On Wed, Nov 19, 2008 at 09:37:22PM +0100, Paul Windey wrote: > Hi, > > When I use test.py in PyKerberos > against an original Mac OS X Server running caldav it seems to works > fine. (port 8008 , directory /principals/) > However if I run it against the Apache 2 server shipped with OS X Server > 10.5 (port 80 or 443 ; directory /some-protected-realm/) > and a realm protected with Kerberos it fails miserably, resulting in I've run pykerberos against mod-auth-kerb which works.
> *** Running HTTP test > Second HTTP request did not result in a 2xx response: 401 That's unauthorized. Could you try: http://honk.sigxcpu.org/projects/pykerberos/test-http.py as ./test-http.py --debug <url>. This will show you the http headers returned and possibly give some info. > and a web server error > mod_spnego_apple: Cannot get SPNEGO handle from token: -9 > binaryTokenLen=595, base64Len=598 > > So it seems that PyKerberos authenticates fine against the python server > behind caldav but NOT > against the stock apple spnego module shipped with the server. > > Is this the expected behavior or a flagrant bug ? It's a bug. We should handle spnego properly but it's not necessarily a bug in pykerberos. It could be the server side as well as the kerberos library on your system - hard to say. > > This test was prompted by efforts of Tim Olsen who wrote a kerberos > authetication extension > for mercurial (hg revision control software) to help me use it on a Mac > Os X server. Can you use mod-auth-kerb instead of mod-spnego-apple? Sorry if this is not very helpful, -- Guido _______________________________________________ calendarserver-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-dev
