On 8 February 2011 09:36, Jean-Yves Avenard <[email protected]> wrote: > Now if fails somewhere else ; and on the web server I see: > [Tue Feb 08 09:13:29 2011] [error] [client 1.2.3.4] gss_acquire_cred() > failed: Unspecified GSS failure. Minor code may provide more > information (, No key table entry found for > HTTP/[email protected]) > > So it would seem the keytab on the web server running mod_auth_kerb > will also need a realm created on the new MEL.DOMAIN.COM kdc ..
I found the reasoning behind this one. In the /etc/krb5.conf I had: Ah , as I was writing this I came with another idea ; in /etc/krb5.conf I had: [domain_realm] .domain.com = M.DOMAIN.COM domain.com = M.DOMAIN.COM .mel.domain.com = MEL.DOMAIN.COM And sure enough, removing that last line ; error in apache logs are gone, and it doesn't try to use HTTP/[email protected] anymore. It still fails (with either Unspecified GSS failure. Minor code may provide more information (, Decrypt integrity check failed) ; or Unspecified GSS failure. Minor code may provide more information (, Wrong principal in request) ; but I'm progressing. I'm now unsure if the remaining error is only related to mod_auth_kerb or kerberos in general. Thank you all for your help.. Made lots of progress today Jean-Yves ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
