On 03/24/2009 03:03 PM, Marco Ghidinelli wrote:
On Mon, Mar 23, 2009 at 07:10:51AM +0100, Guido Günther wrote:
On Tue, Mar 03, 2009 at 12:27:45PM +0100, Marco Ghidinelli wrote:
hello, anyone was able to use calendarserver on debian 5 with users from nssswitch and authentication via SPNEGO/Kerberos?
I followed the README.Debian, but with no results. To verify if NSS really works you can change:
[...]
in twistedcaldav/directory/nss.py. This will disable *all* authentication but the first/lastValUid etc checks will still be in place. Once this works we can try to work out why kerberos fails.
hello guido,
i changed the line above, but with or without the change the result is the same:
i always get an 2009-03-24 14:33:46+0100 [-] [caldav-8008] [NegotiateCredentialFactory] 'authGSSServerStep: Unspecified GSS failure. Minor code may provide more information(No error)'
so i changed the twistedcalendar/authkerb.py at about the line 231 to print the base64data associated to the failed request.
when i connect from internetexplorer i get an ntlm base64data, when i connect from firefox (from a kerberos authenticated linux machine) i get a long message, that i'll send you in a private mail.
from the firefox machine, i tried to export NSPR_LOG_MODULES=negotiateauth:5 export NSPR_LOG_FILE=/tmp/moz.log and i got those error messages: -1211647776[9878060]: using REQ_DELEGATE -1211647776[9878060]: service = muttley.domain.local -1211647776[9878060]: using negotiate-gss -1211647776[9878060]: entering nsAuthGSSAPI::nsAuthGSSAPI() -1211647776[9878060]: entering nsAuthGSSAPI::Init() -1211647776[9878060]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=negotiate] -1211647776[9878060]: entering nsAuthGSSAPI::GetNextToken() -1211647776[9878060]: leaving nsAuthGSSAPI::GetNextToken [rv=0] -1211647776[9878060]: Sending a token of length 1376 -1211647776[9878060]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=negotiate] -1211647776[9878060]: entering nsAuthGSSAPI::GetNextToken() -1211647776[9878060]: Cannot restart authentication sequence! but i don't know hot to use this informations.