[30635] in Kerberos
mod_auth_kerb: gss_accept_sec_context() failed
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Michael_Str=F6der?=)
Fri Jan 16 15:30:26 2009
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
Date: Fri, 16 Jan 2009 20:58:25 +0100
Message-ID: <2g5746-jue.ln1@nb2.stroeder.com>
Mime-Version: 1.0
X-Complaints-To: usenet-abuse@t-online.de
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
HI!
I'm trying to test mod_auth_kerb-5.4 built with MIT libs 1.6.3 for
SPNEGO/Kerberos working with MS AD W2K3SP1. My ultimate goal is to
receive a forwardable ticket (env var KRB5CCNAME) and use that for LDAP
SASL/GSSAPI bind to AD. The service account in AD is AFAICS properly
initialized.
The web browser is Seamonkey and it already sends the
Authorization: Negotiate YIIE0AYGKwYBBQ[..]
in the HTTP request.
But it does not work. I don't get authorized HTTP access.
In Apache's error_log I find:
gss_accept_sec_context() failed: Unspecified GSS failure. Minor
code may provide more information (, Decrypt integrity check failed)
Any clue here? Many thanks in advance.
Ciao, Michael.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
