error "Wrong principal in request"

Rusanov, Dmitry dmitry.rusanov at hp.com
Thu Jul 21 01:25:33 EDT 2011


Hi,

Can someone help me to troubleshoot this error in apache log:


[Mon Jul 11 10:27:18 2011] [debug] src/mod_auth_kerb.c(994): [client 192.168.20.17] Using HTTP/itgc-merc.msk.mts.ru at MSK.MTS.RU as server principal for password verification
[Mon Jul 11 10:27:18 2011] [debug] src/mod_auth_kerb.c(698): [client 192.168.20.17] Trying to get TGT for user makh at MSK.MTS.RU
[Mon Jul 11 10:27:18 2011] [debug] src/mod_auth_kerb.c(609): [client 192.168.20.17] Trying to verify authenticity of KDC using principal HTTP/itgc-merc.msk.mts.ru at MSK.MTS.RU
[Mon Jul 11 10:27:18 2011] [debug] src/mod_auth_kerb.c(652): [client 192.168.20.17] krb5_rd_req() failed when verifying KDC
[Mon Jul 11 10:27:18 2011] [error] [client 192.168.20.17] failed to verify krb5 credentials: Wrong principal in request
[Mon Jul 11 10:27:18 2011] [debug] src/mod_auth_kerb.c(698): [client 192.168.20.17] Trying to get TGT for user makh at MTS.RU
[Mon Jul 11 10:27:18 2011] [error] [client 192.168.20.17] krb5_get_init_creds_password() failed: Realm not local to KDC
[Mon Jul 11 10:27:18 2011] [debug] src/mod_auth_kerb.c(1073): [client 192.168.20.17] kerb_authenticate_user_krb5pwd ret=401 user=(NULL) authtype=(NULL)
[Mon Jul 11 10:27:18 2011] [debug] src/mod_auth_kerb.c(1628): [client 192.168.20.17] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Mon Jul 11 10:27:18 2011] [debug] src/mod_auth_kerb.c(1566): [client 192.168.20.17] matched previous auth request

It is SSO with apache+kerberos

Best regards,
Dmitry




More information about the Kerberos mailing list