Hi.
I'm trying to use krb authentication on linux box with apache. I've done the following on W2K3 PDC: ktpass -princ host/[email protected] -pass qwerty -mapuser D\web_http -out host.keytab -ptype KRB5_NT_SRV_HST -kvno 1 Successfully mapped host/[email protected] to web_http. WARNING: pType and account type do not match. This might cause problems. Key created. Output keytab to host.keytab: Keytab version: 0x502 keysize 75 host/web.company.ru ptype 3 (KRB5_NT_SRV_HST) vn o 1 etype 0x17 (RC4-HMAC) keylength 16 (0xeddf60686996d8ba2d81cfd15da42bd3) the same for ktpass -princ HTTP/[email protected] -pass qwerty -mapuser D\web_http -out http.keytab -kvno 1 and then setspn.exe -A HTTP/web.company.ru web after that I made several steps on linux box making a keytab for apache, and trying to test: ktutil: read_kt host.keytab ktutil: read_kt http.keytab ktutil: list slot KVNO Principal ---- ---- ------------------------------------ 1 1 host/[email protected] 2 1 HTTP/[email protected] ktutil: write_kt apache.keytab kinit -t apache.keytab -k HTTP/[email protected] # IT'S OK! kinit -t apache.keytab -k host/[email protected] kinit(v5): Client not found in Kerberos database while getting initial credentials Ethereal told that krb5kdc_err_s_principal_unknown. Where I'm wrong? -- Vitaly.
smime.p7s
Description: S/MIME cryptographic signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
