Hi, i want to migrate from mod_auth_kerb to mod_auth_gssapi.
config of the old system: =============== Apache 2 (Linux), mod_auth_kerb, Mantis IT web plattform configured with basic auth in the config.php Apache config for the directory entry of the mantis plattform: AuthName bla AuthType Kerberos KrbAuthRealms REALM KrbMethodNegotiate On KrbServiceName HTTP KrbLocalUserMapping On Require valid-user behavior of the old system: ================ 1. Request the web plattform (on Firefox and Linux) 2. a user/password window pops up (like on basic auth. Its equal if iam in the realm with a tgt or ouside the realm without tgt the popup appears in both situations) and i enter my username / password from the kerberos realm principal. So for my comprehension the basic auth takes the user/pass from the popup window and validates it against the KDC (MIT on Linux). 3. login successfull on the webplattform config of the new system: =============== Apache 2.4 (Linux), mod_auth_gssapi, Mantis IT web plattform configured with basic auth in the config.php (same as on the old system) Apache config for the directory entry of the mantis plattform: AuthType GSSAPI AuthName "GSSAPI Single Sign On Login" GssapiBasicAuth On GssapiLocalName on GssapiCredStore keytab:/etc/httpd/http.keytab Require valid-user behavior of the new system: ================= 1. Request the web plattform (on Firefox and Linux) 2. NO username/password window shows up 2. the webplattform tells me that the username is invalid The login should also (like on the old system) be possible from a client outside the kerberos realm, so a username/password popup should appear. I thought this is possible because the GssapiBasicAuth is On. So how i could debug/solve this issue ? Is the expected behavior possible with mod_auth_gssapi ? regards, Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos