[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Kerberos authentication in HTTP
On Sun, 18 Aug 2002, Daniel Kouril wrote:
> On Thu, Aug 15, 2002 at 11:12:59PM +0900, Jun Kuwamura wrote:
> > Thanks, It worked!
> > I just tested your gssapi authentication with DSO
> > version of mod_ahth_gssapi for apache-1.3.26+mod_ssl-2.8.10.
> > DSO was made by the following command.
> > --
> > .../apache/bin/apxs \
> > -I/usr/include/openssl -I/usr/heimdal/include \
> > -L/usr/heimdal/lib -lgssapi -lkafs -lkrb5 -lasn1 -lroken -lcrypto -lresolv \
> > -o mod_auth_gssapi.so \
> > -c mod_auth_gssapi.c
> > .../apache/bin/apxs -i -a -n gssapi_auth mod_auth_gssapi.so
> > --
> > Sory, but I coulnot succeed with your mod_auth_kerb.
> > (I found "segment fault" in apache error_log.)
> > I eliminated Krb5* directives from your sample.
> The implementation is very sensitive to the order in which the modules are
> called. The mod_auth_gssapi is always supposed to be called _before_ the
> kerberos one. If they are called in inverse order, the result is inpredicable
> (I have no idea if it's possible for apache to specify the order in which
> modules are invoked). Please could you try removing the Kerberos module at
> all and test if the GSS module still coredumps?
Thanks. They worked. mod_auth_gssapi _only_ worked
without Krb* directives with credential on client
machine. Kerberos5 authenticaiton also succeeded
with Krb* directives loading modules in correct order.