Quoting Dmitri Pal <d...@redhat.com>:
> It should not. The Kerberos authenticated users should just map to existing > users. > See mod_auth_gssapi for more details. > https://github.com/modauthgssapi/mod_auth_gssapi/blob/master/README It's great to hear that a solution like this exists, but as my luck would have it, mod_auth_gssapi, which is included in the Debian package libapache2-mod-auth-gssapi, is not available for Debian wheezy, and this is the OS that my MediaWiki server is still running on. So currently, if I access the MediaWiki server directly, all is fine. But if I attempt to access it through the proxy, the proxy's Apache error.log says: [Sat Jul 14 00:44:41.794483 2018] [access_compat:error] [pid 25847] [client 72.85.26.20:39214] \ AH01797: client denied by server configuration: proxy:http://192.168.20.22/mediawiki While over on the backend MediaWiki server, the Apache error.log says: [Sat Jul 14 01:44:41 2018] [error] [client 185.57.111.47] gss_accept_sec_context() failed: \ Unspecified GSS failure. Minor code may provide more information (, ) It looks like this is where I could really use mod_auth_gssapi on the backend, but alas. Might anyone know of a workaround, or another package that I could use instead? Thanks, Jaap ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
