[32461] in Kerberos
Re: gss_acquire_cred() failed
daemon@ATHENA.MIT.EDU (Richard E. Silverman)
Mon Jun 14 16:01:57 2010
From: "Richard E. Silverman" <res@qoxp.net>
Message-ID: <m2bpbde82g.fsf@darwin.oankali.net>
MIME-Version: 1.0
X-Complaints-To: abuse@thundernews.com
Date: Mon, 14 Jun 2010 15:19:03 -0400
To: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
>>>>> "Vlad" == Vlad <vladistan@gmail.com> writes:
Vlad> Nicolas, The reason you are getting this message is because the Vlad> mod_auth_kerb could not find the entry that matches your server Vlad> name in the keytab, you have to set it using KrbServiceName Vlad> directive like this:
Vlad> KrbServiceName HTTP/domain..@DOMAIN.FR
Or you can use "KrbServiceName Any", but this will only help if nameservices are configured such that clients will get matching tickets tobegin with.
Vlad> Vlad
Vlad> On Jun 14, 5:04 am, Nicolas Jaunet <nicolas.jau...@gmail.com> wrote: >> Hi ! >> >> I installed mod_auth_kerb on my debian server and create a keytab >> to authenticate thanks to kerberos on a web site with apache >> tomcat. I created a user in my kdc. To check I did that : >> >> debian-server# klist -k krb5.keytab Keytab name: FILE:krb5.keytab >> KVNO Principal ---- >> -------------------------------------------------------------------------- >> 3 HTTP/domain...@DOMAIN.FR >> >> And the file /etc/apache2/kerberos.conf : >> >> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on >> KrbVerifyKDC off KrbMethodK5Passwd off KrbAuthRealms DOMAIN.FR >> Krb5KeyTab /etc/apache2/krb5.keytab require valid-user >> >> When I try to connect my web site withhttp://domain.fr I have a 500 >> Internal Server Error and the error.log file show me this error : >> >> gss_acquire_cred() failed: Unspecified GSS failure. Minor code may >> provide more information (No principal in keytab matches desired >> name) >> >> Someone can help me ? Thanks.
-- Richard Silverman res@qoxp.net
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
