mod_auth_kerb credential error for principal
Edson Habowsky
EdsonH at weg.net
Thu Mar 22 13:47:15 EDT 2007
Hello,
I'm facing serious problem with Kerberos ticket
I'm trying authenticate Windows users to the Linux apache webserver using Kerberos authenticate method, and for apache mod_auth_kerb.
Having problems with keytab.
Targeting domain controller: DCserver.domain.com
Successfully mapped HTTP/LinuxServer.domain.com to myuser.
Type the password for HTTP/LinuxServer.domain.com:
Type the password again to confirm:
Key created.
Output keytab to c:\temp\apache.keytab:
Keytab version: 0x502
keysize 56 HTTP/LinuxServer.weg.net at WEG.NET ptype 1 (KRB5_NT_PRINCIPAL) vno 23 etyp
e 0x3 (DES-CBC-MD5) keylength 8 (0x2f342c51891c1c68)
Account myuser has been set for DES-only encryption.
> I'm trying use this keytab at the linux apache server with
> mod_auth_kerb; and if put the apache.keytab that was just created at windows side, into linux side, it
> doesn't work. I got the error when I run the kinit command:
>
> #kinit -k -t /usr/local/apache2/conf/apache.keytab
> kinit(v5): Client not found in Kerberos database while getting initial
> credentials
If I run kinit myuser and put my passwd, it works fine, and after run this, if I run klist it bring me the cached ticket fine.
Also, if I run kutil and check kvno into the keytab, it give me the right number (same as the one created at windows site through the ktpass).
> May someone help me please,
> I'm stuck on this, almost one week, and don't know what else to do.
Edson Habowsky
Departamento de Sistemas de Informação
Sc Data Center - Tecnologia
Analista de Infra - Servidores/Storage
Fone: 55 (47) 3276 4619 - edsonh at weg.net <mailto:edsonh at weg.net>
WEG Equipamentos Elétricos S.A. - Corporativo
"TRANSFORMANDO ENERGIA EM SOLUÇÕES"
More information about the Kerberos
mailing list