[32938] in Kerberos
mod_auth_kerb roblem
daemon@ATHENA.MIT.EDU (Ben Kwint)
Mon Nov 29 16:54:01 2010
From: Ben Kwint <benkwint@gmail.com>
Date: Thu, 25 Nov 2010 00:03:49 -0800 (PST)
Message-ID: <29317584-7d58-45f3-adaa-3f341d417c62@z9g2000yqz.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
a while ago I got the assignment from my manager to start testing with
kerberos to be able to implement it into one of our websites.
Our clients are going to supply the kdc for us, so we actually don't
have to worry to much about that. The only thing is we want to test it
before we start working with it.
Yesterday I set up a kerberos KDC on my kubuntu linux machine. And it
seems to work.
When I do kinit -A test and enter the password for that user and do
klist I see that I did get a ticket
klist output:
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: test@LOCAL.NETWORK
Valid starting Expires Service principal
11/25/10 08:20:55 11/25/10 18:20:55 krbtgt/
LOCAL.NETWORK@LOCAL.NETWORK
renew until 11/26/10 08:20:53
So that part seems to work. Btw I used this tutorial to setup my kdc:
http://community.jboss.org/wiki/SettingupyourKerberosDevelopmentEnvironment
After that I installed apache on the same machine to test
mod_auth_kerb. Installed mod_auth_kerb module on the apache machine
and set up the following .htaccess file
AuthType Kerberos
AuthName "Kerberos Login"
KrbVerifyKDC off
KrbMethodK5Passwd off
#KrbServiceName server
### Krb5Keytab /etc/krb5.keytab.apache
KrbAuthRealms LOCAL.NETWORK
require valid-user
I tested all kinds of different setups of my .htaccess file
My apache server does not show any errors but when I look at the
mozilla error log I see this:
-1216447824[b7517060]: using REQ_DELEGATE
-1216447824[b7517060]: service = local.network
-1216447824[b7517060]: using negotiate-gss
-1216447824[b7517060]: entering nsAuthGSSAPI::nsAuthGSSAPI()
-1216447824[b7517060]: Attempting to load gss functions
-1216447824[b7517060]: entering nsAuthGSSAPI::Init()
-1216447824[b7517060]:
nsHttpNegotiateAuth::GenerateCredentials_1_9_2() [challenge=Negotiate]
-1216447824[b7517060]: entering nsAuthGSSAPI::GetNextToken()
-1216447824[b7517060]: gss_init_sec_context() failed: Unspecified GSS
failure. Minor code may provide more information
-1216447824[b7517060]: leaving nsAuthGSSAPI::GetNextToken
[rv=80004005]
Any idea what might be causing this error?
Any help would be greatly appreciated. If someone knows any public kdc
which you can use to test stuff it would be even better, Then I could
forget all about installing my own kdc.
So what I basically want is to be able to install an entire test setup
on 1 machine. Is this possible?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
