return HTTP_INTERNAL_SERVER_ERROR;
}
+ /* XXX misto buf vypisovat jmeno vracene z display_name() */
log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Acquiring creds for %s", buf);
major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE,
if (token->length == 0)
return GSS_S_DEFECTIVE_TOKEN;
- /* XXX if (token->value == NTLMSSP) log_debug("NTLM mechanism used"); */
-
p = token->value;
if (*p++ != 0x60)
return GSS_S_DEFECTIVE_TOKEN;
}
if (GSS_ERROR(major_status)) {
+ if (input_token.length > 7 && memcmp(input_token.value, "NTLMSSP", 7) == 0)
+ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.");
+
log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"%s", get_gss_error(r->pool, major_status, minor_status,
"gss_accept_sec_context() failed"));