Markus Moeller wrote:
I have a linux (Fedore core 4) web server running Apache (2.0) with
mod_auth_kerb and Tomcat.
I want to implement a SSO for my web application.
Does mod_auth_kerb really do GSSAPI ?
I thought it was just an implementation of HTTP basic auth, with Kerberos
instead of
Hi Achim,
Following are the headers of the request and reply to and from the
webserver.
Request from IE to the webserver:
GET /iViewXT/login.do HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-ie
Host: gtci2736vm
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
Smellyfrog wrote:
I have a linux (Fedore core 4) web server running Apache (2.0) with
mod_auth_kerb and Tomcat.
I want to implement a SSO for my web application.
Does mod_auth_kerb really do GSSAPI ?
I thought it was just an implementation of HTTP basic auth, with Kerberos
instead of the
OK, it's getting sad. I'm replying to my own posts. ;o) What was wrong
was the way the Keytab had been generated. I asked our admin to
regenerate it but this time following exactly Achim's way. So now I
have a ticket for the HTTP service being generated in my XP Client.
In apache though I have
Hi all,
Another mistake of mine was that I had set the log level to debug in
apache but not for the virtual host. So now that this is done, this is
the kind of debug statement I get from apache:
[Fri Jan 13 10:40:45 2006] [info] Initial (No.1) HTTPS request received
for child 2 (server
Martin v. L?wis wrote:
I have read http://modauthkerb.sourceforge.net/configure.html and it
is not clear to me: how do you turn off Basic and leave only GSSAPI on?
What's unclear about
KrbMethodK5Passwd on | off (set to on by default)
The term KrbMethodK5Passwd was unclear.
So the
On Thursday 12 January 2006 19:01, Victor Sudakov wrote:
Does mod_auth_kerb really do GSSAPI ?
Yes. Please have a look at
http://www.kerberosprotocols.org/index.php/Draft-brezak-spnego-http-03.txt
I thought it was just an implementation of HTTP basic auth, with Kerberos
instead of the
Check the keytab permissions. If apache runs as webuser and the default
keytab has only root read permission you will see this error.
Markus
Smellyfrog [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
OK, it's getting sad. I'm replying to my own posts. ;o) What was wrong
was the way
Smellyfrog [EMAIL PROTECTED] writes:
[Fri Jan 13 12:57:16 2006] [debug] src/mod_auth_kerb.c(1023): [client
172.24.25.100] Acquiring creds for HTTP/[EMAIL PROTECTED]
This looks wrong. Normally the instance of the HTTP/* principal must be a
fully-qualified hostname.
--
Russ Allbery ([EMAIL
Victor Sudakov wrote:
I have read http://modauthkerb.sourceforge.net/configure.html and it
is not clear to me: how do you turn off Basic and leave only GSSAPI on?
What's unclear about
KrbMethodK5Passwd on | off (set to on by default)
To enable or disable the use of password based
mod_auth_kerb can do either GSSAPI and/or Kerberos through Basic (you should
protect it with SSL)
Markus
Victor Sudakov [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Smellyfrog wrote:
I have a linux (Fedore core 4) web server running Apache (2.0) with
mod_auth_kerb and Tomcat.
On Thursday 12 January 2006 17:06, Smellyfrog wrote:
My problem: IE (And Firecfox, but if could at least get IE to work that
would be a start) keeps poping the logon window.
Please
1. send the relevant part from Apache errorlog
2. Do a HEAD request to the location and send the HTTP-Headers
Smellyfrog wrote:
My problem: IE (And Firecfox, but if could at least get IE to work that
would be a start) keeps poping the logon window.
For IE, you need the server in the LocalIntranet zone. If it is
displayed as Internet, double-click that icon, and add the server
explicitly.
This is
13 matches
Mail list logo
