Kerberos and apache problem

nightolo nightolo at gmail.com
Wed Dec 1 15:35:07 EST 2004


Hi all,
we got a problem during a setup with apache; we have got a domain
controller with active directory (windows 2003 server) and kerberos
authentication but, *first problem*, when we log onto domain it
doesn't release any ticket (we check this problem with krbtray
application and klist.exe).

By the way another is the real problem: we installed an apache 2.0 and
last version of mod_auth_kerberos compiled following guidelines of
author's homepage. The aim is to get a single sign-on authentication (
unf =|  ); it should be possible to authenticate on apache with
KerberosV5 authentication and store credentials and ticket while
windows session ends.

I configured all of these stuff but when I tried to log on with apache
with Basic Authentication I got "gss_acquire_cred() failed:
Miscellaneous failure (No principal in keytab matches desired name)"
in error.log.

Yes, Basic Authentication, I'm not mistaken; I read the fine manual
and I found that browser authenticate itself with apache Basic
Authentication and, after this passage, Apache authenticate this user
with KDC and, get the ticket.

I got a trouble in my mind because I turn on KrbMethodNegotiate On
(the real kerberos sign-on authentication) but, as README says, apache
don't talk with KDC. Is it correct?

By the way, here have anyone done a setup with a similar enviroment?

I appreciate any feedback, thanks in advance

nightolo.


More information about the Kerberos mailing list