Kerberos troubles

[Jean-Yves Avenard]

Hi there.

I'm having a great deal of trouble getting mod_auth_kerb working on a
FreeBSD 8.1 box.

I've had no issue setting other machines to use kerberos, but not with this one.

With no active ticket on the client, as expected I get a 401 error.

However, with an active kerberos ticket ; the page loads and loads
forever, and in the apache log I see:


[Fri Sep 17 10:56:54 2010] [info] Subsequent (No.22) HTTPS request
received for child 6 (server svn.domain.com:443)
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1638): [client
XX.XX.XX.XX] kerb_authenticate_user entered with user (NULL) and
auth_type Kerberos
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1250): [client
XX.XX.XX.XX] Acquiring creds for HTTP at svn.domain.com
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1395): [client
XX.XX.XX.XX] Verifying client data using KRB5 GSS-API
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1411): [client
XX.XX.XX.XX] Client didn't delegate us their credential
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1430): [client
XX.XX.XX.XX] GSS-API token of length 9 bytes will be sent back
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1111): [client
XX.XX.XX.XX] GSS-API major_status:000d0000, minor_status:000186a3
[Fri Sep 17 10:56:54 2010] [error] [client XX.XX.XX.XX]
gss_accept_sec_context() failed: Unspecified GSS failure.  Minor code
may provide more information (, )


I couldn't find references to GSS-API major_status:000d0000,
minor_status:000186a3

Googling usually shows people have extra information at the end, which
can help troubleshooting the problem.

Working using the keytab, kinit etc.. from the command line, works fine..

I know this is likely specific to apache's mod_auth_kerb; however
those errors are MIT Kerberos ones ..

Thank you
Jean-Yves