How To Install Modauthkerb For Windows

How To Install Modauthkerb For Windows

Home

How To Install Modauthkerb For Windows

Enable Kerberos Authentication to limit access on specific web pages. Users can authenticate via Windows Active Directory. Therefore it's necessarry to be running Windows Active Directory in your LAN.

You can subscribe to this list. If you're allowed in, then it works. If the LDAP check blocks you, then it works fine in Firefox on CentOS and MacOS. ('Works fine' means you get a 401 Authorization Required error.) With Safari 3 on MacOS 10.4.11 it seems to be an infinite loop. Anyone else run into anything like this?

Does it work with IE? I suppose I'll need to debug this a bit. Probably need Apple to fix something.

For

*bleah* ------------------------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@., or hbhotz@. The below error was caused by a bad configuration of mod_auth_kerb, not a Heimdal bug. Sorry about the noise. Doesn't explain the problem with mod_spnego, but it's not generic to Heimdal. Foto porezannie veni di.

On Nov 12, 2007, at 6:17 PM, Henry B. Hotz wrote: > Hmmm. Looks like I just hit something similar with mod_auth_kerb > and Heimdal 1.0.1 on Solaris 9, Apache 2.2. > >> [Mon Nov 12 18:] [info] Initial (No.1) HTTPS request >> received for child 1 (server redhotz.jpl.nasa.gov:443) >> [Mon Nov 12 18:] [debug] src/mod_auth_kerb.c(1572): >> [client 137.78.61.96] kerb_authenticate_user entered with user >> (NULL) and auth_type Kerberos >> [Mon Nov 12 18:] [debug] src/mod_auth_kerb.c(1194): >> [client 137.78.61.96] Acquiring creds for HTTP@. >> [Mon Nov 12 18:] [debug] src/mod_auth_kerb.c(1338): >> [client 137.78.61.96] Verifying client data using KRB5 GSS-API >> [Mon Nov 12 18:] [debug] src/mod_auth_kerb.c(1354): >> [client 137.78.61.96] Verification returned code 1 >> [Mon Nov 12 18:] [debug] src/mod_auth_kerb.c(1372): >> [client 137.78.61.96] GSS-API token of length 22 bytes will be >> sent back >> [Mon Nov 12 18:] [error] [client 137.78.61.96] >> gss_display_name() failed: An invalid name was supplied (unknown >> mech-code 0 for mech unknown) > > Have to look into this some more. > > On Nov 11, 2007, at 10:27 AM, Markus Moeller wrote: > >> Changing mod_spnego so that it returns data to the client when >> continuation >> is required I see the following reply showing heimdals(1.0.1) >> authentication reply (w.g.

How To Install Modauthkerb For Windows

Authentication is incomplete and the only >> supported mechanism is NTLM). On Nov 15, 2007, at 5:40 AM, Berkes Alexander wrote: > Hello, I am trying to configure apache to do sso (single sign on) > against our Windows kerberos. > > I installed apache and installed the mod_auth_kerb version from =20 > ubuntu (libapach2-mod-auth-kerb). > > Everything works fine if I try to authenticate as a user without =20 > german-umlauts in the username. There is intent to make everything UTF-8, but that's not yet the =20 case. Drajvera dlya kolonki defender spk 330 usb. If you want guaranteed interoperability among Kerberos =20 implementations then you should stick to ASCII. (I think this has =20 nothing to do with Apache, or even mod_auth_kerb.) > When I try to authenticate as a user who das german umlauts in =20 > username I get an error.

> On the linux side i get 'user unknown'. > > When I look at the windows logs I can see that f.e. For the user =20 > M=FCller > the '=FC' just vanishes. Like I would like to authenticate the user =20= > Mller > > After googling a while and reading a lot of howtos and rfcs I found =20= > out, > that kerberos doesn't like latin1 characters. It only 'understands' > ASCII and UTF-8 so I have to send the latin1 '=FC' utf-8 encoded. > > > I haven't looked at the source of the module itself so I don't =20 > really know if this is a module issue. > I also tried to set apaches default charset to UTF-8 (with the =20 > directive =3D> AddDefaultCharset UTF-8).

> > Still not working. > I then looked at the http headers between server and my browser. > > ----- from server ---------- > HTTP/1.1 401 Authorization Required > Date: Thu, 15 Nov 2007 13:27:35 GMT > Server: Apache > WWW-Authenticate: Negotiate > WWW-Authenticate: Basic realm=3D'Kerberos Login' > Content-Length: 401 > Connection: close > Content-Type: text/html; charset=3Diso-8859-1 > --------------------------------- > > > It is not hard to see, that the server sends in iso-8859-1 encoding =20= > and not in utf-8. > Therefor my browser sends back in latin1 of course and therefor the =20= > umlaut vanishes. > I don't know if the module is doing the charset=3D thing or if this =20= > is an apache issue. > as I told setting default charset didn't work, therefor I thought =20 > about writing to the mailinglist. > > > best regards.

2 Comments