No to try and rain on your parade but...

Wouldn't it be easier to use the standard mod_auth_kerb lib and write an
apple only directory service apache module (if it doesn't already
exist), and set up the auth kerb as non-authoritative?


On Mon, 2008-01-21 at 10:55 -0700, Nathan Mellis wrote:
> Greetings!
> I am writing a module for Apache that does Kerberos authentication as
> well as providing Basic authentication as a fallback and authorization
> via Apple's Directory Services. I have followed both Apple's sample
> code and the code from mod_auth_kerb and think I've got my mind
> wrapped around the whole process. I am running into a problem though
> where gss_accept_sec_context will sometimes return properly and let
> everything go through. Other times it will return with a major error
> of "851968" (Unexpected error) and a minor error of "0" (No error).
> Needless to say, this has me somewhat stumped. Does anyone know where
> else I can look to see what exactly it is not liking on the times that
> it fails?
> Thanks in advance!
> Nathan Mellis
> Application Developer
> Mission Aviation Fellowship
> ________________________________________________
> Kerberos mailing list