failed to authenticate using mod_auth_kerb for Apache
Siarhei Baidun
siarheibaidun at gmail.com
Tue Oct 4 03:53:01 EDT 2005
On 10/3/05, Markus Moeller <huaraz at moeller.plus.com> wrote:
> Can you describe what you have done ? When you always get a NTLM token it
> normally means that there is no key for this service in your kdc. Check
> that you don't use CNAMEs. Use kerbtray on your Windows machine to see
> which tickets are available for IE.
Hi Markus,
You are right - I do not have the key for my web server in my KDC.
I have read Achim's manual and have discovered that I missed that point -
creation of service realm for my web server.
In my case it is HTTP/gvepl100.internal.epo.org at INTERNAL.EPO.ORG
With "klist.exe tickets" command I see the following tickets in cache on my
workstation (Win2000):
Server: krbtgt/INTERNAL.EPO.ORG at INTERNAL.EPO.ORG
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 10/4/2005 22:28:03
Renew Time: 10/11/2005 9:28:03
Server: krbtgt/INTERNAL.EPO.ORG at INTERNAL.EPO.ORG
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 10/4/2005 18:55:26
Renew Time: 10/11/2005 5:55:26
Server: ldap/GVW001.internal.epo.org/internal.epo.org at INTERNAL.EPO.ORG
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 10/4/2005 18:55:26
Renew Time: 10/11/2005 5:55:26
Server: LDAP/GVW001.internal.epo.org at INTERNAL.EPO.ORG
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 10/4/2005 18:55:26
Renew Time: 10/11/2005 5:55:26
Server: HOST/gvw001.internal.epo.org at INTERNAL.EPO.ORG
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 10/4/2005 18:55:26
Renew Time: 10/11/2005 5:55:26
Server: ldap/GVW002.internal.epo.org/internal.epo.org at INTERNAL.EPO.ORG
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 10/4/2005 18:55:26
Renew Time: 10/11/2005 5:55:26
Server: LDAP/GVW002.internal.epo.org at INTERNAL.EPO.ORG
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 10/4/2005 18:55:26
Renew Time: 10/11/2005 5:55:26
Server: HOST/GVW010 at INTERNAL.EPO.ORG
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 10/3/2005 23:44:21
Renew Time: 10/10/2005 10:44:21
Server: HOST/GVW011 at INTERNAL.EPO.ORG
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 10/3/2005 23:44:21
Renew Time: 10/10/2005 10:44:21
Server: HOST/GVW001 at INTERNAL.EPO.ORG
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 10/3/2005 23:44:21
Renew Time: 10/10/2005 10:44:21
Server: HOST/GVW002 at INTERNAL.EPO.ORG
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 10/3/2005 23:44:21
Renew Time: 10/10/2005 10:44:21
Server: host/sb82058a.internal.epo.org at INTERNAL.EPO.ORG
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 10/3/2005 23:44:21
Renew Time: 10/10/2005 10:44:21
I guess I should have had a ticket for
HTTP/gvepl100.internal.epo.org at INTERNAL.EPO.ORG as well
--
Thanks,
Siarhei Baidun
More information about the Kerberos
mailing list