Mod_auth_kerb and Windows XP SP2 issues

SriramG sgopalan at etrade.com
Thu Apr 19 13:51:46 EDT 2007


I posted an issue with Kerberos authentication with XP when it renews the
ticket.

We tested it against IIS.
When the TGT expires and after renewal IE switches to NTLM (ethereal) even
on IIS.
But IIS accepts both Kerb and IIS authentication. So its not transparent. 

Is this possible to do it in Apache too ? I am using apache 2.0.49.
I tried setting to multiple AuthType, but its always doing NTLM.

I am not exactly clear on how KrbAuthoritative works. 

In apache, Is it possible to do a seamless failover to NTLM like what IIS
does ?

    AuthType  Kerberos
    AuthName "Kerberos Login"
    KrbAuthRealms CORP.MYCOMPANY.COM
    Krb5Keytab conf/keytab/lxdm14545keytab.1
    KrbMethodK5Passwd on
    KrbSaveCredentials on
    KrbMethodNegotiate on
    KrbAuthoritative off
    KrbVerifyKDC off
    KrbVerifyKDC off
    KrbDelegateBasic off

    AuthType NTLM
    NTLMAuth on
    NTLMAuthoritative off
    NTLMDomain CORP
    NTLMServer sfo1dc1
    NTLMBackup atl1dc1

-- 
View this message in context: http://www.nabble.com/Mod_auth_kerb-and-Windows-XP-SP2-issues-tf3608732.html#a10083428
Sent from the Kerberos - General mailing list archive at Nabble.com.




More information about the Kerberos mailing list