Here is my setup... I have a Windows 2003 DC running active directory (dc.domain.com) I have a Linux Apache web server that I wish to allow access to. (apache.domain.com) I have installed mod_auth_kerb
I found an excellent tutorial here: http://www.grolmsnet.de/kerbtut/ which I followed, but keep running into the same problem. Here is my /etc/krb5.conf file: [libdefaults] default_realm = DOMAIN.COM [domain_realm] apache.domain.com = DOMAIN.COM [realms] DOMAIN.COM = { admin_server = dc.domain.com kdc = dc.domain.com } Then, if I run kinit [email protected]<mailto:[email protected]> I get asked for my domain password which I enter. I then run klist and get: Default principal: [email protected]<mailto:[email protected]> Service principal: krbtgt/[email protected]<mailto:krbtgt/[email protected]> Is this correct?? I then generate my keytab: C:\>ktpass -princ HTTP/[email protected] -mapuser apachea -crypto rc4-hmac-nt -ptype KRB5_NT_SRV_HST -pass longlongpassword -out c:\temp\apache.keytab This has been copied to apache at /etc/krb5.keytab. The file is world readable, so apache should be able to read it no problem. I then test my keytabfile: kinit -k -t /etc/krb5.keytab HTTP/apache.domain.com and get kinit(v5): Client not found in Kerberos database while getting initial credentials I can't get past this bit! Any ideas where I can look? Additionally, I have used kerbtray.exe to check my tickets when I logon. I seem to get 2 as follows: DOMAIN.COM |_ host/dc.jackwills.com |_ krbtgt/DOMAIN.COM I would appreciate any help that you guys can provide... Jon This email and its attachments are confidential and are intended solely for the use of the individual(s) or entity to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of "Jack Wills Ltd". If you are not the intended recipient of this email and its attachments, you must take no action based upon them, nor must you copy or show them to anyone. Please contact the sender if you believe you have received this email in error. This footnote also confirms that this email message has been swept for the presence of computer viruses, but does not warrant that the message is virus free. Jack Wills Ltd (3504842 England) Registered Offices: 22 Fore Street Salcombe TQ8 8ET ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
