Apache 2 mod_auth_kerb / mod_auth_gssapi
Andreas Ladanyi
andreas.ladanyi at kit.edu
Thu Mar 24 09:12:06 EDT 2016
Hi,
i want to migrate from mod_auth_kerb to mod_auth_gssapi.
config of the old system:
===============
Apache 2 (Linux), mod_auth_kerb, Mantis IT web plattform configured with
basic auth in the config.php
Apache config for the directory entry of the mantis plattform:
AuthName bla
AuthType Kerberos
KrbAuthRealms REALM
KrbMethodNegotiate On
KrbServiceName HTTP
KrbLocalUserMapping On
Require valid-user
behavior of the old system:
================
1. Request the web plattform (on Firefox and Linux)
2. a user/password window pops up (like on basic auth. Its equal if iam
in the realm with a tgt or ouside the realm without tgt the popup
appears in both situations) and i enter my username / password from the
kerberos realm principal. So for my comprehension the basic auth takes
the user/pass from the popup window and validates it against the KDC
(MIT on Linux).
3. login successfull on the webplattform
config of the new system:
===============
Apache 2.4 (Linux), mod_auth_gssapi, Mantis IT web plattform configured
with basic auth in the config.php (same as on the old system)
Apache config for the directory entry of the mantis plattform:
AuthType GSSAPI
AuthName "GSSAPI Single Sign On Login"
GssapiBasicAuth On
GssapiLocalName on
GssapiCredStore keytab:/etc/httpd/http.keytab
Require valid-user
behavior of the new system:
=================
1. Request the web plattform (on Firefox and Linux)
2. NO username/password window shows up
2. the webplattform tells me that the username is invalid
The login should also (like on the old system) be possible from a client
outside the kerberos realm, so a username/password popup should appear.
I thought this is possible because the GssapiBasicAuth is On. So how i
could debug/solve this issue ? Is the expected behavior possible with
mod_auth_gssapi ?
regards,
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5326 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20160324/07b2a192/attachment-0001.bin
More information about the Kerberos
mailing list