neon svn linux + mod_auth_kerb
Alon Bar-Lev
alon.barlev at gmail.com
Mon Apr 28 15:43:27 EDT 2008
Hello,
I am trying to get neon to work with mod_auth_kerb.
The configuration works when the client is Windows (TortoiseSVN, neon
-0.26) accessing the server.
But when a client on Linux tries to access the server
(versions: subversion-1.4.6 neon-0.28.2 mit-krb5-1.6.3
mod_auth_kerb-5.3 apache-2.2.8)
I get mutual authentication error.
Removing the GSS_C_MUTUAL_FLAG flag from gss_init_sec_context makes it works.
So I am not sure it is neon issue, as it passes the information to gssapi.
The SPN of the server is HTTP/dns.name at DOMAIN
The KDC is Windows 2003 Domain Controller.
My keytab has:
host/name at DOMAIN
host/fqn.dns.name at DOMAIN
HTTP/name at DOMAIN
HTTP/fqn.dns.name at DOMAIN
I am accessing the server using full DNS name using https://fqn.dns.name.
I can see that the server returns negotiate header to the client, but
the gss_init_sec_context() fails.
I read a lot of issues people here had, but nobody discussed a mutual
authentication error.
Does anyone have this configuration working?
How can I debug the gssapi further? to see *WHY* the mutual
authentication fails?
How can I know which SPN is returned from the sever?
Thanks,
Alon Bar-Lev.
More information about the krbdev
mailing list