LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Mandriva (http://www.linuxquestions.org/questions/mandriva-30/)
-   -   Q: apache and kerberos (http://www.linuxquestions.org/questions/mandriva-30/q-apache-and-kerberos-207425/)

roger.wernersso 07-20-2004 10:04 AM

Q: apache and kerberos
 
Hello list, I'm new here. I need some help.

Problem:
--------

I've got a problem with invalid commands when I start Apache (apachectl start). I get the following reply:

Starting httpd2: [Tue Jul 20 12:26:13 2004] [warn] module auth_kerb_module is already loaded, skipping
Syntax error on line 20 of /etc/httpd/conf.d/11_mod_auth_kerb.conf:
Invalid command 'KrbMethodNegotiate', perhaps mis-spelled or defined by a module not included in the server configuration
[FAILED]

What am I doing wrong? What do I do to enable the Krb* commands?

Background:
-----------

Yes, I'm deliberately trying to load the module twice, just to make sure I'm actually loading it. :-)

I searched through the forum archives, plus searched Google for a couple of hours. I think it's a Mandrake-Apache-Kerberos problem, not Apache specific, not Kerberos specific, but something to do with Apache using Kerberos on Mandrake.

I run Linux on i386, Mandrake 10 to be precise. I've installed the following RPMs:
apache2-mod_auth_kerb-2.0.47_5.0-0.2mdk
apache2-common-2.0.47-6mdk
apache2-modules-2.0.47-6mdk
apache2-mod_ssl-2.0.47-6mdk
apache2-2.0.47-6mdk
apache-conf-2.0.47-8mdk
apache2-manual-2.0.47-6mdk

They are actually from Mandrake 9.2, as 10 comes with Apache 2.0.48 without mod_auth_kerb.

Now, I've added the following to /etc/httpd/conf.d/11_mod_auth_kerb.conf, just to get started:

<Directory "/var/www/cgi-bin/https">
AllowOverride Limit AuthConfig Options
Options ExecCGI
SSLOptions +StdEnvVars
AllowOverride None
Options None
Order allow,deny
Allow from all
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate off
KrbAuthoritative on
KrbVerifyKDC off
KrbAuthRealm QUBESOFT.COM
Krb5Keytab /etc/httpd/auth/apache.keytab
KrbSaveCredentials off
<Limit GET POST>
require valid-user
</Limit>
</Directory>

I've got Kerberos running since before. Kinit and the rest works.

Regards
Roger Wernersson

roger.wernersso 07-20-2004 10:42 AM

Answering my own post:

By putting comments on some of the keywords I can actually make it run. The following keyworkds doesn't work:
KrbMethodNegotiate
KrbAuthoritative
KrbVerifyKDC
Krb5Keytab

The following actually does:
KrbAuthRealm
KrbSaveCredentials

Moving on to other things now. Working out exactly why some keywords doesn't work, and how to set the values anyway, will have to wait.


All times are GMT -5. The time now is 11:55 PM.