Bonjour Vlad et Richard ! I follow your instructions but now, I have a new error in logs : gss_accept_sec_context() failed: Invalid token was supplied (No error)
And my site returns a 401 error AUTHORIZATION REQUIRED. What is missing ? Thanks again. Nicolas. 2010/6/14 Richard E. Silverman <r...@qoxp.net> > >>>>> "Vlad" == Vlad <vladis...@gmail.com> writes: > > Vlad> Nicolas, The reason you are getting this message is because the > Vlad> mod_auth_kerb could not find the entry that matches your server > Vlad> name in the keytab, you have to set it using KrbServiceName > Vlad> directive like this: > > > Vlad> KrbServiceName HTTP/domai...@domain.fr > > Or you can use "KrbServiceName Any", but this will only help if name > services are configured such that clients will get matching tickets to > begin with. > > Vlad> Vlad > > > > Vlad> On Jun 14, 5:04 am, Nicolas Jaunet <nicolas.jau...@gmail.com> > wrote: > >> Hi ! > >> > >> I installed mod_auth_kerb on my debian server and create a keytab > >> to authenticate thanks to kerberos on a web site with apache > >> tomcat. I created a user in my kdc. To check I did that : > >> > >> debian-server# klist -k krb5.keytab Keytab name: FILE:krb5.keytab > >> KVNO Principal ---- > >> > -------------------------------------------------------------------------- > >> 3 HTTP/domain...@domain.fr > >> > >> And the file /etc/apache2/kerberos.conf : > >> > >> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on > >> KrbVerifyKDC off KrbMethodK5Passwd off KrbAuthRealms DOMAIN.FR > >> Krb5KeyTab /etc/apache2/krb5.keytab require valid-user > >> > >> When I try to connect my web site withhttp://domain.fr I have a 500 > >> Internal Server Error and the error.log file show me this error : > >> > >> gss_acquire_cred() failed: Unspecified GSS failure. Minor code may > >> provide more information (No principal in keytab matches desired > >> name) > >> > >> Someone can help me ? Thanks. > > > -- > Richard Silverman > r...@qoxp.net > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos