Bug#457341: libapache2-mod-auth-kerb: KrbAuthoritative is broken

On Fri, 21 Dec 2007, Russ Allbery wrote: Oh, okay. So you're typing in something that looks like a fully qualified principal and mod_auth_kerb is rejecting it rather than bailing on it even though you're telling it to do fall-through. Exactly Yeah, that sounds like a simple and fixable bug

Bug#457341: libapache2-mod-auth-kerb: KrbAuthoritative is broken

Richard A Nelson [EMAIL PROTECTED] writes: I just ran into this again, whilst setting up a new server :( Are there complications with this, or is it just still fairly low on the list ? I'm very surprised that this hasn't been reported more often - there must be very little kerberos use

Bug#457341: libapache2-mod-auth-kerb: KrbAuthoritative is broken

On Fri, 21 Dec 2007, Russ Allbery wrote: Oh, okay. So you're typing in something that looks like a fully qualified principal and mod_auth_kerb is rejecting it rather than bailing on it even though you're telling it to do fall-through. Yes, that is exactly the issue I am stuck with - sorry

Bug#457341: libapache2-mod-auth-kerb: KrbAuthoritative is broken

Package: libapache2-mod-auth-kerb Version: 5.3-1.3 Severity: important Here is a fragment of what I was attempting to accomplish: AuthType Basic AuthName w3 AuthBasicProvider ldap file AuthUserFile /etc/apache2/htpasswd AuthzLDAPAuthoritative off

Bug#457341: libapache2-mod-auth-kerb: KrbAuthoritative is broken

Richard A Nelson [EMAIL PROTECTED] writes: Here is a fragment of what I was attempting to accomplish: AuthType Basic AuthName w3 AuthBasicProvider ldap file AuthUserFile /etc/apache2/htpasswd AuthzLDAPAuthoritative off AuthLDAPURL

Bug#457341: libapache2-mod-auth-kerb: KrbAuthoritative is broken

Richard A Nelson [EMAIL PROTECTED] writes: Not quite... my browser is capable of SPNEGO, but did not have a ticket Therefore, the browser-server auth should've been in basic mode. Oh, okay, then yes, that should work. mod-auth-kerb, however failed the request since the realm wasn't on its

Bug#457341: libapache2-mod-auth-kerb: KrbAuthoritative is broken

On Fri, 21 Dec 2007, Russ Allbery wrote: I'm afraid that you're probably running into a fundamental limitation in the HTTP protocol here. I don't think it's possible to do what you want. I'm not sure, let me add a little more info The problem is that HTTP doesn't have a full-fledged SASL

Bug#457341: libapache2-mod-auth-kerb: KrbAuthoritative is broken

Richard A Nelson [EMAIL PROTECTED] writes: On Fri, 21 Dec 2007, Russ Allbery wrote: Where is the realm coming from? I think that's the part that confused me. I was assuming that you were doing SPNEGO, since that would then authenticate as a fully-qualified principal, but if you're doing

Bug#457341: libapache2-mod-auth-kerb: KrbAuthoritative is broken

On Fri, 21 Dec 2007, Russ Allbery wrote: Richard A Nelson [EMAIL PROTECTED] writes: Not quite... my browser is capable of SPNEGO, but did not have a ticket Therefore, the browser-server auth should've been in basic mode. Oh, okay, then yes, that should work. Then I have a chance :)