krb5 Apache and navigators

Jean-Christophe Gay jean-christophe.gay at dauphine.fr
Mon Sep 2 05:05:13 EDT 2013


Hi,

we have a little apache server linked to a KDC. This webserver display
one web site (krb5test) with a single "Hello World" page. We add the
following .htaccess in the krb5test directory :
AuthName "Kerberos Login"
AuthType Kerberos

KrbMethodNegotiate on
KrbMethodK5Passwd off

KrbAuthoritative on
KrbAuthRealms EXAMPLE.COM
KrbVerifyKDC on
KrbServiceName HTTP/web.example.com at EXAMPLE.COM
Krb5KeyTab /etc/http.keytab
KrbSaveCredentials off


require valid-user


KDC and keytabs are well configured and if user got a TGT everything is
working as intended. The problem is when a user do not have a ticket.
Using some navigators on some OS, a popup windows arise and ask for
credentials, then do nothing with them and then display the error page.

We'd like to get rid of that popup windows, is that possible ?

system : REHL 6
mod_auth_kerb installed, active and loaded

Thanks for any help,
-- 
Jean-Christophe Gay -- Université Paris Dauphine
Responsable de la Sécurité des Systèmes d'Information
Tel : 01 44 05 45 04
jean-christophe.gay at dauphine.fr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20130902/48335cba/attachment.bin


More information about the Kerberos mailing list