#18 Internet Explorer cannot display the webpage

[Olivier BOËL]

Hello,

First of all, congratulations for this great module!

I have successfully installed and configured it; however, when the user does not fill the requirement to access the resource, the module sends a header that IE does not "understand" (at least, this is what I figure it out from the "Internet Explorer cannot display the webpage" error message.
Here is a summary of the communications :
1. client requests a protected resource
2. Apache replies with a 401 status code and a header :
WWW-Authenticate: Negotiate
3. client provides a ticket
4. Apache identified the user
[Tue Dec 14 10:11:28 2010] [debug] src/mod_auth_kerb.c(1534): [client 136.173.12.116] kerb_authenticate_a_name_to_local_name oboel@EP.PARL.UNION.EU -> oboel
but it denies access to the resource
[Tue Dec 14 10:11:28 2010] [error] [client 136.173.12.116] access to /eici/ failed, reason: user 'oboel' does not meet 'require'ments for user/valid-user to be allowed access
Apache replies with a 401 status code and a header :
WWW-Authenticate: Negotiate oYGeMIGboAMKAQChCwYJKoZIhvcSAQICooGGBIGDYIGABgkqhkiG9xIBAgICAG9xMG+gAwIBBaEDAgEPomMwYaADAgEDoloEWO/si70SjPSGokfDuuzX8hS1CiMnBqmegFSM903+kKnpm2EDkxKcfBZgu4ztRxq4hAd0CVv2oXb+V0sUQ4mLr5nc7C0JtvaCfYmgtOTyI+77SQ2hsrFpD3w=
What is the purpose of this header?

Here is my configuration :
AuthType Kerberos
Krb5Keytab /local/products/revproxy/krb5/eicilb.keytab
Require user test
KrbLocalUserMapping on
KrbVerifyKDC off

Server version: Apache/2.2.15 (Unix)
MIT Kerberos 1.7
mod_auth_kerb 5.4

Could you please help?

TIA,

Olivier

[Olivier BOËL]

Confirmed with Apache 2.2.17