HTTP_AUTHORIZATION parsing fails under Apache with Kerberos #300

Open
moritzschepp opened this Issue Jan 27, 2012 · 0 comments

1 participant

@moritzschepp

The Apache Kerberos Module writes something like "Negotiate ..." to HTTP_AUTHORIZATION. When the rails Basic Auth mechanism tries to parse that field, it gets binary and passes it on to authlogic which in turn tries to lookup a user with that binary. this fails, of course.

I am not sure where to report this, because in rails you have to turn on basic auth specifically. The argument to report it here would be that I would not try to use basic auth together with kerberos. But authlogic enables it by default so the default configuration does not work out of the box.

I think a solution could be to check if the parsing went well before querying the database with the result.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment