unsubscribe

Wed, 17 Aug 2011 18:27:12 -0700 


-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of 
[email protected]
Sent: Wednesday, August 17, 2011 9:11 AM
To: [email protected]
Subject: EXT :Kerberos Digest, Vol 104, Issue 17

Send Kerberos mailing list submissions to
        [email protected]

To subscribe or unsubscribe via the World Wide Web, visit
        https://mailman.mit.edu/mailman/listinfo/kerberos
or, via email, send a message with subject or body 'help' to
        [email protected]

You can reach the person managing the list at
        [email protected]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Kerberos digest..."


Today's Topics:

   1. WWW-Authenticate: Negotiate in Header (Dirk Heimann)


----------------------------------------------------------------------

Message: 1
Date: Tue, 16 Aug 2011 11:37:26 +0200
From: "Dirk Heimann" <[email protected]>
Subject: WWW-Authenticate: Negotiate in Header
To: <[email protected]>
Message-ID: <4E4A56760200003F00029DB0@Mclp3_server.wl>
Content-Type: text/plain; charset="ISO-8859-1"

Hi,
i have a problem with my SLES11SP1 Webserver. I want to use the Kerberos 
authentication for SingleSignOn between my Windows ADS, Windows Client and 
Linux Webserver. I have the /etc/krb5.conf configured and pushed the Kerberos 
Ticket from my Windows ADS on the Linux Webserver. I also protected my 
DocumentRoot with a .htaccess file. Now i want to access the webserver and get 
a 401 error message. In the http trace i can't see the entry "WWW-Authenticate: 
Negotiate" in the header.
A look into a functioning server errorlog shows me the following:
 [Tue Aug 16 10:23:18 2011] [debug] src/mod_auth_kerb.c(1277): [client 
10.43.2.33] Acquiring creds for [email protected] 
[Tue Aug 16 10:23:18 2011] [debug] src/mod_auth_kerb.c(1424): [client 
10.43.2.33] Verifying client data using KRB5 GSS-API
[Tue Aug 16 10:23:18 2011] [debug] src/mod_auth_kerb.c(1440): [client 
10.43.2.33] Client didn't delegate us their credential
[Tue Aug 16 10:23:18 2011] [debug] src/mod_auth_kerb.c(1459): [client 
10.43.2.33] GSS-API token of length 161 bytes will be sent back
[Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1667): [client 
10.43.2.33] kerb_authenticate_user entered with user (NULL) and auth_type 
Kerberos
[Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1667): [client 
10.43.2.33] kerb_authenticate_user entered with user (NULL) and auth_type 
Kerberos
[Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1277): [client 
10.43.2.33] Acquiring creds for [email protected] 
[Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1424): [client 
10.43.2.33] Verifying client data using KRB5 GSS-API
[Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1440): [client 
10.43.2.33] Client didn't delegate us their credential
[Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1459): [client 
10.43.2.33] GSS-API token of length 161 bytes will be sent back

The errorlog of the faulty server is empty. Only in the access log I see one 
401 messages:
10.43.2.33 - - [16/Aug/2011:10:47:12 +0200] "GET / HTTP/1.1" 401 1432 "-" 
"Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.18) Gecko/20110614 
BTRS28059 Firefox/3.6.18"

It looks as if the Kerberos module is not used by the Apache.

Dirk



Westdeutsche Lotterie GmbH & Co. OHG | Sitz: M?nster
Registergericht: Amtsgericht M?nster 
Handelsregister: M?nster HRA 4379
Gesch?ftsf?hrer: Theodor Go?ner
Vorsitzender des Beirates: Michael St?lting

Gesellschafter:

Nordwestlotto in Nordrhein-Westfalen GmbH | Sitz: M?nster
Registergericht: Amtsgericht M?nster
Handelsregister: HRB 3840
Gesch?ftsf?hrer: Theodor Go?ner

NRW.BANK | Sitz: D?sseldorf und M?nster
Rechtsform: Anstalt des ?ffentlichen Rechts
Registergerichte: Amtsgerichte D?sseldorf/M?nster
Handelsregister: D?sseldorf HRA 15277/M?nster HRA 5300





------------------------------

_______________________________________________
Kerberos mailing list
[email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos


End of Kerberos Digest, Vol 104, Issue 17
*****************************************

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
  • unsubscribe Dao, Khanh (IS)
    • unsubscribe Dao, Khanh (IS)

Reply via email to