f



Subject: Help needed on "Server not found in Kerberos Database" while using "mod_auth_kerb+Apache"

Hi,
	My Kerberos Setup is as follows-

Kerberos v5 Server- example.domain.com   (Linux Box)
Kerberos Realm- EXAMPLE.COM
Registered User on Kerberos realm- test@EXAMPLE.COM

Apache Server(with mod_auth_kerb) can be accessed as: 
http://apache.domain.com  (Linux Box)

Now I have added a principal name- HTTP/apache.domain.com@EXAMPLE.COM
using the addprinc command. I have generated a keytab file for this
principal (using ktadd) and then transferred it to the Apache
Server(apache.domain.com). I have pointed to this keytab file in
..htaccess file.

Now when I try to access APACHE.DOMAIN.COM:80 through a browser(IE)
running on my desktop say  CLIENT1.DOMAIN.COM, and give the proper
user credentials...it doesnt authenticate. When I look this up in the
Kerberos log file (krb5kdc.log) it gives the following messages...for
the event-

Jul 08 18:52:34 example.domain.com krb5kdc[9797](info): AS_REQ (6
etypes {18 16 23 1 3 2}) 192.168.200.27: ISSUE: authtime 1089292954,
etypes {rep=16 tkt=16 ses=16}, test@EXAMPLE.COM for
krbtgt/EXAMPLE.COM@EXAMPLE.COM
Jul 08 18:52:34 example.domain.com krb5kdc[9797](info): TGS_REQ (6
etypes {18 16 23 1 3 2}) 192.168.200.27: UNKNOWN_SERVER: authtime
1089292954,  test@EXAMPLE.COM for krbtgt/REALM1.COM@EXAMPLE.COM,
Server not found in Kerberos database
Jul 08 18:52:34 example.domain.com krb5kdc[9797](info): TGS_REQ (6
etypes {18 16 23 1 3 2}) 192.168.200.27: UNKNOWN_SERVER: authtime
1089292954,  test@EXAMPLE.COM for krbtgt/COM@EXAMPLE.COM, Server not
found in Kerberos database



In the above data-
1. test@EXAMPLE.COM is the registered user.
2. 192.168.200.27(apache.domain.com) is the Apache server machine
which is the registered to the KDC as an service principal
(HTTP/apache.domain.com@EXAMPLE.COM)
3. The client machine (CLIENT1.DOMAIN.COM) running Internet Explorer
is not getting logged into kerberose log. The client is running
Windows 2000.
4. The htaccess has the following details:
AuthName "Kerberos Login"
AuthType Kerberos
Krb5Keytab /usr/krb5/Apache2/apache.keytab
KrbServiceName HTTP
KrbAuthRealm EXAMPLE.COM
KrbMethodNegotiate on
KrbAuthoritative on
KrbSaveCredentials off
KrbVerifyKDC on
Require valid-user


Can anyone please throw some light on this...
0
keshavhs (2)
7/8/2004 3:20:32 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
1186 Views

Similar Articles

[PageSpeed] 11
See related articles to this posting


Reply: