mod_auth_sspi gives 500 error on type1 token

[David Roussel]

Hi,

I've been using mod_auth_sspi for a few years with great success.  I'm currently on mod_auth_sspi 1.0.4 and apache 2.2.4.

I've just discovered that clients on Windows Server 2003 are unable to authenticate, while the same user on Windows XP can authenticate fine.  It seems something in Windows Server 2003 has broken mod_auth_sspi.

I've put more details here: http://serverfault.com/questions/411359/spnego-using-mod-auth-sspi-stopped-working-500-error

But basically my hunch is that the SPNEGO token is missing the hostname and domain name from the type 1 token, and this is causing mod_auth_sspi to fail. When I authenitcate successfully, the hostname and domain name are present.  When I get a failure, I look in the token and see the host name and domain name are not there.  From the same Windows Server 2003 machine, I can authenticate to Share Point on IIS, so MS thinks the token is valid, but mod_auth_sspi fails.

I tried "LogLevel debug" in the apache config, but didn't get any logging at all from a failed auth request.

My config and other details are in the post linked above.

Any ideas on how to fix this?

Thanks

David