Apache with Kerberos (mod_auth_kerb) - dealing with unauthorized access & 401 log clutter

Question

I have set up an Apache server to use mod_auth_kerb. It authenticates users via Kerberos and the Negotiate protocol, allowing them entry to the site if they hold a valid Kerberos ticket. It works in that it properly authenticates users. There is a problem however: HTTP 401 response codes clutter the Apache log file. They're from the same IP address each time, so I know that a client attempts to access the page, receives a 401, then tries again and gets an HTTP 200 OK back on the second try. It looks like the user is unidentified in the first attempt, but identified properly in the second attempt.

1.2.3.4 - - [07/Jan/2014:12:29:16 -0500] "GET /my_url/ HTTP/1.1" 401 1005
1.2.3.4 - user@REALM.EXAMPLE.COM [07/Jan/2014:12:29:16 -0500] "GET /my_url/ HTTP/1.1" 200 1724

How can I find out what is causing these 401 unauthorized responses? I can't record it over Wireshark because the connection is encrypted with HTTPS and TLS. Chrome's Developer Tools is only showing HTTP 200 OK responses, but I know that 401s are being generated from the Apache server logs. Any thoughts?

Answer 1

This is how HTTP Authentication works. There is nothing you can do about it.