Problem to have mod_auth_kerb to work
Smellyfrog
yannick at smellyfrog.com
Thu Jan 12 11:06:49 EST 2006
Hi,
I have a linux (Fedore core 4) web server running Apache (2.0) with
mod_auth_kerb and Tomcat.
I want to implement a SSO for my web application.
I have setup my system according to some documentation I found on the
web:
http://www.grolmsnet.de/kerbtut/
So I have my account created on the KDC for the HTTP service. I have
check the ticket with kvno and it seems fine.
My problem: IE (And Firecfox, but if could at least get IE to work that
would be a start) keeps poping the logon window. After sniffing the
packets, I can see that the mode Basic authentication was sent back to
the web browser. So I changed my settings so that Basic is not sent
back. I was expecting Negoatiate then to be sent, but this is not the
case.
AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealms MY.REALM.COM
Krb5Keytab /etc/krb5.keytab
KrbDelegateBasic off
KrbMethodK5Passwd off
KrbMethodNegotiate on
require valid-user
I then hacked mod_auth_kerb code to send Negotiate, but despite this I
keep having a window popping up.
What am I doing wrong?
Any help would be greatly appreciated.
Thanks
Yannick
More information about the Kerberos
mailing list