mod_auth_kerb, cross_realm and IE

Booker Bense bbense at gmail.com
Wed Jun 19 18:44:24 EDT 2013


I'm working with mod_auth_kerb and from a linux box, it works fine with
tickets from both of our realms, WIN.SLAC.STANFORD.EDU and SLAC.STANFORD.EDU
.

Browsers running on windows boxes (IE and Firefox ) fail with this error in
the
apache server logs.

Warning: received token seems to be NTLM, which isn't supported by the
Kerberos module. Check your IE configuration.

Some googling suggests that there needs to be some configuration on the AD
side.

I know little about AD, but that post suggests that the server needs an AD
entry
of some kind to enable the browser to use kerberos credentials. Does anyone
know what the appropriate entry would be for a webserver

foo.slac.stanford.edu

being accessed by clients in

win.slac.stanford.edu

>From the unix side of things cross-realm appears to be working just fine. I
can easily get service tickets for unix servers using the windows tgt.

thanks,

- Booker C. Bense


More information about the Kerberos mailing list