Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 03-14-2008, 05:41 AM   #1
Registered: Feb 2008
Posts: 95

Rep: Reputation: 15
apache and kerberos

Hey i am trying to authenticate my apache to active directory true kerberos. But i keep getting this error in my apache logs:
krb5_get_init_creds_password() failed: Cannot find KDC for requested realm

however everything seems to be awright in my opinion can someone take a look.

httpd.conf looks like this
<Directory /home/vanessa/>
Options FollowSymLinks
AllowOverride None
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd On
Krb5KeyTab /etc/temp/auth_kerb.keytab
require valid-user

/etc/temp/auth_kerb.keytab looks like this

krb5.conf looks like this
ticket_lifetime = 24000
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false


[domain_realm] = EXAMPLE.COM = EXAMPLE.COM

pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false

Then i try localhost/vanessa a popup appears where i need to type in credentials from active directory, i pass them in correctly. and then it pops up again and again and again and again. Then i viewed the apache error logs==>
krb5_get_init_creds_password() failed: Cannot find KDC for requested realm

Old 08-06-2009, 10:53 AM   #2
LQ Newbie
Registered: Apr 2008
Distribution: debian, redhat el4
Posts: 18

Rep: Reputation: 0
Hey there did you get this one to work? Having similiar issues but am outa steam too, so just browsin' old threads :-)...

Basically your apache is saying, that it can't find any KDC(your domain controller), so the authentication is failing.

Perhaps, did you try to authenticate using
kinit -k
kinit someuser@EXAMPLE.COM
to check if the kerberos authentication is working? In your case,
should probably work too... but I think the fqdn name in keytab(SERVER.EXAMPLE.COM) should match the DNS, which is probably lower-case (


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache+PHP+PostgreSQL+Kerberos+Windows 2000 AD Automagic logon slacky Linux - Security 1 06-28-2005 01:13 PM
Kerberos 5 1.4.1 Kenji Miyamoto Slackware 1 05-24-2005 08:11 PM
Kerberos Krizzc Slackware 0 10-21-2004 08:10 AM
Q: apache and kerberos roger.wernersso Mandriva 1 07-20-2004 11:42 AM
Kerberos V5 integrated to Apache on linux easwaranvp Linux - Security 1 07-01-2004 05:04 PM

All times are GMT -5. The time now is 09:18 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration