Fedora2/Apache2 and Key Version Error
Scott Moseman
smoseman at novolink.net
Thu Aug 26 11:20:54 EDT 2004
We blew away all service accounts in AD (2003) and removed all of
the keytab files on the Fedora2 box. Re-created two accounts for
host and http, re-created two keytabs for host and http, and moved
them onto the Fedora2/Apache2 box.
We used kutil to put both tickets into the /etc/krb5.keytab file.
We used kinit and verified -my- account and both service accounts.
All of them authenticated just fine.
Using KerbTray, we do get the HTTP ticket from Apache2 now, but we
get: (Key version number for principal in key table is incorrect).
Thanks,
Scott Moseman
-----Original Message-----
From: Nebergall, Christopher [mailto:cneberg at sandia.gov]
Sent: Wednesday, August 25, 2004 3:52 PM
To: 'Scott Moseman'; kerberos at MIT.EDU
Subject: RE: Fedora2/Apache2 and Key Version Error
gss_accept_sec_context() failed: Miscellaneous failure
> (Key version number for principal in key table is incorrect)
The key in your keytab file does not match the key that the Active
Directory
has for the server principal or you have changed the key multiple times
recently IE is using an older version of the key which it will cache
till it
expires.
-Christopher
More information about the Kerberos
mailing list