acquiring creds for different principal ??

Nikhil Mulley mnikhil at gmail.com
Sat Oct 1 03:00:20 EDT 2005


Exactly, I did the same..
but the errors still persists..I will today try and let you know what about
this..

Thanks,
Nikhil

On 10/1/05, Markus Moeller <huaraz at moeller.plus.com> wrote:
>
> In your krb5 config you use
> sx86qa2.hyd.de.com <http://sx86qa2.hyd.de.com> = DE.COM <http://DE.COM>
> but the server wants deshaw.com <http://deshaw.com> not de.com<http://de.com>!
> HTTP/sx86qa2.hyd.deshaw.com at HYD.DE.COM
>
> You need an entry for hyd.deshaw.com <http://hyd.deshaw.com> in your
> config file or change your
> hostname to hyd.de.com <http://hyd.de.com>. Also which key is in your
> keytab ?
> Can you do a kinit -k -t keytab_file
> HTTP/sx86qa2.hyd.deshaw.com at HYD.DE.COM
> or kinit -k -t keytab_file HTTP/sx86qa2.hyd.de.com at HYD.DE.COM ?
>
> Regards
> Markus
>
> <mnikhil at gmail.com> wrote in message
> news:1128065906.809179.177020 at o13g2000cwo.googlegroups.com...
> > Hi
> >
> > I am running Apache(2.0.52) on Sol-10 (x86). and am using mod_auth_kerb
> > for kerberos authentication..
> >
> > I have correctly generated the keytab file for the host following the
> > details at http://www.grolmsnet.de/kerbtut/.
> > but at seeing the logs, it shows me that Apache/mod_auth_kerb is
> > getting creds for differnet principal instead of mentioned in the
> > /etc/krb5/krb5.conf..
> > What could be wrong here ..
> >
> > my /etc/krb5/krb5.conf
> > ===========
> > mulleyn at sx86qa2:/etc/apache2> cat /etc/krb5/krb5.conf
> > #
> > # Copyright 2004 Sun Microsystems, Inc. All rights reserved.
> > # Use is subject to license terms.
> > #
> > # ident "@(#)krb5.conf 1.3 04/03/25 SMI"
> > #
> >
> > # krb5.conf template
> > # In order to complete this configuration file
> > # you will need to replace the __<name>__ placeholders
> > # with appropriate values for your network.
> > #
> > [libdefaults]
> > default_realm = DE.COM <http://DE.COM>
> >
> > [realms]
> > DESHAW.COM <http://DESHAW.COM> = {
> > kdc = dchyd1.hyd.de.com <http://dchyd1.hyd.de.com>
> > admin_server = dchyd1.hyd.de.com <http://dchyd1.hyd.de.com>
> > }
> >
> > [domain_realm]
> > sx86qa2.hyd.de.com <http://sx86qa2.hyd.de.com> = DE.COM <http://DE.COM>
> >
> > [logging]
> > default = FILE:/var/krb5/kdc.log
> > kdc = FILE:/var/krb5/kdc.log
> >
> >
> > =========================
> > Logs in the apache at /
> >
> > mulleyn at sx86qa2:/etc/apache2> sudo tail -f /var/apache2/logs/error_log
> > [Fri Sep 30 13:03:04 2005] [debug] src/mod_auth_kerb.c(1322): [client
> > 149.77.165.65 <http://149.77.165.65>] kerb_authenticate_user entered
> with user (NULL) and
> > auth_type Kerberos
> > [Fri Sep 30 13:03:04 2005] [debug] src/mod_auth_kerb.c(1023): [client
> > 149.77.165.65 <http://149.77.165.65>] Acquiring creds for
> > HTTP/sx86qa2.hyd.deshaw.com at HYD.DE.COM
> > [Fri Sep 30 13:03:04 2005] [error] [client 149.77.165.65<http://149.77.165.65>
> ]
> > gss_acquire_cred() failed: Miscellaneous failure (No principal in
> > keytab matches desired name)
> >
> >
> > Instead of DE.COM <http://DE.COM>, it is going for HYD.DE.COM..it is
> confusing me..
> > can someone please throw light on this and possibly direct me to the
> > correct answer ?
> >
> > Regards,
> > Nikhil
> >
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>



--
Nikhil

Google is Great !


More information about the Kerberos mailing list