windows 2003 domain controller, mod_auth_kerb in linux, issue witt kerberos

Nikolay Shopik shopik at inblock.ru
Fri Jul 10 12:29:37 EDT 2009 

And you are enabled "Integrated windows authentication" option in IE6, 
don't you?

On 10.07.2009 19:20, Ahmar Nauman wrote:
>
>   Hi,
>
>   I'm using windows server 2003 as domain controller,
>   i've succesfully followed all the necessary steps required for setting up an SSO, generated keytab files which gives me correct info if i type klist -k , integrated mod_auth_kerb and configured machines.
>   My browser setting are just fine as well,
>
>
>   My httpd.conf is like
>   <Location /myURL
>   AuthType Kerberos
>   AuthName "Test Kerberos Login"
>   KrbVerifyKDC off # it doesn't work if i remove this line
>   KrbMethodNegotiate On
>   KrbMethodK5Passwd On
>   KrbAuthRealms LAB1.DIGIDENT-SOLUTIONS.COM
>   Krb5KeyTab /etc/krb5.keytab
>   KrbSaveCredentials On
>   KrbServiceName HTTP
>   require valid-user
>   </Location
>
>   Now when i tried to test from IE(v 6) it open a login box, if i supply username and password as setup in active directory, it allows me to enter. I dont want to get this login box, so if i change KrbMethodK5Passwd to Off, it simply refuses me to get in by Authorization Required message in browser and in apache logs, i get the following errors,
>
>   [Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1266): [client x.x.x.x] Verifying client data using KRB5 GSS-API
>   [Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1282): [client ......] Verification returned code 589824
>   [Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1309): [client ......] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.
>   [Fri Jul 10 20:31:25 2009] [error] [client ......9] gss_accept_sec_context() failed: Invalid token was supplied (No error)
>
>   I'm trying to resolve this issue, but nothing work out so far.
>   Can anybody please help here??
>
>   regards
>   - Ahmar
>
> _________________________________________________________________
> Drag n’ drop—Get easy photo sharing with Windows Live™ Photos.
>
> http://www.microsoft.com/windows/windowslive/products/photos.aspx
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

More information about the Kerberos mailing list