[30391] in Kerberos
Re: No principal in keytab
daemon@ATHENA.MIT.EDU (Michael B Allen)
Thu Oct 30 11:58:55 2008
Message-ID: <78c6bd860810300857v4a46e9e2m6f40021a8c57f0e0@mail.gmail.com>
Date: Thu, 30 Oct 2008 11:57:48 -0400
From: "Michael B Allen" <ioplex@gmail.com>
To: yabadi@checkpoint.com
In-Reply-To: <011d01c93a9e$723528a0$7b2e1dc2@ad.checkpoint.com>
MIME-Version: 1.0
Content-Disposition: inline
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Thu, Oct 30, 2008 at 10:47 AM, yuval <yabadi@checkpoint.com> wrote:
> Hi
>
>
>
> I try to authenticate web server clients on Linux apache.
>
>
>
> I have keytab from win2003 and kinit pass OK.
>
>
>
> Klist show valid principal.
>
> [Expert@fluid]# klist
>
> Ticket cache: FILE:/tmp/krb5cc_0
>
> Default principal:
> HTTP/fluid.w2003ex.qa.checkpoint.com@W2003EX.QA.CHECKPOINT.COM
>
>
>
> Valid starting Expires Service principal
>
> 10/30/08 14:50:28 10/31/08 00:50:46
> krbtgt/W2003EX.QA.CHECKPOINT.COM@W2003EX.QA.CHECKPOINT.COM
>
> renew until 10/31/08 14:50:28
>
>
>
>
>
> Kerberos 4 ticket cache: /tmp/tkt0
>
> klist: You have no tickets cached
>
>
>
>
>
> but I got gss error "No principal in keytab matches desired name"
What is the URL you are using the address bar of the browser? The
hostname in the URL must match the hostname in the principal name in
the keytab file exactly. For example, if you use an IP address to
visit the website, you will get the aforementioned error.
List the contents of the keytab file with ktutil.
Are you sure the keytab file is being successfully ready by Apache?
Mike
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
