I ran some tests on Kerberos and found out some strange behavior related to Firefox and Kerberos. I h开发者_如何学Cave a server running Apache + mod_auh_kerb which is configured to check kerberos credential when serving requests from clients. Kerberos authentication is performed and user without valid credentials are rejected. However, I do not understand the following:
Once the first request is made, a TGS is cached on the client in /tmp/krb5ccXXXX, but a network capture revealed that firefox request a TGS for every single connections. As my service ticket is cached then why isn't it re-used for other requests ? Every connections are as follows:
client = GET index.html => server
client <= 401 Auth required = server client = TGS-REQ => KDC ... client <= TGS-REP = KDC client = GET index.html + kerberos payload => server client <= 200 OK = serverThis is not a configuration issue as Konqueror perform as expected.
Any ideas ?
Thanks in advance.
PS: This is not such a big issue for GET requests but consider form-based uploads (POST) data should not be sent twice to the server !!
I don't think there is a problem. The files in /tmp/ mean the kerberos ticket is cached. Apache queries for auth with every request and does not apply any caching. Konqueror just is smart enough to do its own caching and responds automatically with the correct ticket.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论