Hi, i have a problem with my SLES11SP1 Webserver. I want to use the Kerberos authentication for SingleSignOn between my Windows ADS, Windows Client and Linux Webserver. I have the /etc/krb5.conf configured and pushed the Kerberos Ticket from my Windows ADS on the Linux Webserver. I also protected my DocumentRoot with a .htaccess file. Now i want to access the webserver and get a 401 error message. In the http trace i can't see the entry "WWW-Authenticate: Negotiate" in the header. A look into a functioning server errorlog shows me the following: [Tue Aug 16 10:23:18 2011] [debug] src/mod_auth_kerb.c(1277): [client 10.43.2.33] Acquiring creds for [email protected] [Tue Aug 16 10:23:18 2011] [debug] src/mod_auth_kerb.c(1424): [client 10.43.2.33] Verifying client data using KRB5 GSS-API [Tue Aug 16 10:23:18 2011] [debug] src/mod_auth_kerb.c(1440): [client 10.43.2.33] Client didn't delegate us their credential [Tue Aug 16 10:23:18 2011] [debug] src/mod_auth_kerb.c(1459): [client 10.43.2.33] GSS-API token of length 161 bytes will be sent back [Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1667): [client 10.43.2.33] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1667): [client 10.43.2.33] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1277): [client 10.43.2.33] Acquiring creds for [email protected] [Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1424): [client 10.43.2.33] Verifying client data using KRB5 GSS-API [Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1440): [client 10.43.2.33] Client didn't delegate us their credential [Tue Aug 16 10:38:08 2011] [debug] src/mod_auth_kerb.c(1459): [client 10.43.2.33] GSS-API token of length 161 bytes will be sent back
The errorlog of the faulty server is empty. Only in the access log I see one 401 messages: 10.43.2.33 - - [16/Aug/2011:10:47:12 +0200] "GET / HTTP/1.1" 401 1432 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.18) Gecko/20110614 BTRS28059 Firefox/3.6.18" It looks as if the Kerberos module is not used by the Apache. Dirk Westdeutsche Lotterie GmbH & Co. OHG | Sitz: Münster Registergericht: Amtsgericht Münster Handelsregister: Münster HRA 4379 Geschäftsführer: Theodor Goßner Vorsitzender des Beirates: Michael Stölting Gesellschafter: Nordwestlotto in Nordrhein-Westfalen GmbH | Sitz: Münster Registergericht: Amtsgericht Münster Handelsregister: HRB 3840 Geschäftsführer: Theodor Goßner NRW.BANK | Sitz: Düsseldorf und Münster Rechtsform: Anstalt des öffentlichen Rechts Registergerichte: Amtsgerichte Düsseldorf/Münster Handelsregister: Düsseldorf HRA 15277/Münster HRA 5300 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
