[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: problem authenticating with mod_auth_kerb


it suddenly started to work. To suddenly is because I don't really know
what teh difference is ... with the former, non-working/slow case. It
always worked, but it was slow. Not it's back to it's previous speed,
although the repository-browsing using tortoise (with basic authentication
of mod_auth_kerb) is slow. The other operations of tortoise are ok.

The repository-browsing using spnego and trac's build-in
subversion-browser is very fast in comparison to tortoise. The 4.x version
of tortoise should have spnego enabled I think.

Thank you for your help,



> On Tuesday 22 August 2006 14:11, michel.brabants@euphonynet.be wrote:
>> I checked the HTTP-account on the backup-server and I saw that is didn't
>> have "trust account for delegation" checked, whioch should be as far as
>> I
>> remembered . don't knwo where I got this from, but an it be  that the
>> delegation is needed to spnego to work?
> "Delegation" is used to configure TGT-forwarding, but not necessary
> to do authentication.

Thank you ofr his information.
>> Now the problem: The subversion-utilities can't use spnego yet (or it si
>> disbaled for the moment), so basic authentication of mod_auth_kerb is
>> used. However, when basic authentication is used, I see the following in
>> the logs:
> Can you check step by step my tutorial
> <http://www.grolmsnet.de/kerbtut/>
> and describe what steps work, what steps fail?

I followed you turotial when I first set it up. thank you for this
information. I would like to add 1 thing to your tutorial ( I had to do
it, else ti didn't work). After the creating of the dummy user for the
service in zindows 2003 (and after creating the ktab-file), a name-mapping
to the HTTP-name should still be made, else this mapping doesn't exist.

You can find more information about creating the mapping at teh following
Search for "To create a mapping".

> A specialized mod_auth_kerb Mailingslist
> modauthkerb-help@lists.sourceforge.net is available at
> <http://sourceforge.net/mail/?group_id=51775>
>>krb5_rd_req() failed when verifying KDC
>>failed to verify krb5 credentials: Key table entry not found
> Does your keytab contain the webservers's principal?

Yes, it does.

> BTW: I never used neon <http://www.webdav.org/neon/>, but I thought
> it is able to do GSSAPI.
> What is the problem with neon?
> Achim