Auth problems Windows 2003 server & MIT kerberos5 1.3.3

[Karl Lattimer]

Hi, I'm trying to get my web server (apache 2 running on fedora core 2)
to authenticate web users in certain directories with a windows 2003
KDC.

I can authenticate thus;

[root at terrorbite conf]# kinit klattimer
Password for klattimer at KENT-MUSIC.COM:
[root at terrorbite conf]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: klattimer at KENT-MUSIC.COM
 
Valid starting     Expires            Service principal
08/06/04 16:23:46  08/07/04 02:23:50  krbtgt/KENT-MUSIC.COM at KENT-
MUSIC.COM
        renew until 08/07/04 16:23:46
 
 
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

But when I try and authenticate with a web browser it doesn't work.
Producing the error

krb5_verify_init_creds() failed: Key table entry not found

I have found that if i set 
KrbVerifyKDC Off

I can authenticate with a password, however the mod_auth_kerb
documentation states that this is insecure.

Also I am always presented with a login box no matter whether or not i
have KrbMethodNegotiate On or Off

I'm new to kerberos, actually new means 9am this morning. All i want is
for members of my AD to open a web browser and access a database without
being asked for a password while they are on site, off site they must
enter the username and password. 

I created my keytab like this;

C:\Program Files\Support Tools>ktpass -out httpd.keytab -princ
HTTP/terrorbite.kent-music.com at KENT-MUSIC.COM -mapuser terrorbite -
crypto DES-CBC-MD5 -pass hidden
Targeting domain controller: apollo.kent-music.com
Successfully mapped HTTP/terrorbite.kent-music.com to terrorbite.
Key created.
Output keytab to httpd.keytab:
Keytab version: 0x502
keysize 72 HTTP/terrorbite.kent-music.com at KENT-MUSIC.COM ptype 1
(KRB5_NT_PRINCIPAL) vno 3 etype 0x3 (DES-CBC-MD5) keylength 8
(0xc2abb5c2aef8831c)
Account terrorbite has been set for DES-only encryption.

Any help will be much appreciated

Thanks
Karl,