Integrated Windows Login: No principal in keytab matches desired name
Timo Fuchs
fuechsle at cs.tu-berlin.de
Tue Aug 17 04:05:28 EDT 2004
Hi,
I am trying to set up an integrated windows login scenario using apache
and mod_auth_gss_krb5 (http://modgssapache.sourceforge.net) according
to http://www.onlamp.com/pub/a/onlamp/2003/09/11/kerberos.html?page=1.
However, Apache cannot authenticate:
-- snip ---
gss_acquire_cred() failed: No principal in keytab matches desired name:
--- snap ---
- I have created a User and a Computer for the remote machine where
Apache is running (in the Active Directory)
- I have created a service principle for HTTP/apachehost at MYDOMAIN using
setspn.exe
- I have created the keytab using ktpass.exe and mapped the service
principle to the above user.
- I have added a forward and a reverse entry in the DNS running on the
ADS Server with the same name as used in the service principle.
The Apache host also uses this DNS.
- I have checked that both the w2k Server and the Apache server resolve
the host names correctly, forwards and backwards.
What else could be wrong? What more could I check?
Cheers,
Timo
More information about the Kerberos
mailing list