Mod_auth_kerb and Windows XP SP2 issues
SriramG
sgopalan at etrade.com
Thu Apr 19 13:51:46 EDT 2007
I posted an issue with Kerberos authentication with XP when it renews the
ticket.
We tested it against IIS.
When the TGT expires and after renewal IE switches to NTLM (ethereal) even
on IIS.
But IIS accepts both Kerb and IIS authentication. So its not transparent.
Is this possible to do it in Apache too ? I am using apache 2.0.49.
I tried setting to multiple AuthType, but its always doing NTLM.
I am not exactly clear on how KrbAuthoritative works.
In apache, Is it possible to do a seamless failover to NTLM like what IIS
does ?
AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealms CORP.MYCOMPANY.COM
Krb5Keytab conf/keytab/lxdm14545keytab.1
KrbMethodK5Passwd on
KrbSaveCredentials on
KrbMethodNegotiate on
KrbAuthoritative off
KrbVerifyKDC off
KrbVerifyKDC off
KrbDelegateBasic off
AuthType NTLM
NTLMAuth on
NTLMAuthoritative off
NTLMDomain CORP
NTLMServer sfo1dc1
NTLMBackup atl1dc1
--
View this message in context: http://www.nabble.com/Mod_auth_kerb-and-Windows-XP-SP2-issues-tf3608732.html#a10083428
Sent from the Kerberos - General mailing list archive at Nabble.com.
More information about the Kerberos
mailing list