Kerberos troubles
Jean-Yves Avenard
jyavenard at gmail.com
Thu Sep 16 21:31:45 EDT 2010
Hi there.
I'm having a great deal of trouble getting mod_auth_kerb working on a
FreeBSD 8.1 box.
I've had no issue setting other machines to use kerberos, but not with this one.
With no active ticket on the client, as expected I get a 401 error.
However, with an active kerberos ticket ; the page loads and loads
forever, and in the apache log I see:
[Fri Sep 17 10:56:54 2010] [info] Subsequent (No.22) HTTPS request
received for child 6 (server svn.domain.com:443)
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1638): [client
XX.XX.XX.XX] kerb_authenticate_user entered with user (NULL) and
auth_type Kerberos
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1250): [client
XX.XX.XX.XX] Acquiring creds for HTTP at svn.domain.com
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1395): [client
XX.XX.XX.XX] Verifying client data using KRB5 GSS-API
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1411): [client
XX.XX.XX.XX] Client didn't delegate us their credential
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1430): [client
XX.XX.XX.XX] GSS-API token of length 9 bytes will be sent back
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1111): [client
XX.XX.XX.XX] GSS-API major_status:000d0000, minor_status:000186a3
[Fri Sep 17 10:56:54 2010] [error] [client XX.XX.XX.XX]
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
may provide more information (, )
I couldn't find references to GSS-API major_status:000d0000,
minor_status:000186a3
Googling usually shows people have extra information at the end, which
can help troubleshooting the problem.
Working using the keytab, kinit etc.. from the command line, works fine..
I know this is likely specific to apache's mod_auth_kerb; however
those errors are MIT Kerberos ones ..
Thank you
Jean-Yves
More information about the Kerberos
mailing list