Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Reduce Kerberos load for WebApp

    Kopano WebApp
    sso apache webapp kerberos
    1
    1
    243
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • sultansofswing
      sultansofswing last edited by

      Hello,

      Running Kopano 8.6.6 + WebApp 3.4.19 on Apache 2.4. The setup for SSO is completed, e.g. a browser on a joined client can use WebApp.

      WebApp is set up to run on https://<servername>/ using the Alias definition

      Alias / /usr/share/kopano-webapp/

      Some other namespaces (for instance z-push) are aliased before, no problem with them. But now every request into the webapp has to pass the Kerberos validation. For Firefox, this leads to a flood of “unauthenticated - 401 - authenticated - 200” request pairs, and occasionally a 401 is not followed by the 200. (While the app is initializing, there are around 50 such requests per one second). Usually the WebApp in Firefox is then missing some random things (icons etc.) or if a .js is missing it is spinning ‘loading’ forever. Pressing reload (sometimes multiple times) leads to success, WebApp is finally working.

      So my question: Are there some asset prefixes in the URL scheme that can safely be excluded from being handled by mod_auth_kerb? Or the other way round: what is the minimal amount of URLs that definitely MUST be protected by mod_auth_kerb?

      Thanks in advance for any ideas.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post