Kerberos Issue

[Carano, Riccardo (EBV)]

Hi,

currently I have Kerberos running (MIT). 
When I'm trying this command in the console: 

  kinit user at server

I become a prompt with my password and this works! But when I'm trying this with my IE 8 (on XP) this error occures:
kerb_authenticate_user entered with user (NULL) and auth_type


I am at my wit's end! I hope you can help me

#######################

My error-log:
------------
[Tue Jun 14 14:52:38 2011] [debug] src/mod_auth_kerb.c(1628): [client xxx.xx.xxx.xx] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Tue Jun 14 14:52:38 2011] [debug] src/mod_auth_kerb.c(1628): [client xxx.xx.xxx.xx] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Tue Jun 14 14:52:38 2011] [debug] src/mod_auth_kerb.c(1240): [client xxx.xx.xxx.xx] Acquiring creds for HTTP at MYSERVER
[Tue Jun 14 14:52:38 2011] [debug] src/mod_auth_kerb.c(1385): [client xxx.xx.xxx.xx] Verifying client data using KRB5 GSS-API 
[Tue Jun 14 14:52:38 2011] [debug] src/mod_auth_kerb.c(1401): [client xxx.xx.xxx.xx] Client didn't delegate us their credential
[Tue Jun 14 14:52:38 2011] [debug] src/mod_auth_kerb.c(1429): [client xxx.xx.xxx.xx] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.
[Tue Jun 14 14:52:38 2011] [debug] src/mod_auth_kerb.c(1101): [client xxx.xx.xxx.xx] GSS-API major_status:00090000, minor_status:00000000
[Tue Jun 14 14:52:38 2011] [error] [client xxx.xx.xxx.xx] gss_accept_sec_context() failed: Invalid token was supplied (, No error)

This is my Envirement:
----------------------
- Windows Server 2008 RC2 with the Active Director
- Linux version 2.6.18-92.el5 (brewbuilder at ls20-bc2-13.build.redhat.com) (gcc version 4.1.2 20071124 (Red Hat 4.1.2-41))

Kerberos Versions:
------------------
krb5-devel-1.6.1-25.el5
krb5-libs-1.6.1-25.el5
krb5-workstation-1.6.1-25.el5
pam_krb5-2.2.14-1
krb5-libs-1.6.1-25.el5
pam_krb5-2.2.14-1
krb5-devel-1.6.1-25.el5

My httpd.conf File:
------------------
....
<Directory "/var/www/html/BUSINESS/SSO">
  AuthType Kerberos
  AuthName "Kerberos Login"

  KrbServiceName HTTP
  KrbMethodNegotiate on
  KrbMethodK5Passwd on
  KrbAuthoritative on
  KrbAuthRealms MYSERVER
  KrbVerifyKDC off
  Krb5Keytab /etc/httpd/conf/mykeytab.keytab
  KrbSaveCredentials on
  require valid-user
</Directory>
...

My krb5.conf File:
------------------
[logging]
default = FILE:/var/www/logs/krb5libs.log
kdc = FILE:/var/www/logs/krb5kdc.log
admin_server = FILE:/var/www/logs/kadmind.log

[libdefaults]
default_realm = MYSERVER
forwardable = true
proxiable = true
default_keytab_name= FILE:/etc/httpd/conf/mykeytab.keytab

[realms]
MYSERVER = {
  kdc = test01. MYSERVER
  kdc = test02.MYSERVER
  master_kdc = MYSERVER
  default_domain = MYSERVER
}

[domain_realm]
name = MYSERVER

[appdefaults]
pam = {
   debug = true
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = true
}


Thanks for your help

Best regards
Riccardo