Hello, You can use an older package called mod_auth_kerb. It is not recommended as mod_auth_gssapi much better but if you distro does not have it you might not have a choice.
Thanks Dmitri On Fri, Jul 13, 2018 at 8:25 PM, Jaap Winius <jwin...@umrk.nl> wrote: > > Quoting Dmitri Pal <d...@redhat.com>: > > It should not. The Kerberos authenticated users should just map to existing >> users. >> See mod_auth_gssapi for more details. >> https://github.com/modauthgssapi/mod_auth_gssapi/blob/master/README >> > > It's great to hear that a solution like this exists, but as my luck would > have it, mod_auth_gssapi, which is included in the Debian package > libapache2-mod-auth-gssapi, is not available for Debian wheezy, and this is > the OS that my MediaWiki server is still running on. So currently, if I > access the MediaWiki server directly, all is fine. But if I attempt to > access it through the proxy, the proxy's Apache error.log says: > > [Sat Jul 14 00:44:41.794483 2018] [access_compat:error] [pid 25847] > [client 72.85.26.20:39214] \ > AH01797: client denied by server configuration: proxy: > http://192.168.20.22/mediawiki > > While over on the backend MediaWiki server, the Apache error.log says: > > [Sat Jul 14 01:44:41 2018] [error] [client 185.57.111.47] > gss_accept_sec_context() failed: \ > Unspecified GSS failure. Minor code may provide more information (, ) > > It looks like this is where I could really use mod_auth_gssapi on the > backend, but alas. Might anyone know of a workaround, or another package > that I could use instead? > > Thanks, > > Jaap > > -- Thank you, Dmitri Pal Engineering Director, Identity Management and Platform Security Red Hat, Inc. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
