Bug 184573 - forces client to authenticate in a loop - update to 5.0rc7
Summary: forces client to authenticate in a loop - update to 5.0rc7
Alias: None
Product: Fedora
Classification: Fedora
Component: mod_auth_kerb (Show other bugs)
(Show other bugs)
Version: 5
Hardware: All Linux
Target Milestone: ---
Assignee: Joe Orton
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2006-03-09 22:07 UTC by Rudi Chiarito
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: 5.1-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-11-29 18:18:17 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Rudi Chiarito 2006-03-09 22:07:42 UTC
Description of problem:
Version 5.0RC7 was released the other week. It is supposed to solve the
following problem (from the 1.109 changelog):

Only reply with the Negotiate set if the gss_accept_sec_context returned data
for the client. Otherwise the client received an Negotiate header and tried to
authenticate using GSSAPI again and again, which is annoying when the user in
question pass the authentication but isn't authorized.

Comment 1 Joe Orton 2006-03-10 10:10:27 UTC
rc7 can go in as an FC5 update, it's too late for FC5 final now; but clients
should really cope with that correctly - what did you see this with, Firefox?

Comment 2 Rudi Chiarito 2006-03-11 05:28:34 UTC
FC5 has been postponed to the 20th, any chances this could still make it?

We saw this with Firefox. One of our users had restricted access to a directory.
Rebuilding manually the rpm with the rc7 sources made the problem go away for us. 

Comment 3 Rudi Chiarito 2006-09-19 12:16:54 UTC
In the meantime, 5.0 final and 5.1 have been released upstream. Can either of
the two releases make it for FC6?

Comment 4 Rudi Chiarito 2006-11-29 18:18:17 UTC
Now fixed in FC6. Thanks!

Note You need to log in before you can comment on or make changes to this bug.