windows 2003 domain controller, mod_auth_kerb in linux, issue witt kerberos
Ahmar Nauman
ahmar_nauman at hotmail.com
Fri Jul 10 11:20:30 EDT 2009
Hi,
I'm using windows server 2003 as domain controller,
i've succesfully followed all the necessary steps required for setting up an SSO, generated keytab files which gives me correct info if i type klist -k , integrated mod_auth_kerb and configured machines.
My browser setting are just fine as well,
My httpd.conf is like
<Location /myURL
AuthType Kerberos
AuthName "Test Kerberos Login"
KrbVerifyKDC off # it doesn't work if i remove this line
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms LAB1.DIGIDENT-SOLUTIONS.COM
Krb5KeyTab /etc/krb5.keytab
KrbSaveCredentials On
KrbServiceName HTTP
require valid-user
</Location
Now when i tried to test from IE(v 6) it open a login box, if i supply username and password as setup in active directory, it allows me to enter. I dont want to get this login box, so if i change KrbMethodK5Passwd to Off, it simply refuses me to get in by Authorization Required message in browser and in apache logs, i get the following errors,
[Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1266): [client x.x.x.x] Verifying client data using KRB5 GSS-API
[Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1282): [client ......] Verification returned code 589824
[Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1309): [client ......] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.
[Fri Jul 10 20:31:25 2009] [error] [client ......9] gss_accept_sec_context() failed: Invalid token was supplied (No error)
I'm trying to resolve this issue, but nothing work out so far.
Can anybody please help here??
regards
- Ahmar
_________________________________________________________________
Drag n’ drop—Get easy photo sharing with Windows Live™ Photos.
http://www.microsoft.com/windows/windowslive/products/photos.aspx
More information about the Kerberos
mailing list