[Re: auth with apache]
Lukas Pataki
lukas at netskip.net
Mon Feb 13 06:40:30 EST 2006
Martin v. Löwis wrote:
> If you meant to say: "The HTTP server does not request a ticket".
> then I respond: of course not. In Kerberos, there is not
> any communication between the service and the KDC at all.
> Instead, the client is supposed to send the ticket to the server,
> and then the server uses the service ticket, plus its keytab
> entry, to validate the ticket.
>
> You should set the Apache DebugLevel to the highest value
> (is that "all"?),
nope => debug :)
allready done that:
[Sun Feb 12 22:02:37 2006] [debug] src/mod_auth_kerb.c(1322): [client
192.168.0.12] kerb_authenticate_user entered with user (NULL) and
auth_type KerberosV5
[Sun Feb 12 22:02:37 2006] [debug] src/mod_auth_kerb.c(879): [client
192.168.0.12] kerb_authenticate_user_krb5pwd ret=0
user=webuser at SERVER.LOCALDOMAIN authtype=Basic
[Sun Feb 12 22:02:37 2006] [debug] src/mod_auth_kerb.c(1322): [client
192.168.0.12] kerb_authenticate_user entered with user
webuser at SERVER.LOCALDOMAIN and auth_type KerberosV5
[Sun Feb 12 22:02:37 2006] [debug] src/mod_auth_kerb.c(1322): [client
192.168.0.12] kerb_authenticate_user entered with user
webuser at SERVER.LOCALDOMAIN and auth_type KerberosV5
any ideas ?
thanks
luke
More information about the Kerberos
mailing list