LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-14-2008, 04:41 AM   #1
zerocool22
Member
 
Registered: Feb 2008
Posts: 95

Rep: Reputation: 15
apache and kerberos


Hey i am trying to authenticate my apache to active directory true kerberos. But i keep getting this error in my apache logs:
krb5_get_init_creds_password() failed: Cannot find KDC for requested realm

however everything seems to be awright in my opinion can someone take a look.

httpd.conf looks like this
--------------------------
<Directory /home/vanessa/>
Options FollowSymLinks
AllowOverride None
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms SERVER.EXAMPLE.COM
Krb5KeyTab /etc/temp/auth_kerb.keytab
require valid-user
</Directory>

/etc/temp/auth_kerb.keytab looks like this
---------------------------
HTTP/SERVER.EXAMPLE.COM@EXAMPLE.COM



krb5.conf looks like this
--------------------------
[libdefaults]
ticket_lifetime = 24000
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
EXAMPLE.COM = {
kdc = SERVER.EXAMPLE.COM:88
}

[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

____________________________________
Then i try localhost/vanessa a popup appears where i need to type in credentials from active directory, i pass them in correctly. and then it pops up again and again and again and again. Then i viewed the apache error logs==>
krb5_get_init_creds_password() failed: Cannot find KDC for requested realm

Help?
 
Old 08-06-2009, 09:53 AM   #2
San-Raal
LQ Newbie
 
Registered: Apr 2008
Distribution: debian, redhat el4
Posts: 18

Rep: Reputation: 0
Hey there did you get this one to work? Having similiar issues but am outa steam too, so just browsin' old threads :-)...

Basically your apache is saying, that it can't find any KDC(your domain controller), so the authentication is failing.

Perhaps, did you try to authenticate using
Code:
kinit -k
or
Code:
kinit someuser@EXAMPLE.COM
to check if the kerberos authentication is working? In your case,
Code:
kinit -k HTTP/SERVER.EXAMPLE.COM@EXAMPLE.COM
should probably work too... but I think the fqdn name in keytab(SERVER.EXAMPLE.COM) should match the DNS, which is probably lower-case (server.example.com).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache+PHP+PostgreSQL+Kerberos+Windows 2000 AD Automagic logon slacky Linux - Security 1 06-28-2005 12:13 PM
Kerberos 5 1.4.1 Kenji Miyamoto Slackware 1 05-24-2005 07:11 PM
Kerberos Krizzc Slackware 0 10-21-2004 07:10 AM
Q: apache and kerberos roger.wernersso Mandriva 1 07-20-2004 10:42 AM
Kerberos V5 integrated to Apache on linux easwaranvp Linux - Security 1 07-01-2004 04:04 PM


All times are GMT -5. The time now is 01:49 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration