Nicolas, The reason you are getting this message is because the mod_auth_kerb could not find the entry that matches your server name in the keytab, you have to set it using KrbServiceName directive like this:
KrbServiceName HTTP/[email protected] Vlad On Jun 14, 5:04 am, Nicolas Jaunet <[email protected]> wrote: > Hi ! > > I installed mod_auth_kerb on my debian server and create a keytab to > authenticate thanks to kerberos on a web site with apache tomcat. > I created a user in my kdc. > To check I did that : > > debian-server# klist -k krb5.keytab > Keytab name: FILE:krb5.keytab > KVNO Principal > ---- > -------------------------------------------------------------------------- > 3 HTTP/[email protected] > > And the file /etc/apache2/kerberos.conf : > > AuthType Kerberos > AuthName "Kerberos Login" > KrbMethodNegotiate on > KrbVerifyKDC off > KrbMethodK5Passwd off > KrbAuthRealms DOMAIN.FR > Krb5KeyTab /etc/apache2/krb5.keytab > require valid-user > > When I try to connect my web site withhttp://domain.fr > I have a 500 Internal Server Error and the error.log file show me this error > : > > gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide > more information (No principal in keytab matches desired name) > > Someone can help me ? > Thanks. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
