[29338] in Kerberos
Re: Kerberized Apache
daemon@ATHENA.MIT.EDU (Richard E. Silverman)
Wed Feb 20 16:45:15 2008
From: "Richard E. Silverman" <res@qoxp.net>
Date: Wed, 20 Feb 2008 16:41:13 -0500
Message-ID: <m2fxvn487a.fsf@darwin.oankali.net>
MIME-Version: 1.0
X-Complaints-To: abuse@speakeasy.net
X-DMCA-Complaints-To: abuse@speakeasy.net
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>>>>> "IL" == Ido Levy <IDOL@il.ibm.com> writes:
IL> kerberos-bounces@mit.edu wrote on 20/02/2008 03:38:09:
>> >
>> > Hello All,
>> >
>> > I am looking for a way to enable users to get access to their
>> space
IL> through
>> > the web browser. > I would like to integrate it with our
>> Kerberized SSO environment as
IL> well.
>> > I tried this module http://modauthkerb.sourceforge.net/ but I
>> have > encounter some issues:
>> >
>> > 1) I didn't succeed in configuring SSO
>> >
>> > For each access through the web browser I have been asked for
IL> user
>> > and password although > I already had a valid ticket
>>
>> Do you mean that you have a TGT, or that you acquired the necessary
>> HTTP service ticket?
IL> I referred to the TGT.
Then you have a basic problem: the browser is not trying or succeeding in
acquiring the service ticket. If you're using Firefox, you have to
explicitly turn on GSSAPI authentication by setting
network.negotiate-auth.trusted-uris. If this is turned on, trace the
Kerberos traffic (UDP/TCP port 88) and see what's happening.
>>
>> Take a look at the Apache error log; anything there from
>> mod_auth_kerb?>
IL> Nothing special here.
There won't be; since you have no service ticket, it can't try
ticket-based authentication.
>> > 2) The .htaccess file must be used to control access to each
>> directory.
>> >
>> > For each space I would like to give an access I have to create >
>> an .htaccess file and > add an entry in the apcahe configuration
>> file as well
>> >
>> > Does anyone have experience with this issue ? > Are there any
>> other Kerberos modules for apache that better suits my > needs ?
>>
>> -- Richard Silverman res@qoxp.net
>>
>> ________________________________________________ Kerberos mailing
>> list Kerberos@mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Richard Silverman
res@qoxp.net
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
