Re: Kerberos authentication in HTTP

[Jun Kuwamura <juk@rccm.co.jp>]

On Sun, 18 Aug 2002, Daniel Kouril wrote:

> On Thu, Aug 15, 2002 at 11:12:59PM +0900, Jun Kuwamura wrote:
> [...]
> >   Thanks, It worked!
> >   I just tested your gssapi authentication with DSO
> > version of mod_ahth_gssapi for apache-1.3.26+mod_ssl-2.8.10.
> > DSO was made by the following command.
> > 
> > --
> > .../apache/bin/apxs \
> >  -I/usr/include/openssl -I/usr/heimdal/include \
> >  -L/usr/heimdal/lib -lgssapi -lkafs -lkrb5 -lasn1 -lroken -lcrypto -lresolv \
> >  -o mod_auth_gssapi.so \
> >  -c mod_auth_gssapi.c
> > 
> > .../apache/bin/apxs -i -a -n gssapi_auth mod_auth_gssapi.so
> > --
> > 
> >   Sory, but I coulnot succeed with your mod_auth_kerb.
> > (I found "segment fault" in apache error_log.)
> > I eliminated Krb5* directives from your sample.
> 
> The implementation is very sensitive to the order in which the modules are
> called. The mod_auth_gssapi is always supposed to be called _before_ the
> kerberos one. If they are called in inverse order, the result is inpredicable
> (I have no idea if it's possible for apache to specify the order in which
> modules are invoked). Please could you try removing the Kerberos module at
> all and test if the GSS module still coredumps?

  Thanks. They worked.  mod_auth_gssapi _only_ worked
without Krb* directives with credential on client
machine.  Kerberos5 authenticaiton also succeeded
with  Krb* directives loading modules in correct order.

--
  Jun Kuwamura
 rC Cm
   ^
   ~