Updated mod_auth_kerb packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
The mod_auth_kerb packages provide a module for the Apache HTTP Server designed to provide Kerberos authentication over HTTP. The module supports the Negotiate authentication method, which performs full Kerberos authentication based on ticket exchanges.
- This update adds the missing description of the "KrbLocalUserMapping" option to the README file.
- Previously, the mod_auth_kerb module was not compatible with the way certain browsers, such as Mozilla Firefox, handled an expired Kerberos ticket. As a consequence, opening a Kerberos-protected page in these browsers with an expired Kerberos ticket caused mod_auth_kerb to fail. With this update, the error in mod_auth_kerb has been addressed and the mentioned problem no longer occurs.
- Due to a bug in the underlying source code, when the "S4U2Proxy" extension was configured, the mod_auth_kerb module did not renew tickets that were not valid yet. This update applies a patch to fix this bug and the tickets are now correctly renewed as expected.
Users of mod_auth_kerb are advised to upgrade to these updated packages, which fix these bugs.