No principal in keytab
Michael B Allen
ioplex at gmail.com
Thu Oct 30 11:57:48 EDT 2008
On Thu, Oct 30, 2008 at 10:47 AM, yuval <yabadi at checkpoint.com> wrote:
> Hi
>
>
>
> I try to authenticate web server clients on Linux apache.
>
>
>
> I have keytab from win2003 and kinit pass OK.
>
>
>
> Klist show valid principal.
>
> [Expert at fluid]# klist
>
> Ticket cache: FILE:/tmp/krb5cc_0
>
> Default principal:
> HTTP/fluid.w2003ex.qa.checkpoint.com at W2003EX.QA.CHECKPOINT.COM
>
>
>
> Valid starting Expires Service principal
>
> 10/30/08 14:50:28 10/31/08 00:50:46
> krbtgt/W2003EX.QA.CHECKPOINT.COM at W2003EX.QA.CHECKPOINT.COM
>
> renew until 10/31/08 14:50:28
>
>
>
>
>
> Kerberos 4 ticket cache: /tmp/tkt0
>
> klist: You have no tickets cached
>
>
>
>
>
> but I got gss error "No principal in keytab matches desired name"
What is the URL you are using the address bar of the browser? The
hostname in the URL must match the hostname in the principal name in
the keytab file exactly. For example, if you use an IP address to
visit the website, you will get the aforementioned error.
List the contents of the keytab file with ktutil.
Are you sure the keytab file is being successfully ready by Apache?
Mike
More information about the Kerberos
mailing list