LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   apache and kerberos (http://www.linuxquestions.org/questions/linux-server-73/apache-and-kerberos-627985/)

zerocool22 03-14-2008 04:41 AM

apache and kerberos
 
Hey i am trying to authenticate my apache to active directory true kerberos. But i keep getting this error in my apache logs:
krb5_get_init_creds_password() failed: Cannot find KDC for requested realm

however everything seems to be awright in my opinion can someone take a look.

httpd.conf looks like this
--------------------------
<Directory /home/vanessa/>
Options FollowSymLinks
AllowOverride None
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms SERVER.EXAMPLE.COM
Krb5KeyTab /etc/temp/auth_kerb.keytab
require valid-user
</Directory>

/etc/temp/auth_kerb.keytab looks like this
---------------------------
HTTP/SERVER.EXAMPLE.COM@EXAMPLE.COM



krb5.conf looks like this
--------------------------
[libdefaults]
ticket_lifetime = 24000
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
EXAMPLE.COM = {
kdc = SERVER.EXAMPLE.COM:88
}

[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

____________________________________
Then i try localhost/vanessa a popup appears where i need to type in credentials from active directory, i pass them in correctly. and then it pops up again and again and again and again. Then i viewed the apache error logs==>
krb5_get_init_creds_password() failed: Cannot find KDC for requested realm

Help?

San-Raal 08-06-2009 09:53 AM

Hey there did you get this one to work? Having similiar issues but am outa steam too, so just browsin' old threads :-)...

Basically your apache is saying, that it can't find any KDC(your domain controller), so the authentication is failing.

Perhaps, did you try to authenticate using
Code:

kinit -k
or
Code:

kinit someuser@EXAMPLE.COM
to check if the kerberos authentication is working? In your case,
Code:

kinit -k HTTP/SERVER.EXAMPLE.COM@EXAMPLE.COM
should probably work too... but I think the fqdn name in keytab(SERVER.EXAMPLE.COM) should match the DNS, which is probably lower-case (server.example.com).


All times are GMT -5. The time now is 07:23 AM.