Richard A Nelson <[EMAIL PROTECTED]> writes: > On Fri, 21 Dec 2007, Russ Allbery wrote:
>> Where is the realm coming from? I think that's the part that confused >> me. I was assuming that you were doing SPNEGO, since that would then >> authenticate as a fully-qualified principal, but if you're doing basic >> auth, how did mod_auth_kerb get a realm? Did you enter one in the >> browser? > > The basic problem is my companies choice of intranet authentication - > the user's email address (userid@<cc>.company.com) :( > > So every userid appears to be a Kerberos realm, but the only valid > realms are listed in the configuration file... everything else > even if resembling a realm, should be handed down to Basic auth where > either LDAP, or FILES will validate it (or not). Oh, okay. So you're typing in something that looks like a fully qualified principal and mod_auth_kerb is rejecting it rather than bailing on it even though you're telling it to do fall-through. Yeah, that sounds like a simple and fixable bug and not the case that I thought you were running into. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
