HI! I'm trying to test mod_auth_kerb-5.4 built with MIT libs 1.6.3 for SPNEGO/Kerberos working with MS AD W2K3SP1. My ultimate goal is to receive a forwardable ticket (env var KRB5CCNAME) and use that for LDAP SASL/GSSAPI bind to AD. The service account in AD is AFAICS properly initialized.
The web browser is Seamonkey and it already sends the Authorization: Negotiate YIIE0AYGKwYBBQ[..] in the HTTP request. But it does not work. I don't get authorized HTTP access. In Apache's error_log I find: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, Decrypt integrity check failed) Any clue here? Many thanks in advance. Ciao, Michael. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos