I'm running Ubuntu 11.10, using from the package
Code:
libapache2-mod-auth-kerb
.
When trying to access a page using SSO, i get errors. The killer is that it worked last week, and I don't remember changing anything that had to do with Kerberos.
Here is the output in Apache's error.log when I try to view a page:
Code:
[Tue May 29 14:04:39 2012] [debug] src/mod_auth_kerb.c(1628): [client 172.16.0.139] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Tue May 29 14:04:39 2012] [debug] mod_deflate.c(615): [client 172.16.0.139] Zlib: Compressed 478 to 322 : URL /
[Tue May 29 14:04:39 2012] [debug] src/mod_auth_kerb.c(1628): [client 172.16.0.139] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Tue May 29 14:04:39 2012] [debug] src/mod_auth_kerb.c(1240): [client 172.16.0.139] Acquiring creds for HTTP@srv-monitor
[Tue May 29 14:04:39 2012] [debug] src/mod_auth_kerb.c(1385): [client 172.16.0.139] Verifying client data using KRB5 GSS-API
[Tue May 29 14:04:39 2012] [debug] src/mod_auth_kerb.c(1401): [client 172.16.0.139] Client didn't delegate us their credential
[Tue May 29 14:04:39 2012] [debug] src/mod_auth_kerb.c(1420): [client 172.16.0.139] GSS-API token of length 134 bytes will be sent back
[Tue May 29 14:04:39 2012] [debug] src/mod_auth_kerb.c(1101): [client 172.16.0.139] GSS-API major_status:000d0000, minor_status:000186a4
[Tue May 29 14:04:39 2012] [error] [client 172.16.0.139] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, )
[Tue May 29 14:04:39 2012] [debug] mod_deflate.c(615): [client 172.16.0.139] Zlib: Compressed 478 to 322 : URL /
I loosely followed the guide found here.
The relevant part of my "000-default" configuration is the following:
Code:
ServerAdmin webmaster@localhost
DocumentRoot /usr/local/nagios/share/vshell/
<Directory />
Options Indexes FollowSymLinks MultiViews
Order allow,deny
AllowOverride All
Allow from all
AuthName "Nagios Authentification"
AuthType Kerberos
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms COMPANY.COM
Krb5KeyTab /etc/krb5.keytab
require valid-user
</Directory>
Can anybody PLEASE help me. I'm going nuts.
Bookmarks