Hi, currently I have Kerberos running (MIT). When I'm trying this command in the console:
kinit user@server I become a prompt with my password and this works! But when I'm trying this with my IE 8 (on XP) this error occures: kerb_authenticate_user entered with user (NULL) and auth_type I am at my wit's end! I hope you can help me ####################### My error-log: ------------ [Tue Jun 14 14:52:38 2011] [debug] src/mod_auth_kerb.c(1628): [client xxx.xx.xxx.xx] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Tue Jun 14 14:52:38 2011] [debug] src/mod_auth_kerb.c(1628): [client xxx.xx.xxx.xx] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Tue Jun 14 14:52:38 2011] [debug] src/mod_auth_kerb.c(1240): [client xxx.xx.xxx.xx] Acquiring creds for HTTP@MYSERVER [Tue Jun 14 14:52:38 2011] [debug] src/mod_auth_kerb.c(1385): [client xxx.xx.xxx.xx] Verifying client data using KRB5 GSS-API [Tue Jun 14 14:52:38 2011] [debug] src/mod_auth_kerb.c(1401): [client xxx.xx.xxx.xx] Client didn't delegate us their credential [Tue Jun 14 14:52:38 2011] [debug] src/mod_auth_kerb.c(1429): [client xxx.xx.xxx.xx] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration. [Tue Jun 14 14:52:38 2011] [debug] src/mod_auth_kerb.c(1101): [client xxx.xx.xxx.xx] GSS-API major_status:00090000, minor_status:00000000 [Tue Jun 14 14:52:38 2011] [error] [client xxx.xx.xxx.xx] gss_accept_sec_context() failed: Invalid token was supplied (, No error) This is my Envirement: ---------------------- - Windows Server 2008 RC2 with the Active Director - Linux version 2.6.18-92.el5 ([email protected]) (gcc version 4.1.2 20071124 (Red Hat 4.1.2-41)) Kerberos Versions: ------------------ krb5-devel-1.6.1-25.el5 krb5-libs-1.6.1-25.el5 krb5-workstation-1.6.1-25.el5 pam_krb5-2.2.14-1 krb5-libs-1.6.1-25.el5 pam_krb5-2.2.14-1 krb5-devel-1.6.1-25.el5 My httpd.conf File: ------------------ .... <Directory "/var/www/html/BUSINESS/SSO"> AuthType Kerberos AuthName "Kerberos Login" KrbServiceName HTTP KrbMethodNegotiate on KrbMethodK5Passwd on KrbAuthoritative on KrbAuthRealms MYSERVER KrbVerifyKDC off Krb5Keytab /etc/httpd/conf/mykeytab.keytab KrbSaveCredentials on require valid-user </Directory> ... My krb5.conf File: ------------------ [logging] default = FILE:/var/www/logs/krb5libs.log kdc = FILE:/var/www/logs/krb5kdc.log admin_server = FILE:/var/www/logs/kadmind.log [libdefaults] default_realm = MYSERVER forwardable = true proxiable = true default_keytab_name= FILE:/etc/httpd/conf/mykeytab.keytab [realms] MYSERVER = { kdc = test01. MYSERVER kdc = test02.MYSERVER master_kdc = MYSERVER default_domain = MYSERVER } [domain_realm] name = MYSERVER [appdefaults] pam = { debug = true ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = true } Thanks for your help Best regards Riccardo ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
