headers
Mark Yalenti | 11 Jan 2007 22:44
Picon
Favicon

mod_auth_kerb ... credentials????

Hey all,

Here is my latest problem with mod_auth_kerb....

[Thu Jan 11 16:34:06 2007] [error] [client 10.2.10.75] gss_acquire_cred()
failed: No credentials were supplied, or the credentials were unavailable or
inaccessible

I've verified that the keytab works fine...

# kinit -V -k -t /usr/home/myalenti/marksolwww2.keytab
HTTP/marksol.toll-kerberos.com
Authenticated to Kerberos v5

Apache conf is as follows....

KrbAuthRealms TOLL-KERBEROS.com
AuthName "Kerberos Login"
KrbServiceName HTTP/marksol.toll-kerberos.com  (also tried to use just HTTP,
same error)
Krb5Keytab /usr/home/myalenti/marksolwww2.keytab
KrbMethodK5Passwd Off
KrbMethodNegotiate on
Require valid-user

krb5.conf is as follows.
[libdefaults]
        default_realm = TOLL-KERBEROS.COM
        default_tkt_enctypes = des-cbc-md5
        default_tgs_enctypes = des-cbc-md5
        default_keytab_name = /usr/home/myalenti/marksol.keytab

[realms]
        TOLL-KERBEROS.COM = {
                kdc = br-kerb.toll-kerberos.com
                admin_server = br-kerb.toll-kerberos.com
        }

[domain_realm]
        br-kerb.toll-kerberos.com = TOLL-KERBEROS.COM
        .br-kerb.toll-kerberos.com = TOLL-KERBEROS.COM
        .toll-kerberos.com = TOLL-KERBEROS.COM
        .marksol.toll-kerberos.com = TOLL-KERBEROS.COM
        marksol.toll-kerberos.com = TOLL-KERBEROS.COM
        toll-kerberos.com = TOLL-KERBEROS.COM

[logging]
        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/krb5/kdc.log
"/etc/krb5.conf" 23 lines, 651 characters

Keytab contents is as follows...

ktutil:  rkt /usr/home/myalenti/marksolwww2.keytab
ktutil:  l
slot KVNO Principal
---- ----
---------------------------------------------------------------------
   1    5 HTTP/marksol.toll-kerberos.com <at> TOLL-KERBEROS.COM
ktutil:

Can anyone tell me where the heck i'm going wrong?!!!

KDC is a Windows 2003, but as you can see the keytab it puts out works just
fine...

Thanks!

Mark

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Permalink | Reply |

Gmane