-   Linux - Server (
-   -   apache and kerberos (

zerocool22 03-14-2008 04:41 AM

apache and kerberos
Hey i am trying to authenticate my apache to active directory true kerberos. But i keep getting this error in my apache logs:
krb5_get_init_creds_password() failed: Cannot find KDC for requested realm

however everything seems to be awright in my opinion can someone take a look.

httpd.conf looks like this
<Directory /home/vanessa/>
Options FollowSymLinks
AllowOverride None
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd On
Krb5KeyTab /etc/temp/auth_kerb.keytab
require valid-user

/etc/temp/auth_kerb.keytab looks like this

krb5.conf looks like this
ticket_lifetime = 24000
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false


[domain_realm] = EXAMPLE.COM = EXAMPLE.COM

pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false

Then i try localhost/vanessa a popup appears where i need to type in credentials from active directory, i pass them in correctly. and then it pops up again and again and again and again. Then i viewed the apache error logs==>
krb5_get_init_creds_password() failed: Cannot find KDC for requested realm


San-Raal 08-06-2009 09:53 AM

Hey there did you get this one to work? Having similiar issues but am outa steam too, so just browsin' old threads :-)...

Basically your apache is saying, that it can't find any KDC(your domain controller), so the authentication is failing.

Perhaps, did you try to authenticate using

kinit -k

kinit someuser@EXAMPLE.COM
to check if the kerberos authentication is working? In your case,

should probably work too... but I think the fqdn name in keytab(SERVER.EXAMPLE.COM) should match the DNS, which is probably lower-case (

All times are GMT -5. The time now is 04:30 PM.