neon svn linux + mod_auth_kerb
alon.barlev at gmail.com
Mon Apr 28 15:43:27 EDT 2008
I am trying to get neon to work with mod_auth_kerb.
The configuration works when the client is Windows (TortoiseSVN, neon
-0.26) accessing the server.
But when a client on Linux tries to access the server
(versions: subversion-1.4.6 neon-0.28.2 mit-krb5-1.6.3
I get mutual authentication error.
Removing the GSS_C_MUTUAL_FLAG flag from gss_init_sec_context makes it works.
So I am not sure it is neon issue, as it passes the information to gssapi.
The SPN of the server is HTTP/dns.name at DOMAIN
The KDC is Windows 2003 Domain Controller.
My keytab has:
host/name at DOMAIN
host/fqn.dns.name at DOMAIN
HTTP/name at DOMAIN
HTTP/fqn.dns.name at DOMAIN
I am accessing the server using full DNS name using https://fqn.dns.name.
I can see that the server returns negotiate header to the client, but
the gss_init_sec_context() fails.
I read a lot of issues people here had, but nobody discussed a mutual
Does anyone have this configuration working?
How can I debug the gssapi further? to see *WHY* the mutual
How can I know which SPN is returned from the sever?
More information about the krbdev