Hi there. I'm having a great deal of trouble getting mod_auth_kerb working on a FreeBSD 8.1 box.
I've had no issue setting other machines to use kerberos, but not with this one. With no active ticket on the client, as expected I get a 401 error. However, with an active kerberos ticket ; the page loads and loads forever, and in the apache log I see: [Fri Sep 17 10:56:54 2010] [info] Subsequent (No.22) HTTPS request received for child 6 (server svn.domain.com:443) [Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1638): [client XX.XX.XX.XX] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1250): [client XX.XX.XX.XX] Acquiring creds for h...@svn.domain.com [Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1395): [client XX.XX.XX.XX] Verifying client data using KRB5 GSS-API [Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1411): [client XX.XX.XX.XX] Client didn't delegate us their credential [Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1430): [client XX.XX.XX.XX] GSS-API token of length 9 bytes will be sent back [Fri Sep 17 10:56:54 2010] [debug] src/mod_auth_kerb.c(1111): [client XX.XX.XX.XX] GSS-API major_status:000d0000, minor_status:000186a3 [Fri Sep 17 10:56:54 2010] [error] [client XX.XX.XX.XX] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, ) I couldn't find references to GSS-API major_status:000d0000, minor_status:000186a3 Googling usually shows people have extra information at the end, which can help troubleshooting the problem. Working using the keytab, kinit etc.. from the command line, works fine.. I know this is likely specific to apache's mod_auth_kerb; however those errors are MIT Kerberos ones .. Thank you Jean-Yves ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
