[32685] in Kerberos
Re: Kerberos troubles
daemon@ATHENA.MIT.EDU (Jean-Yves Avenard)
Tue Sep 21 14:48:39 2010
MIME-Version: 1.0
In-Reply-To: <AANLkTi=rCPQiQKVp+jUo-7121=jzCV5a8nh5RO6+pvD3@mail.gmail.com>
Date: Wed, 22 Sep 2010 04:48:13 +1000
Message-ID: <AANLkTi=yzxpLjTm1eL9J7t7TdLTGQNztL57SPQJkm0Aj@mail.gmail.com>
From: Jean-Yves Avenard <jyavenard@gmail.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi there
On 17 September 2010 13:05, Jean-Yves Avenard <jyavenard@gmail.com> wrote:
> goes on forever, and in the logs I have thousands of
> [Fri Sep 17 12:59:45 2010] [info] Subsequent (No.76) HTTPS request
> received for child 1 (server svn.domain.com:443)
> [Fri Sep 17 12:59:45 2010] [debug] src/mod_auth_kerb.c(1638): [client
> XX.XX.XX.XX] kerb_authenticate_user entered with user (NULL) and
> auth_type Kerberos
> [Fri Sep 17 12:59:45 2010] [debug] src/mod_auth_kerb.c(1250): [client
> XX.XX.XX.XX] Acquiring creds for HTTP@svn.domain.com
> [Fri Sep 17 12:59:45 2010] [debug] src/mod_auth_kerb.c(1395): [client
> XX.XX.XX.XX] Verifying client data using KRB5 GSS-API
> [Fri Sep 17 12:59:45 2010] [debug] src/mod_auth_kerb.c(1411): [client
> XX.XX.XX.XX] Client didn't delegate us their credential
> [Fri Sep 17 12:59:45 2010] [debug] src/mod_auth_kerb.c(1430): [client
> XX.XX.XX.XX] GSS-API token of length 9 bytes will be sent back
> [Fri Sep 17 12:59:45 2010] [debug] src/mod_auth_kerb.c(1111): [client
> XX.XX.XX.XX] GSS-API major_status:000d0000, minor_status:000186a3
> [Fri Sep 17 12:59:45 2010] [error] [client XX.XX.XX.XX]
> gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
> may provide more information (, )
> [Fri Sep 17 12:59:45 2010] [debug] ssl_engine_io.c(1882): OpenSSL: read 5/5 byte
I have now identified the cause of the issue.
When using mod_auth_kerb with MIT krb5 v1.6.x it works perfectly
with krb5 1.7 and 1.7.1 same.
However, I get this "GSS-API major_status:000d0000,
minor_status:000186a3" error whenever I use MIT 1.8.x kerberos
libraries (tested with 1.8.1 and 1.8.3)
Not sure what can be done from there...
JY
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
