You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Joe Orton <jo...@manyfish.co.uk> on 2005/07/22 10:30:06 UTC
Re: [neon] Re: neon, SSPI, and mod_auth_kerb
On Thu, Jul 14, 2005 at 10:53:07PM -0500, Christopher Mason wrote:
> >[Thu Jul 14 16:37:52 2005] [error] [client 172.23.155.51]
> >gss_accept_sec_context() failed: Miscellaneous failure (Wrong
> >principal in request)
>
> This issue (neon SSPI doesn't expand host names in SPNs) still
> exists. The work around is to use the FQDN, but I think the fix is a
> pretty short patch. I'll see if I can code this up tomorrow.
There is some discussion of this issue in the neon list archive; the
issue is AIUI that mod_auth_kerb *does* canonicalize the hostname but
neon does not. neon doesn't canonicalize the server hostname in general
because doing so would break name-based vhosting; I guess it could do so
solely for use in the Kerberos principal, but that seems a bit dubious.
joe
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org