Tobias Franzén wrote: > Hi. > > I'm using Cosign version 2.1.0rc1 with Apache 2.2. > > I have Heimdal Kerberos for authN (and have most other user info in > LDAP). Setting the valid start and end properties to different times in > the future and the past and trying to login with Cosign, I get an > Unknown error when the client is not valid. It's the same message when > the client is expired, or not yet valid. (I'm using the default Cosign > template so far.) > > Web Login is Unavailable > Web Login is unavailable due to an internal error. We apologize for any > inconvenience this may cause and are working to restore service as soon > as possible. Please try again later. > Technical Info: Unknown error -1765328383 > > Attempting to get a ticket with kinit results in "Client ([EMAIL PROTECTED]) > expired" or "Client not yet valid - try again later". > I see now that I was in error when I said both gave the same error message. The above error is when the client has expired, and when the client is not yet valid, the error code is -1765328363.
>From http://web.mit.edu/Kerberos/krb5-1.4/krb5-1.4.2/doc/krb5-admin/Kerberos-V5-Library-Error-Codes.html KRB5KDC_ERR_NAME_EXP: Client's entry in database has expired KRB5KDC_ERR_CLIENT_NOTYET: Client not yet valid - try again later This is consistent with the Krb5 error codes I found in my krb5_err.h. /Tobias ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
