Hi, I'm setting up a service (web application) that is using Kerberos to authenticate users. I want to disable the replay cache for it but for some reason I can't.
The web app is served from the Nginx server built with 'spnego-http-auth-nginx-module' ( https://github.com/stnoonan/spnego-http-auth-nginx-module ) for handling Kerberos authentication. To be precise, I'm building a docker image with these: - Debian 10.1 - Nginx 1.17.4 - libkrb5-dev 1.17-3 Because of libkrb5-dev, I assume I'm using MIT Kerberos. According to the documentation it should suffice to set the environment variable KRB5RCACHETYPE=none, but it doesn't work. printenv shows that it is set, but the replay cache file is still created as /var/tmp/http_33. Thhe first request is fine, but the logs show that subsequent requests with the same ticket are causing gss_accept_sec_context() to fail with "Request is a replay". Now, I'm not sure if the problem is in MIT Kerberos, the Nginx module, or my lack of understanding, so I'm looking for any clues and clarifications. Thanks, Jakub Czuchnowski Scalac ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
