Hi,
We have configured SSO using Kerberos v5 with Apache Http Server. The keytab which being created is of encryption type - DES-CBC-MD5 We are currently facing issue with Automatic authentication using LDAP; the SSO was implemented properly and deployed successfully. But without any configuration changes on server where apache and Kerberos are deployed, SSO is failing to login automatically. We checked the logs of and found one difference - During working time of SSO the log was updated with following details - kerb_authenticate_user entered with user (NULL) and auth_type Kerberos Acquiring creds for HTTP/[email protected] Verifying client data using SPNEGO GSS-API Verification returned code 0 GSS-API token of length 161 bytes will be sent back Currently log is updated with following trace - kerb_authenticate_user entered with user (NULL) and auth_type Kerberos Acquiring creds for HTTP/[email protected] Verifying client data using KRB5 GSS-API Verification returned code 65536 Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration. gss_accept_sec_context() failed: An unsupported mechanism was requested (Unknown error) Is it the issue occurred since the encryption from browser is different ? We also tested kinit command for specific username under the domain XXX.XXX.COM and kinit is executed successfully. Can you please advise us to resolve this issue ? Thanks and Regards, Sanket This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
