Problem to have mod_auth_kerb to work

Smellyfrog yannick at smellyfrog.com
Thu Jan 12 11:06:49 EST 2006


Hi,

I have a linux (Fedore core 4) web server running Apache (2.0) with
mod_auth_kerb and Tomcat.
I want to implement a SSO for my web application.

I have setup my system according to some documentation I found on the
web:
http://www.grolmsnet.de/kerbtut/

So I have my account created on the KDC for the HTTP service. I have
check the ticket with kvno and it seems fine.

My problem: IE (And Firecfox, but if could at least get IE to work that
would be a start) keeps poping the logon window. After sniffing the
packets, I can see that the mode Basic authentication was sent back to
the web browser. So I changed my settings so that Basic is not sent
back. I was expecting Negoatiate then to be sent, but this is not the
case.

  AuthType Kerberos
  AuthName "Kerberos Login"
  KrbAuthRealms MY.REALM.COM
  Krb5Keytab /etc/krb5.keytab
  KrbDelegateBasic off
  KrbMethodK5Passwd off
  KrbMethodNegotiate on
  require valid-user

I then hacked mod_auth_kerb code to send Negotiate, but despite this I
keep having a window popping up.
What am I doing wrong?
Any help would be greatly appreciated.

Thanks
Yannick




More information about the Kerberos mailing list