windows 2003 domain controller, mod_auth_kerb in linux, issue witt kerberos

Ahmar Nauman ahmar_nauman at
Fri Jul 10 11:20:30 EDT 2009


 I'm using windows server 2003 as domain controller,
 i've succesfully followed all the necessary steps required for setting up an SSO, generated keytab files which gives me correct info if i type klist -k , integrated mod_auth_kerb and configured machines.
 My browser setting are just fine as well,
 My httpd.conf is like
 <Location /myURL  
 AuthType Kerberos
 AuthName "Test Kerberos Login"
 KrbVerifyKDC off # it doesn't work if i remove this line
 KrbMethodNegotiate On
 KrbMethodK5Passwd On
 Krb5KeyTab /etc/krb5.keytab
 KrbSaveCredentials On
 KrbServiceName HTTP
 require valid-user
 Now when i tried to test from IE(v 6) it open a login box, if i supply username and password as setup in active directory, it allows me to enter. I dont want to get this login box, so if i change KrbMethodK5Passwd to Off, it simply refuses me to get in by Authorization Required message in browser and in apache logs, i get the following errors,
 [Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1266): [client x.x.x.x] Verifying client data using KRB5 GSS-API
 [Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1282): [client ......] Verification returned code 589824
 [Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1309): [client ......] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.
 [Fri Jul 10 20:31:25 2009] [error] [client ......9] gss_accept_sec_context() failed: Invalid token was supplied (No error)
 I'm trying to resolve this issue, but nothing work out so far.
 Can anybody please help here??
 - Ahmar

Drag n’ drop—Get easy photo sharing with Windows Live™ Photos.

More information about the Kerberos mailing list