Exactly, I did the same.. but the errors still persists..I will today try and let you know what about this..
Thanks, Nikhil On 10/1/05, Markus Moeller <[EMAIL PROTECTED]> wrote: > > In your krb5 config you use > sx86qa2.hyd.de.com <http://sx86qa2.hyd.de.com> = DE.COM <http://DE.COM> > but the server wants deshaw.com <http://deshaw.com> not de.com<http://de.com>! > HTTP/[EMAIL PROTECTED] > > You need an entry for hyd.deshaw.com <http://hyd.deshaw.com> in your > config file or change your > hostname to hyd.de.com <http://hyd.de.com>. Also which key is in your > keytab ? > Can you do a kinit -k -t keytab_file > HTTP/[EMAIL PROTECTED] > or kinit -k -t keytab_file HTTP/[EMAIL PROTECTED] ? > > Regards > Markus > > <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Hi > > > > I am running Apache(2.0.52) on Sol-10 (x86). and am using mod_auth_kerb > > for kerberos authentication.. > > > > I have correctly generated the keytab file for the host following the > > details at http://www.grolmsnet.de/kerbtut/. > > but at seeing the logs, it shows me that Apache/mod_auth_kerb is > > getting creds for differnet principal instead of mentioned in the > > /etc/krb5/krb5.conf.. > > What could be wrong here .. > > > > my /etc/krb5/krb5.conf > > =========== > > [EMAIL PROTECTED]:/etc/apache2> cat /etc/krb5/krb5.conf > > # > > # Copyright 2004 Sun Microsystems, Inc. All rights reserved. > > # Use is subject to license terms. > > # > > # ident "@(#)krb5.conf 1.3 04/03/25 SMI" > > # > > > > # krb5.conf template > > # In order to complete this configuration file > > # you will need to replace the __<name>__ placeholders > > # with appropriate values for your network. > > # > > [libdefaults] > > default_realm = DE.COM <http://DE.COM> > > > > [realms] > > DESHAW.COM <http://DESHAW.COM> = { > > kdc = dchyd1.hyd.de.com <http://dchyd1.hyd.de.com> > > admin_server = dchyd1.hyd.de.com <http://dchyd1.hyd.de.com> > > } > > > > [domain_realm] > > sx86qa2.hyd.de.com <http://sx86qa2.hyd.de.com> = DE.COM <http://DE.COM> > > > > [logging] > > default = FILE:/var/krb5/kdc.log > > kdc = FILE:/var/krb5/kdc.log > > > > > > ========================= > > Logs in the apache at / > > > > [EMAIL PROTECTED]:/etc/apache2> sudo tail -f /var/apache2/logs/error_log > > [Fri Sep 30 13:03:04 2005] [debug] src/mod_auth_kerb.c(1322): [client > > 149.77.165.65 <http://149.77.165.65>] kerb_authenticate_user entered > with user (NULL) and > > auth_type Kerberos > > [Fri Sep 30 13:03:04 2005] [debug] src/mod_auth_kerb.c(1023): [client > > 149.77.165.65 <http://149.77.165.65>] Acquiring creds for > > HTTP/[EMAIL PROTECTED] > > [Fri Sep 30 13:03:04 2005] [error] [client > > 149.77.165.65<http://149.77.165.65> > ] > > gss_acquire_cred() failed: Miscellaneous failure (No principal in > > keytab matches desired name) > > > > > > Instead of DE.COM <http://DE.COM>, it is going for HYD.DE.COM..it is > confusing me.. > > can someone please throw light on this and possibly direct me to the > > correct answer ? > > > > Regards, > > Nikhil > > > > ________________________________________________ > > Kerberos mailing list Kerberos@mit.edu > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > -- Nikhil Google is Great ! ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos