[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [neon] Re: neon, SSPI, and mod_auth_kerb

From: Joe Orton <joe_at_manyfish.co.uk>
Date: 2005-07-22 12:30:06 CEST

On Thu, Jul 14, 2005 at 10:53:07PM -0500, Christopher Mason wrote:
> >[Thu Jul 14 16:37:52 2005] [error] [client 172.23.155.51]
> >gss_accept_sec_context() failed: Miscellaneous failure (Wrong
> >principal in request)
>
> This issue (neon SSPI doesn't expand host names in SPNs) still
> exists. The work around is to use the FQDN, but I think the fix is a
> pretty short patch. I'll see if I can code this up tomorrow.

There is some discussion of this issue in the neon list archive; the
issue is AIUI that mod_auth_kerb *does* canonicalize the hostname but
neon does not. neon doesn't canonicalize the server hostname in general
because doing so would break name-based vhosting; I guess it could do so
solely for use in the Kerberos principal, but that seems a bit dubious.

joe

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jul 22 12:34:35 2005

This is an archived mail posted to the Subversion Users mailing list.