gss_acquire_cred() failed
Richard E. Silverman
res at qoxp.net
Mon Jun 14 15:19:03 EDT 2010
>>>>> "Vlad" == Vlad <vladistan at gmail.com> writes:
Vlad> Nicolas, The reason you are getting this message is because the
Vlad> mod_auth_kerb could not find the entry that matches your server
Vlad> name in the keytab, you have to set it using KrbServiceName
Vlad> directive like this:
Vlad> KrbServiceName HTTP/domain.. at DOMAIN.FR
Or you can use "KrbServiceName Any", but this will only help if name
services are configured such that clients will get matching tickets to
begin with.
Vlad> Vlad
Vlad> On Jun 14, 5:04 am, Nicolas Jaunet <nicolas.jau... at gmail.com> wrote:
>> Hi !
>>
>> I installed mod_auth_kerb on my debian server and create a keytab
>> to authenticate thanks to kerberos on a web site with apache
>> tomcat. I created a user in my kdc. To check I did that :
>>
>> debian-server# klist -k krb5.keytab Keytab name: FILE:krb5.keytab
>> KVNO Principal ----
>> --------------------------------------------------------------------------
>> 3 HTTP/domain... at DOMAIN.FR
>>
>> And the file /etc/apache2/kerberos.conf :
>>
>> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on
>> KrbVerifyKDC off KrbMethodK5Passwd off KrbAuthRealms DOMAIN.FR
>> Krb5KeyTab /etc/apache2/krb5.keytab require valid-user
>>
>> When I try to connect my web site withhttp://domain.fr I have a 500
>> Internal Server Error and the error.log file show me this error :
>>
>> gss_acquire_cred() failed: Unspecified GSS failure. Minor code may
>> provide more information (No principal in keytab matches desired
>> name)
>>
>> Someone can help me ? Thanks.
--
Richard Silverman
res at qoxp.net
More information about the Kerberos
mailing list