[32670] in Kerberos

home help back first fref pref prev next nref lref last post

Kerberos troubles

daemon@ATHENA.MIT.EDU (Jean-Yves Avenard)
Thu Sep 16 21:31:51 2010

MIME-Version: 1.0
Date: Fri, 17 Sep 2010 11:31:45 +1000
Message-ID: <AANLkTinQWHGvNfqmSL8-EHjJ5knboJv87nwRCc+JM5j_@mail.gmail.com>
From: Jean-Yves Avenard <jyavenard@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Hi there.

I'm having a great deal of trouble getting mod_auth_kerb working on a
FreeBSD 8.1 box.

I've had no issue setting other machines to use kerberos, but not with this one.

With no active ticket on the client, as expected I get a 401 error.

However, with an active kerberos ticket ; the page loads and loads
forever, and in the apache log I see:


[Fri Sep 17 10:56:54 2010] [info] Subsequent (No.22) HTTPS request
received for child 6 (server svn.domain.com:443)
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1638): [client
XX.XX.XX.XX] kerb_authenticate_user entered with user (NULL) and
auth_type Kerberos
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1250): [client
XX.XX.XX.XX] Acquiring creds for HTTP@svn.domain.com
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1395): [client
XX.XX.XX.XX] Verifying client data using KRB5 GSS-API
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1411): [client
XX.XX.XX.XX] Client didn't delegate us their credential
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1430): [client
XX.XX.XX.XX] GSS-API token of length 9 bytes will be sent back
[Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1111): [client
XX.XX.XX.XX] GSS-API major_status:000d0000, minor_status:000186a3
[Fri Sep 17 10:56:54 2010] [error] [client XX.XX.XX.XX]
gss_accept_sec_context() failed: Unspecified GSS failure.  Minor code
may provide more information (, )


I couldn't find references to GSS-API major_status:000d0000,
minor_status:000186a3

Googling usually shows people have extra information at the end, which
can help troubleshooting the problem.

Working using the keytab, kinit etc.. from the command line, works fine..

I know this is likely specific to apache's mod_auth_kerb; however
those errors are MIT Kerberos ones ..

Thank you
Jean-Yves
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
home help back first fref pref prev next nref lref last post