mod_auth_kerb credential error for principal

Edson Habowsky EdsonH at weg.net
Thu Mar 22 13:47:15 EDT 2007


Hello,

I'm facing serious problem with Kerberos ticket 

I'm trying authenticate Windows users to the Linux apache webserver using Kerberos authenticate method, and for apache mod_auth_kerb.

Having problems with keytab.

 

Targeting domain controller: DCserver.domain.com

Successfully mapped HTTP/LinuxServer.domain.com to myuser.

Type the password for HTTP/LinuxServer.domain.com:

Type the password again to confirm:

Key created.

Output keytab to c:\temp\apache.keytab:

Keytab version: 0x502

keysize 56 HTTP/LinuxServer.weg.net at WEG.NET ptype 1 (KRB5_NT_PRINCIPAL) vno 23 etyp

e 0x3 (DES-CBC-MD5) keylength 8 (0x2f342c51891c1c68)

Account myuser has been set for DES-only encryption.

 

> I'm trying use this keytab at the linux apache server with 

> mod_auth_kerb; and if put the apache.keytab that was just created at windows side, into linux side, it 

> doesn't work. I got the error when I run the kinit command:

> 

> #kinit -k -t /usr/local/apache2/conf/apache.keytab

> kinit(v5): Client not found in Kerberos database while getting initial 

> credentials

 

If I run kinit myuser and put my passwd, it works fine, and after run this, if I run klist it bring me the cached ticket fine.

Also, if I run kutil and check kvno into the keytab, it give me the right number (same as the one created at windows site through the ktpass).

 

 

> May someone help me please,

> I'm stuck on this, almost one week, and don't know what else to do.

 

Edson Habowsky 
Departamento de Sistemas de Informação 
Sc Data Center - Tecnologia 
Analista de Infra - Servidores/Storage 
Fone: 55 (47) 3276 4619 - edsonh at weg.net <mailto:edsonh at weg.net>  
WEG Equipamentos Elétricos S.A. - Corporativo 
"TRANSFORMANDO ENERGIA EM SOLUÇÕES" 

 




More information about the Kerberos mailing list