windows 2003 domain controller, mod_auth_kerb in linux, issue witt kerberos
Nikolay Shopik
shopik at inblock.ru
Fri Jul 10 12:29:37 EDT 2009
And you are enabled "Integrated windows authentication" option in IE6,
don't you?
On 10.07.2009 19:20, Ahmar Nauman wrote:
>
> Hi,
>
> I'm using windows server 2003 as domain controller,
> i've succesfully followed all the necessary steps required for setting up an SSO, generated keytab files which gives me correct info if i type klist -k , integrated mod_auth_kerb and configured machines.
> My browser setting are just fine as well,
>
>
> My httpd.conf is like
> <Location /myURL
> AuthType Kerberos
> AuthName "Test Kerberos Login"
> KrbVerifyKDC off # it doesn't work if i remove this line
> KrbMethodNegotiate On
> KrbMethodK5Passwd On
> KrbAuthRealms LAB1.DIGIDENT-SOLUTIONS.COM
> Krb5KeyTab /etc/krb5.keytab
> KrbSaveCredentials On
> KrbServiceName HTTP
> require valid-user
> </Location
>
> Now when i tried to test from IE(v 6) it open a login box, if i supply username and password as setup in active directory, it allows me to enter. I dont want to get this login box, so if i change KrbMethodK5Passwd to Off, it simply refuses me to get in by Authorization Required message in browser and in apache logs, i get the following errors,
>
> [Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1266): [client x.x.x.x] Verifying client data using KRB5 GSS-API
> [Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1282): [client ......] Verification returned code 589824
> [Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1309): [client ......] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.
> [Fri Jul 10 20:31:25 2009] [error] [client ......9] gss_accept_sec_context() failed: Invalid token was supplied (No error)
>
> I'm trying to resolve this issue, but nothing work out so far.
> Can anybody please help here??
>
> regards
> - Ahmar
>
> _________________________________________________________________
> Drag n’ drop—Get easy photo sharing with Windows Live™ Photos.
>
> http://www.microsoft.com/windows/windowslive/products/photos.aspx
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list