[Re: auth with apache]

Lukas Pataki lukas at netskip.net
Mon Feb 13 06:40:30 EST 2006


Martin v. Löwis wrote:

> If you meant to say: "The HTTP server does not request a ticket".
> then I respond: of course not. In Kerberos, there is not
> any communication between the service and the KDC at all.
> Instead, the client is supposed to send the ticket to the server,
> and then the server uses the service ticket, plus its keytab
> entry, to validate the ticket.
> 
> You should set the Apache DebugLevel to the highest value
> (is that "all"?), 
nope => debug :)

allready done that:

[Sun Feb 12 22:02:37 2006] [debug] src/mod_auth_kerb.c(1322): [client
192.168.0.12] kerb_authenticate_user entered with user (NULL) and
auth_type KerberosV5
[Sun Feb 12 22:02:37 2006] [debug] src/mod_auth_kerb.c(879): [client
192.168.0.12] kerb_authenticate_user_krb5pwd ret=0
user=webuser at SERVER.LOCALDOMAIN authtype=Basic
[Sun Feb 12 22:02:37 2006] [debug] src/mod_auth_kerb.c(1322): [client
192.168.0.12] kerb_authenticate_user entered with user
webuser at SERVER.LOCALDOMAIN and auth_type KerberosV5
[Sun Feb 12 22:02:37 2006] [debug] src/mod_auth_kerb.c(1322): [client
192.168.0.12] kerb_authenticate_user entered with user
webuser at SERVER.LOCALDOMAIN and auth_type KerberosV5



any ideas ?

thanks
luke




More information about the Kerberos mailing list