[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: problem authenticating with mod_auth_kerb
it suddenly started to work. To suddenly is because I don't really know
what teh difference is ... with the former, non-working/slow case. It
always worked, but it was slow. Not it's back to it's previous speed,
although the repository-browsing using tortoise (with basic authentication
of mod_auth_kerb) is slow. The other operations of tortoise are ok.
The repository-browsing using spnego and trac's build-in
subversion-browser is very fast in comparison to tortoise. The 4.x version
of tortoise should have spnego enabled I think.
Thank you for your help,
> On Tuesday 22 August 2006 14:11, firstname.lastname@example.org wrote:
>> I checked the HTTP-account on the backup-server and I saw that is didn't
>> have "trust account for delegation" checked, whioch should be as far as
>> remembered . don't knwo where I got this from, but an it be that the
>> delegation is needed to spnego to work?
> "Delegation" is used to configure TGT-forwarding, but not necessary
> to do authentication.
Thank you ofr his information.
>> Now the problem: The subversion-utilities can't use spnego yet (or it si
>> disbaled for the moment), so basic authentication of mod_auth_kerb is
>> used. However, when basic authentication is used, I see the following in
>> the logs:
> Can you check step by step my tutorial
> and describe what steps work, what steps fail?
I followed you turotial when I first set it up. thank you for this
information. I would like to add 1 thing to your tutorial ( I had to do
it, else ti didn't work). After the creating of the dummy user for the
service in zindows 2003 (and after creating the ktab-file), a name-mapping
to the HTTP-name should still be made, else this mapping doesn't exist.
You can find more information about creating the mapping at teh following
Search for "To create a mapping".
> A specialized mod_auth_kerb Mailingslist
> email@example.com is available at
>>krb5_rd_req() failed when verifying KDC
>>failed to verify krb5 credentials: Key table entry not found
> Does your keytab contain the webservers's principal?
Yes, it does.
> BTW: I never used neon <http://www.webdav.org/neon/>, but I thought
> it is able to do GSSAPI.
> What is the problem with neon?