Apache mod_auth_kerb asking 2 authentication
- by Rianto Wahyudi
I've configured Apache to use mod_auth_kerberos. So far everything is working nicely for client thats connected to Active Directory and have their browser to ntlm enabled.
When clients are not in the domain or the browser configurerd not to authenticate automatically, they are being prompted by 2 login prompt.
The first login prompt is blank and the second one is the oen that we configured
First Login prompt: http://www.screencast.com/t/ZGNlZTQwZm
Second Login prompt : http://www.screencast.com/t/MDA2N2Fl
From the log ( first authentication) :
[Wed Jan 06 15:47:29 2010] [debug] src/mod_auth_kerb.c(1684): [client x.x.x.x] [pid 2562] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
In the first loging prompt , I can put any text for username and password. Once the first login form submited, it will ask for the 2nd login prompt.
Apache have following config :
<Directory /web/apache2/htdocs>
AllowOverride All
AuthType Kerberos
AuthName "Staff Access ONLY Kerb-Auth"
KrbAuthRealms EXAMPLE.COM
Krb5Keytab /etc/httpd/conf.d/example.ktab
Allow from localhost
Require valid-user
<Directory>
What could be the cause of the first authentication and how can I get rid of them ?