Apache 2 mod_auth_kerb / mod_auth_gssapi
Simo Sorce
simo at redhat.com
Thu Mar 24 11:58:50 EDT 2016
On Thu, 2016-03-24 at 14:12 +0100, Andreas Ladanyi wrote:
> The login should also (like on the old system) be possible from a client
> outside the kerberos realm, so a username/password popup should appear.
If the basic auth header is received the browser will either show a
popup, or just send credentials if it had them previously cached.
> I thought this is possible because the GssapiBasicAuth is On.
GssapiBasicAuth On enables Basic Auth fallback indeed, but this option
is supported only starting with version 1.2.0, what version do you use ?
> So how i could debug/solve this issue ?
Check with developer tools if the browser is receiving a basic auth
header, if not check the apache error logs after raising debug level to
see if mod_auth_gssapi is logging any error.
Keep in mind that browsers will attempt negotiate auth in preference.
> Is the expected behavior possible with mod_auth_gssapi ?
Yes, it is the whole point of the basic auth fallback option.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Kerberos
mailing list