gss_acquire_cred() failed

Nicolas Jaunet nicolas.jaunet at gmail.com
Wed Jun 16 02:35:53 EDT 2010 

Bonjour Vlad et Richard !

I follow your instructions but now, I have a new error in logs :
gss_accept_sec_context() failed: Invalid token was supplied (No error)

And my site returns a 401 error AUTHORIZATION REQUIRED.
What is missing ?
Thanks again.

Nicolas.


2010/6/14 Richard E. Silverman <res at qoxp.net>

> >>>>> "Vlad" == Vlad  <vladistan at gmail.com> writes:
>
>    Vlad> Nicolas, The reason you are getting this message is because the
>    Vlad> mod_auth_kerb could not find the entry that matches your server
>    Vlad> name in the keytab, you have to set it using KrbServiceName
>    Vlad> directive like this:
>
>
>    Vlad>   KrbServiceName HTTP/domain.. at DOMAIN.FR
>
> Or you can use "KrbServiceName Any", but this will only help if name
> services are configured such that clients will get matching tickets to
> begin with.
>
>    Vlad>    Vlad
>
>
>
>    Vlad> On Jun 14, 5:04 am, Nicolas Jaunet <nicolas.jau... at gmail.com>
> wrote:
>    >> Hi !
>    >>
>    >> I installed mod_auth_kerb on my debian server and create a keytab
>    >> to authenticate thanks to kerberos on a web site with apache
>    >> tomcat.  I created a user in my kdc.  To check I did that :
>    >>
>    >> debian-server# klist -k krb5.keytab Keytab name: FILE:krb5.keytab
>    >> KVNO Principal ----
>    >>
> --------------------------------------------------------------------------
>    >>    3 HTTP/domain... at DOMAIN.FR
>    >>
>    >> And the file /etc/apache2/kerberos.conf :
>    >>
>    >> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on
>    >> KrbVerifyKDC off KrbMethodK5Passwd off KrbAuthRealms DOMAIN.FR
>    >> Krb5KeyTab /etc/apache2/krb5.keytab require valid-user
>    >>
>    >> When I try to connect my web site withhttp://domain.fr I have a 500
>    >> Internal Server Error and the error.log file show me this error :
>    >>
>    >> gss_acquire_cred() failed: Unspecified GSS failure.  Minor code may
>    >> provide more information (No principal in keytab matches desired
>    >> name)
>    >>
>    >> Someone can help me ?  Thanks.
>
>
> --
>  Richard Silverman
>  res at qoxp.net
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

More information about the Kerberos mailing list