failed to authenticate using mod_auth_kerb for Apache

Siarhei Baidun siarheibaidun at gmail.com
Mon Oct 3 05:30:44 EDT 2005 

Hello Everybody,
 I'm experiencing a problem that is getting very serious for me since I have
not found any solution for a week.
I have a SuSe 9.0 Enterprise Server installed with Apache 2.0.49.
 My goal is to set up kerberos authentication.
 I have also installed and configured mod_auth_kerb module for Apache.
 Now I'm trying to access protected pages on my server via browser (I tried
IE6, Mozilla 1.7.12 and FireFox 1.5b1)
 I'm constantly getting 401 Error - authentication failed!
 I haved debugged HTTP calls and have found that browser send NTLMSSP
response instaed of Kerberos one.
As a result Apache writes to errror log the following:
 [Mon Oct 03 11:04:04 2005] [debug] src/mod_auth_kerb.c(1322): [client
10.3.103.154 <http://10.3.103.154>] kerb_authenticate_user entered with user
(NULL) and auth_type Kerberos
[Mon Oct 03 11:04:04 2005] [debug] src/mod_auth_kerb.c(1322): [client
10.3.103.154 <http://10.3.103.154>] kerb_authenticate_user entered with user
(NULL) and auth_type Kerberos
[Mon Oct 03 11:04:04 2005] [debug] src/mod_auth_kerb.c(1023): [client
10.3.103.154 <http://10.3.103.154>] Acquiring creds for
HTTP/gvepl100.internal.epo.org at INTERNAL.EPO.ORG
[Mon Oct 03 11:04:04 2005] [debug] src/mod_auth_kerb.c(1152): [client
10.3.103.154 <http://10.3.103.154>] Verifying client data using KRB5 GSS-API
[Mon Oct 03 11:04:04 2005] [debug] src/mod_auth_kerb.c(1168): [client
10.3.103.154 <http://10.3.103.154>] Verification returned code 589824
[Mon Oct 03 11:04:04 2005] [debug] src/mod_auth_kerb.c(1194): [client
10.3.103.154 <http://10.3.103.154>] Warning: received token seems to be
NTLM, which isn't supported by the Kerberos module. Check your IE
configuration.
[Mon Oct 03 11:04:04 2005] [error] [client 10.3.103.154<http://10.3.103.154>]
gss_accept_sec_context() failed: A token was invalid (Success)
  For already a week I can't find a workaround for the problem or to find at
least the reason of such behaviour.
And this thing does not depend on the browser - IE, Mozilla or Firefox - I'm
getting the same on all of them.
 I would be very appreciated if somebody give me a hint what is happening,
why and how to solve the problem.
 --
Thanks a lot in advance,
Siarhei Baidun

More information about the Kerberos mailing list