Apache mod_auth_kerb asking 2 authentication

Posted by Rianto Wahyudi on Server Fault See other posts from Server Fault or by Rianto Wahyudi
Published on 2010-01-07T00:45:04Z Indexed on 2010/03/18 1:01 UTC
Read the original article Hit count: 474

Filed under:
|
|
|
|

I've configured Apache to use mod_auth_kerberos. So far everything is working nicely for client thats connected to Active Directory and have their browser to ntlm enabled.

When clients are not in the domain or the browser configurerd not to authenticate automatically, they are being prompted by 2 login prompt.

The first login prompt is blank and the second one is the oen that we configured

First Login prompt: http://www.screencast.com/t/ZGNlZTQwZm
Second Login prompt : http://www.screencast.com/t/MDA2N2Fl

From the log ( first authentication) :

[Wed Jan 06 15:47:29 2010] [debug] src/mod_auth_kerb.c(1684): [client x.x.x.x] [pid 2562] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos

In the first loging prompt , I can put any text for username and password. Once the first login form submited, it will ask for the 2nd login prompt.

Apache have following config :

<Directory /web/apache2/htdocs>
    AllowOverride All
    AuthType Kerberos
    AuthName "Staff Access ONLY Kerb-Auth"
    KrbAuthRealms EXAMPLE.COM
    Krb5Keytab /etc/httpd/conf.d/example.ktab
    Allow from localhost
    Require valid-user
<Directory>

What could be the cause of the first authentication and how can I get rid of them ?

© Server Fault or respective owner

Related posts about apache

Related posts about modules