acquiring creds for different principal ??
mnikhil@gmail.com
mnikhil at gmail.com
Fri Sep 30 03:38:26 EDT 2005
Hi
I am running Apache(2.0.52) on Sol-10 (x86). and am using mod_auth_kerb
for kerberos authentication..
I have correctly generated the keytab file for the host following the
details at http://www.grolmsnet.de/kerbtut/.
but at seeing the logs, it shows me that Apache/mod_auth_kerb is
getting creds for differnet principal instead of mentioned in the
/etc/krb5/krb5.conf..
What could be wrong here ..
my /etc/krb5/krb5.conf
===========
mulleyn at sx86qa2:/etc/apache2> cat /etc/krb5/krb5.conf
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "@(#)krb5.conf 1.3 04/03/25 SMI"
#
# krb5.conf template
# In order to complete this configuration file
# you will need to replace the __<name>__ placeholders
# with appropriate values for your network.
#
[libdefaults]
default_realm = DE.COM
[realms]
DESHAW.COM = {
kdc = dchyd1.hyd.de.com
admin_server = dchyd1.hyd.de.com
}
[domain_realm]
sx86qa2.hyd.de.com = DE.COM
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
=========================
Logs in the apache at /
mulleyn at sx86qa2:/etc/apache2> sudo tail -f /var/apache2/logs/error_log
[Fri Sep 30 13:03:04 2005] [debug] src/mod_auth_kerb.c(1322): [client
149.77.165.65] kerb_authenticate_user entered with user (NULL) and
auth_type Kerberos
[Fri Sep 30 13:03:04 2005] [debug] src/mod_auth_kerb.c(1023): [client
149.77.165.65] Acquiring creds for
HTTP/sx86qa2.hyd.deshaw.com at HYD.DE.COM
[Fri Sep 30 13:03:04 2005] [error] [client 149.77.165.65]
gss_acquire_cred() failed: Miscellaneous failure (No principal in
keytab matches desired name)
Instead of DE.COM, it is going for HYD.DE.COM..it is confusing me..
can someone please throw light on this and possibly direct me to the
correct answer ?
Regards,
Nikhil
More information about the Kerberos
mailing list