Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
[dev.icinga.com #10506] HTTP basic auth request is sent when using Kerberos authentication with Apache2 and mod_php #2116
This issue has been migrated from Redmine: https://dev.icinga.com/issues/10506
Created by julianbrost on 2015-10-31 17:06:31 +00:00
The authHttp() method in library/Icinga/Authentication/Auth.php causes Icinga Web 2 to send HTTP basic auth requests when the user was already successfully authenticated by the webserver via Kerberos as it can be seen in the following curl output:
Notice this header which is sent by
This makes Icinga Web 2 completely unusable as I don't know any browser that handles this properly (Firefox will just send requests in an endless loop) and even if, there are no valid login credentials for this request. Icinga Web 2 was not yet configured at that point.
Configuration for Apache (it's basically the configuration from the debmon.org icingaweb2 package with some additional lines for Kerberos):
Replacing the code of
Unfortunately reproducing this isn't simple, as it needs a working Kerberos realm, but it should be possible to solve this issue only with the curl output above. I can also test patches if needed.
2016-02-15 09:39:18 +00:00 by aklimov 4c97fb7
Updated by julianbrost on 2015-11-03 13:26:20 +00:00
Just checked again after configuring Web 2: Now it works without any modifications to the source code,