neon@webdav.org
[Top] [All Lists]

[neon] Win32 SSPI Negotiate authentication with virtual host / multi-hom

Subject: [neon] Win32 SSPI Negotiate authentication with virtual host / multi-homed
From: Yves Martin
Date: Tue, 03 Jul 2007 13:32:55 +0200
 Hello,

I have deployed Subversion DAV on Apache2 with mod_auth_kerb on a
multi-homed server.
In case of a Linux client, GSSAPI properly resolves server name and ask
for a "HTTP/main.domain.com" ticket to connect to
"https://vhost.domain.com/subversion/XXX";

In case of a Windows client, SSPI directly uses the SPN provided
"HTTP/vhost.domain.com" and authentication fails.

To fix this behavior, I would like to extend "ne_sspi_create_context" to
provide "HTTP/main.domain.com" as sspiContext->serverName 

My proposal:
1. DNS lookup of original serverName ("vhost.domain.com")
2. Reverse DNS each IP address returned by "ne_addr_resolve"
3. First result is used as SPN in "HTTP/main.domain.com"

What do you think about it ?
Best regards,
-- 
Yves Martin
_______________________________________________
neon mailing list
neon@xxxxxxxxxx
http://mailman.webdav.org/mailman/listinfo/neon

<Prev in Thread] Current Thread [Next in Thread>