[32464] in Kerberos
Re: gss_acquire_cred() failed
daemon@ATHENA.MIT.EDU (Nicolas Jaunet)
Wed Jun 16 02:35:59 2010
MIME-Version: 1.0
In-Reply-To: <m2bpbde82g.fsf@darwin.oankali.net>
Date: Wed, 16 Jun 2010 08:35:53 +0200
Message-ID: <AANLkTim_JPsLU3m2QeOZlfU6htexZX1qHgdJTUMN310h@mail.gmail.com>
From: Nicolas Jaunet <nicolas.jaunet@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Bonjour Vlad et Richard !
I follow your instructions but now, I have a new error in logs :
gss_accept_sec_context() failed: Invalid token was supplied (No error)
And my site returns a 401 error AUTHORIZATION REQUIRED.
What is missing ?
Thanks again.
Nicolas.
2010/6/14 Richard E. Silverman <res@qoxp.net>
> >>>>> "Vlad" == Vlad <vladistan@gmail.com> writes:
>
> Vlad> Nicolas, The reason you are getting this message is because the
> Vlad> mod_auth_kerb could not find the entry that matches your server
> Vlad> name in the keytab, you have to set it using KrbServiceName
> Vlad> directive like this:
>
>
> Vlad> KrbServiceName HTTP/domain..@DOMAIN.FR
>
> Or you can use "KrbServiceName Any", but this will only help if name
> services are configured such that clients will get matching tickets to
> begin with.
>
> Vlad> Vlad
>
>
>
> Vlad> On Jun 14, 5:04 am, Nicolas Jaunet <nicolas.jau...@gmail.com>
> wrote:
> >> Hi !
> >>
> >> I installed mod_auth_kerb on my debian server and create a keytab
> >> to authenticate thanks to kerberos on a web site with apache
> >> tomcat. I created a user in my kdc. To check I did that :
> >>
> >> debian-server# klist -k krb5.keytab Keytab name: FILE:krb5.keytab
> >> KVNO Principal ----
> >>
> --------------------------------------------------------------------------
> >> 3 HTTP/domain...@DOMAIN.FR
> >>
> >> And the file /etc/apache2/kerberos.conf :
> >>
> >> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on
> >> KrbVerifyKDC off KrbMethodK5Passwd off KrbAuthRealms DOMAIN.FR
> >> Krb5KeyTab /etc/apache2/krb5.keytab require valid-user
> >>
> >> When I try to connect my web site withhttp://domain.fr I have a 500
> >> Internal Server Error and the error.log file show me this error :
> >>
> >> gss_acquire_cred() failed: Unspecified GSS failure. Minor code may
> >> provide more information (No principal in keytab matches desired
> >> name)
> >>
> >> Someone can help me ? Thanks.
>
>
> --
> Richard Silverman
> res@qoxp.net
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
