Problem to have mod_auth_kerb to work

Smellyfrog yannick at smellyfrog.com
Tue Jan 17 03:00:16 EST 2006


Thanks you all for your help, I eventually managed to make it work.

What was wrong in my config:
- The keytab had not been generated exactly like it was describe in
Achim's guide (http://www.grolmsnet.de/kerbtut/ ).
Solution: regenerate the keytab using EXACTLY the settings described by
Achim in the section 6 of his guide.

- After installing the keytab on my web server using ktutil, the
generated keytab file was not accessible to the user owning the apache
process. I had the following error: gss_acquire_cred() failed:
Miscellaneous failure (Permission denied)
Solution: chmod the kerberos keytab file and grant RW access to the
apache user.

- After these changes, I still didn't have a successful authentication.
The ticket was being acquired for HTTP/gtci2736vm at BGT.BANTA.COM instead
of HTTP/gtci2736vm.bgt.banta.com at BGT.BANTA.COM.
Solution: Change the /etc/hosts file so that the entry in that file
that read:
172.24.25.130 gtci2736vm gtci2736vm.bgt.banta.com
becomes:
172.24.25.130 gtci2736vm.bgt.banta.com gtci2736vm

At this stage, the authentication works using a non secure connection.
I'm going to try with the secure one.

Thanks again all for your help (Achim and Markus in particular).
Yannick




More information about the Kerberos mailing list