[prev in list] [next in list] [prev in thread] [next in thread]
List: kerberos
Subject: WWW-Authenticate: Negotiate in Header
From: "Dirk Heimann" <dirk.heimann () westlotto ! com>
Date: 2011-08-16 9:37:26
Message-ID: 4E4A56760200003F00029DB0 () Mclp3_server ! wl
[Download RAW message or body]
Hi,
i have a problem with my SLES11SP1 Webserver. I want to use the Kerberos \
authentication for SingleSignOn between my Windows ADS, Windows Client and Linux \
Webserver. I have the /etc/krb5.conf configured and pushed the Kerberos Ticket from \
my Windows ADS on the Linux Webserver. I also protected my DocumentRoot with a \
.htaccess file. Now i want to access the webserver and get a 401 error message. In \
the http trace i can't see the entry "WWW-Authenticate: Negotiate" in the header. A \
look into a functioning server errorlog shows me the following: [Tue Aug 16 10:23:18 \
2011] [debug] src/mod_auth_kerb.c(1277): [client 10.43.2.33] Acquiring creds for \
HTTP@entintranet2.wl
[Tue Aug 16 10:23:18 2011] [debug] src/mod_auth_kerb.c(1424): [client 10.43.2.33] \
Verifying client data using KRB5 GSS-API
[Tue Aug 16 10:23:18 2011] [debug] src/mod_auth_kerb.c(1440): [client 10.43.2.33] \
Client didn't delegate us their credential
[Tue Aug 16 10:23:18 2011] [debug] src/mod_auth_kerb.c(1459): [client 10.43.2.33] \
GSS-API token of length 161 bytes will be sent back
[Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1667): [client 10.43.2.33] \
kerb_authenticate_user entered with user (NULL) and auth_type \
Kerberos
[Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1667): [client 10.43.2.33] \
kerb_authenticate_user entered with user (NULL) and auth_type \
Kerberos
[Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1277): [client 10.43.2.33] \
Acquiring creds for HTTP@entintranet2.wl
[Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1424): [client 10.43.2.33] \
Verifying client data using KRB5 GSS-API
[Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1440): [client 10.43.2.33] \
Client didn't delegate us their credential
[Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1459): [client 10.43.2.33] \
GSS-API token of length 161 bytes will be sent back
The errorlog of the faulty server is empty. Only in the access log I see one 401 \
messages:
10.43.2.33 - - [16/Aug/2011:10:47:12 +0200] "GET / HTTP/1.1" 401 1432 "-" \
"Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.18) Gecko/20110614 BTRS28059 \
Firefox/3.6.18"
It looks as if the Kerberos module is not used by the Apache.
Dirk
Westdeutsche Lotterie GmbH & Co. OHG | Sitz: Münster
Registergericht: Amtsgericht Münster
Handelsregister: Münster HRA 4379
Geschäftsführer: Theodor Goßner
Vorsitzender des Beirates: Michael Stölting
Gesellschafter:
Nordwestlotto in Nordrhein-Westfalen GmbH | Sitz: Münster
Registergericht: Amtsgericht Münster
Handelsregister: HRB 3840
Geschäftsführer: Theodor Goßner
NRW.BANK | Sitz: Düsseldorf und Münster
Rechtsform: Anstalt des öffentlichen Rechts
Registergerichte: Amtsgerichte Düsseldorf/Münster
Handelsregister: Düsseldorf HRA 15277/Münster HRA 5300
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic