IE using NTLM instead of Kerberos?
Jason Fenner
jfenner at Vitamix.com
Mon Feb 20 09:09:34 EST 2006
Ok,
I ran that command and go the following:
kvno: No credentials cache found while getting client principal name
I notice that it says "client principal name", does this mean that I
also need a key called:
host/rt.vitamix.com
Or does "client" just refer to the principal name that I queried?
What does this message indicate?
Here is my /etc/krb5.conf file too:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
clockskew = 300
[libdefaults]
ticket_lifetime = 24000
default_realm = DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
VITAMIX.COM = {
kdc = dc1.domain.com:88
admin_server = dc1.domain.com
}
GOLDENEYE = {
kdc = dc1.vitamix.com
admin_server = dc1.domain.com
default_domain = DOMAIN.COM
}
[domain_realm]
rt.vitamix.com = DOMAIN.COM
#[kdc]
# profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[logging]
FILE=/var/krb5/kdc.log
Achim Grolms wrote:
>On Friday 17 February 2006 23:08, Jason Fenner wrote:
>
>
>
>>I have followed these instruction completely:
>>http://www.grolmsnet.de/kerbtut/
>>
>>The research I have done so far shows that IE will try kerberos first,
>>and then fail over to NTLM.
>>
>>
>
>please run
>
>kvno HTTP/rt.vitamix.com
>
>to see if the Kerberos principal exists.
>
>The mod_auth_kerb mailinglist is
>
>modauthkerb-help at lists.sourceforge.net
>
>
>Achim
>
>
>
More information about the Kerberos
mailing list