RE: Prob: failed to verify krb5 credentials: Server not found in Kerb
- From: "Paul Moore" <paul.moore@xxxxxxxxxxxx>
- Date: Tue, 3 Feb 2009 14:14:02 -0800
for sure the port number should not be in the SPN. I didnt even notice
that. I was wondering if there is any principal at all
-----Original Message-----
From: Douglas E. Engert [mailto:deengert@xxxxxxx]
Sent: Tuesday, February 03, 2009 2:13 PM
To: Paul Moore
Cc: slaindevil@xxxxxxxxxxxx; kerberos@xxxxxxx
Subject: Re: Prob: failed to verify krb5 credentials: Server not found
in Kerb
Paul Moore wrote:
is there an AD account with that SPN?
HTTP/wiki.test.lan:8080@xxxxxxxxxxxx
The port number :8080 is usually not part of the principal name.
So the browser may be looking for HTTP/wiki.test.lan@xxxxxxxxxxxx
Directory...
-----Original Message-----
From: kerberos-bounces@xxxxxxx [mailto:kerberos-bounces@xxxxxxx] On
Behalf Of slaindevil@xxxxxxxxxxxx
Sent: Tuesday, February 03, 2009 6:28 AM
To: kerberos@xxxxxxx
Subject: Prob: failed to verify krb5 credentials: Server not found in
Kerb
Hey guys,
I am short before dispairing :(
Maybe someone has time and likes to help me? :)
I am trying to set up kerberos to authenticate a
TWiki running on Unix against an Windows Server 2003 Active
a
I configured the krb5.conf like this:
[logging]
...
[libdefaults]
default_realm = SRV.TEST.LAN
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24000
forwardable = yes
[realms]
SRV.TEST.LAN = {
kdc = location.srv.test.lan:88
admin_server = location.srv.test.lan:749
default_domain = SRV.TEST.LAN
}
[domain_realm]
.test.lan = SRV.TEST.LAN
test.lan = SRV.TEST.LAN
[appdefaults]
pam = {
debug = false
ticket_lifetime = 24000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
When I use "kinit" everything works fine. With every valid login I get
ticket...
Then I created the keytab file, set with a valid user and password for
the service: HTTP/wiki.test.lan:8080@xxxxxxxxxxxx
Leave off the :8080
is
http://wiki.test.lan:8080/bin is the url I type into the browser...
When I use "kinit" with the keytab and HTTP/wiki.test.lan:8080
everything works fine... I get a ticket...
Now I wanna setup the twiki to use kerberos to authenticate with...
The httpd.conf for the "bin" directory at http://wiki.test.lan:8080/
like following:prompts...
Order Deny,Allow
Allow from all
AuthType Kerberos
KrbAuthRealms SRV.TEST.LAN
KrbServiceName HTTP
Krb5Keytab /etc/http.keytab
KrbMethodNegotiate on
KrbMethodK5Passwd on
Require valid-user
When I browse to "http://wiki.srv.lan:8080/bin"; the login box
I enter a valid login, but the box stays...database
In the log it says:
failed to verify krb5 credentials: Server not found in Kerberos
What is wrong? Can someone help me?! :(
Greets,
________________________________________________
Kerberos mailing list Kerberos@xxxxxxx
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@xxxxxxx
https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert@xxxxxxx>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
.
- Prev by Date: Re: Prob: failed to verify krb5 credentials: Server not found in Kerb
- Next by Date: question about MIT Kerberos KDC processing PROXY KDC requests
- Previous by thread: Re: Prob: failed to verify krb5 credentials: Server not found in Kerb
- Next by thread: Help: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (Unknown code krb5 230
- Index(es):
Relevant Pages
|
Loading
