mod_auth_kerb: server not found in kerberos database
jan.peuker@lst-deutschland.de
jan.peuker at lst-deutschland.de
Sun Feb 20 07:22:49 EST 2005
Good morning all Kerberos-Users,
I am using krb5-1.4 on Red Hat EL-ES 3 (2.4.21-27.0.2.ELsmp). Kerberos authentication against a Win2003 Domain is running smoothly and Samba and Winbind are my best friends.
Now I want SPNEGO Authentication on our internal webserver. According to http://www.grolmsnet.de/kerbtut/ I tried to get mod_auth_kerb running with Apache 2.0.46. I receive a valid ticket if I do a "kinit HTTP/tartaros.mydomain.local at MYDOMAIN.LOCAL -k -5 -t /etc/httpd/conf/tartaros.keytab" but if I try to log in via mod_auth_kerb I get a user/password prompt instead of my homepage and the following appears in the logs:
"failed to verify krb5 credentials: Server not found in Kerberos database".
The relevant parts of my httpd configuration are:
AuthType Kerberos
KrbAuthRealms MYDOMAIN.LOCAL
KrbServiceName HTTP
Krb5Keytab /etc/httpd/conf/tartaros.keytab
KrbMethodNegotiate on
KrbMethodK5Passwd on
And even if I think this is unnecessary, some parts of my krb5.conf:
[libdefaults]
ticket_lifetime = 24000
default_realm = LSTGROUP.LOCAL
# If I comment these out I get an internal server error
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
MYDOMAIN.LOCAL = {
kdc = ...:88
admin_server = ...:749
passwd_server = ...
default_domain = mydomain.local
}
[domain_realm]
tartaros.mydomain.local = MYDOMAIN.LOCAL
.mydomain.local = MYDOMAIN.LOCAL
mydomain.local = MYDOMAIN.LOCAL
Any help is appreciated, thanks a lot and have a nice sunday,
jan
More information about the Kerberos
mailing list