kerberos service (httpd using mod_auth_kerb) in DMZ
Thomas A. La Porte
tlaporte at anim.dreamworks.com
Mon Nov 14 14:51:57 EST 2005
On Mon, 14 Nov 2005, FM wrote:
> Thanks for the reply,
>
> We're using Linux
> browser is Firefox
> KDC : MIT Kerberos 1.3
> you can use http if you add tu http conf : KrbServiceName "http"
> thank you for the ML Link !
>
>
> Achim Grolms wrote:
>
>> On Monday 14 November 2005 18:48, FM wrote:
>>
>>
>>> I'm trying to use mod_auth_kerb to authenticate users with kerberos.
>>
>> Have you read <http://www.grolmsnet.de/kerbtut/>?
>>
>>
>>> But when I try to authenticat myself http error_log show :
>>> [error] [client 192.168.4.171] krb5_verify_init_creds() failed: Key
>>> table entry not found
The "Key table entry not found" is an indication that the client
is requesting a principal name which is not listed in the keytab
file. You can snoop the network with tcpdump or ethereal, or
trace the httpd process in order to determine what principal name
your client is requesting.
-- Tom
Thomas A. La Porte, DreamWorks SKG
<mailto:tlaporte at anim.dreamworks.com>
More information about the Kerberos
mailing list