|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Message-ID: <4B4E2ECA.2000605@anl.gov> Date: Wed, 13 Jan 2010 14:36:26 -0600 From: "Douglas E. Engert" <deengert@anl.gov> MIME-Version: 1.0 To: Sylvain RICHET <akamanouche@gmail.com> In-Reply-To: <06408aba-1c99-4d57-b253-19f221277b0b@a15g2000yqm.googlegroups.com> Cc: kerberos@mit.edu Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kerberos-bounces@mit.edu Sylvain RICHET wrote: > Hi Douglas, > >> Have you tried Wireshark or other analyzer to see what might be going on? > Yes, a lot. > >> Do you have a krb5.conf file? > Yes of course, there is a krb5.conf file on client machine. > >> Does the web server support GSS? What is the server? > Apache/2.2.12 (Ubuntu), with mod_auth_kerb. > I suppose that, whether Apache2 can plug a kerberos module, then it > supports GSS ?... > >> Does the client have user credentials? (klist) > 1) The client have the keytab with the entry concerning the targeted > service. The client should *not* have the keytab, the web server has to have the keytab with an HTTP/fqdn.of.server@realm principal. > 2) The client user has credentials in KDC. On KDC server, kinit > (user) / klist commands show the user. What does klist on client show? The user on the client has to have have tickets, usually by kinit, login (pam_krb5) or ssh delegation. > >> Have you posted the problem on modauthkerb-h...@lists.sourceforge.net >> (I expect most of the people are on this list too.) > I subscribed last week, and I have already tried to... but i'm "read- > only" on that list > (how to get POST authorization ? i don't know...) > >> Since you built FireFox, what code did it use for the native-gsslib? >> Is it Java? > sorry, I don't understand what you mean because i do not have any > specific idea on how it works. I thought you said you complied FireFox. I was asking does FireFox use its own Kerberos libraries, of Java versions of Kerberos? > I just noticed there's an "negotiateauth" to enable... (if not yet > enable in Firefox Ubuntu version !) What "negotiateauth"??? Do you mean in the about:config page, one of the network.negotiate-auth.* options? Or is this something else? > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <DEEngert@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |