Problem to have mod_auth_kerb to work

Smellyfrog yannick at smellyfrog.com
Fri Jan 13 06:02:16 EST 2006 

Hi all,

Another mistake of mine was that I had set the log level to debug in
apache but not for the virtual host. So now that this is done, this is
the kind of debug statement I get from apache:

[Fri Jan 13 10:40:45 2006] [info] Initial (No.1) HTTPS request received
for child 2 (server GTCI2736VM.bgt.banta.com:443)
[Fri Jan 13 10:40:45 2006] [debug] src/mod_auth_kerb.c(1333): [client
172.24.25.100] kerb_authenticate_user entered with user (NULL) and
auth_type Kerberos
[Fri Jan 13 10:40:45 2006] [debug] src/mod_auth_kerb.c(1023): [client
172.24.25.100] Acquiring creds for HTTP/gtci2736vm at BGT.BANTA.COM
[Fri Jan 13 10:40:45 2006] [debug] src/mod_auth_kerb.c(1152): [client
172.24.25.100] Verifying client data using KRB5 GSS-API
[Fri Jan 13 10:40:45 2006] [debug] src/mod_auth_kerb.c(1168): [client
172.24.25.100] Verification returned code 589824
[Fri Jan 13 10:40:45 2006] [debug] src/mod_auth_kerb.c(1194): [client
172.24.25.100] Warning: received token seems to be NTLM, which isn't
supported by the Kerberos module. Check your IE configuration.
[Fri Jan 13 10:40:45 2006] [error] [client 172.24.25.100]
gss_accept_sec_context() failed: A token was invalid (Token header is
malformed or corrupt)
[Fri Jan 13 10:40:45 2006] [error] [client 172.24.25.100] (2)No such
file or directory: cannot access type map file:
HTTP_UNAUTHORIZED.html.var

My Webserver is gtci2736vm (Fedora on a VMware environement) IP
172.24.25.130
My client is an XP pro (Host to VMware workstation) with IP
172.24.25.100
My KDC is also our AD and is Windows 2003 box.

So, as you can it seem that we are receiving an NTLM token. My IE
config seems OK. I followed the guidelines to add my web server in the
trusted intranet settings, and since I have XP pro, the tick box Enable
Integrated Windows Authentication was already ticked. But you know
what, I unticked it restarted IE and Ticked it again and restarted just
in case. At this stage I'm considering exorcism or Voodoo ceremony.

So WTF is going wrong? Please make the suffering end. ;o)
Yannick

More information about the Kerberos mailing list