GSS_S_CONTINUE_NEEDED when doing Kerberos authentication?
JSoet
jordan.soet at ca.ibm.com
Thu Aug 25 20:07:23 EDT 2016
Hi, I'm implementing SPNEGO & Kerberos authentication in our application's
webserver code and have it working fine when the KDC is Active Directory.
I'm now testing it with an MIT KDC instance and when I attempt to
authenticate a user who has a ticket from that KDC I get a
GSS_S_CONTINUE_NEEDED status when I call gss_accept_sec_context...
My understanding was that this couldn't happen for kerberos authentication
though, and the GSS_S_CONTINUE_NEEDED is only for other potential
authentication types. For example, when I was investigating other
implementations the mod_auth_kerb module in the apache webserver and the
kerberos module for the flask webserver both ignore the possibility of
continuation and in the apache webserver it has this comment "This is a
_Kerberos_ module so multiple authentication rounds aren't supported. If we
wanted a generic GSS authentication we would have to do some magic with
exporting context etc."
I haven't tried to implement the continuation of the context yet, because it
will be a fair amount of work, so I thought I'd email the group to ask
whether it's likely that there is just a problem with my setup, or if I'm
mistaken and it is possible to get a continue_needed when working with
Kerberos?
Thanks,
Jordan
--
View this message in context: http://kerberos.996246.n3.nabble.com/GSS-S-CONTINUE-NEEDED-when-doing-Kerberos-authentication-tp45900.html
Sent from the Kerberos - General mailing list archive at Nabble.com.
More information about the Kerberos
mailing list