a ticket
Therefore, the browser-server auth should've been in basic mode.
Oh, okay, then yes, that should work.
mod-auth-kerb, however failed the request since the realm wasn't on its
On Fri, 21 Dec 2007, Russ Allbery wrote:
I'm afraid that you're probably running into a fundamental limitation in
the HTTP protocol here. I don't think it's possible to do what you want.
I'm not sure, let me add a little more info
The problem is that HTTP doesn't have a full-fledged SASL
Richard A Nelson [EMAIL PROTECTED] writes:
On Fri, 21 Dec 2007, Russ Allbery wrote:
Where is the realm coming from? I think that's the part that confused
me. I was assuming that you were doing SPNEGO, since that would then
authenticate as a fully-qualified principal, but if you're doing
On Fri, 21 Dec 2007, Russ Allbery wrote:
Richard A Nelson [EMAIL PROTECTED] writes:
Not quite... my browser is capable of SPNEGO, but did not have a ticket
Therefore, the browser-server auth should've been in basic mode.
Oh, okay, then yes, that should work.
Then I have a chance :)
9 matches
Mail list logo