Menu

#19 Wrong WWW-Authenticate headers when ErrorDocument 401 CGI

open
nobody
mod_auth_kerb (23)
5
2010-12-20
2010-12-20
Olivier BOËL
No

Hello,

Here is my problematic configuration :
<Location /eici>
AuthType Kerberos
Krb5Keytab /local/products/revproxy/krb5/eicilb.keytab
Require valid-user
AuthName "Restricted area"
ErrorDocument 401 /cgi-bin/printenv
</Location>
Server version: Apache/2.2.17 (Unix)
MIT Kerberos 1.7
mod_auth_kerb 5.4

In this case, the WWW_Authenticate headers are "merged" i.e.
WWW-Authenticate: Negotiate, Basic realm="Restricted area"
As a result, IE (7 & 8) does not try Kerberos or Basic authentication and displays the /cgi-bin/printenv page (NOK).

If ErrorDocument is set to a standard html document (ErrorDocument 401 /index.html), WWW_Authenticate headers are separated :
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm="Restricted area"
As a result, IE performs Kerberos authentication (OK).

Do you have any hint?

TIA,

Olivier

Discussion

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.