#1  
Old 15th April 2011, 11:29
alex123 alex123 is offline
Junior Member
 
Join Date: Nov 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Kerberos

Hi,
I am trying to set up Kerberos authentication for a website hosted on Apache 2 on Debian linux.

I have installed the apache module libapache2-mod-auth-kerb but I am getting the following error in apache:

[Thu Apr 14 16:53:49 2011] [error] [client 10.0.0.153] gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information (, Key table file '/etc/krb5.keytab' not found)

How do I go about creating the keytab file it is looking for?

What is it suppose to contain?

From what I have read I am suppose to use the `ktpass` tool to create it but this command does not work on my server it says `command not found`.

Thanks
Reply With Quote
Sponsored Links
  #2  
Old 16th April 2011, 07:47
tusshar tusshar is offline
Junior Member
 
Join Date: May 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
 
Post Try This

To begin setting up a KDC, ensure that your /etc/rc.conf file contains the correct settings to act as a KDC (you may need to adjust paths to reflect your own system):
kerberos5_server_enable="YES"
kadmind5_server_enable="YES"

Next we will set up your Kerberos config file, /etc/krb5.conf:
[libdefaults]
default_realm = EXAMPLE.ORG
[realms]
EXAMPLE.ORG = {
kdc = kerberos.example.org
admin_server = kerberos.example.org
}
[domain_realm]
.example.org = EXAMPLE.ORG
Note that this /etc/krb5.conf file implies that your KDC will have the fully-qualified hostname of kerberos.example.org. You will need to add a CNAME (alias) entry to your zone file
to accomplish this if your KDC has a different hostname.
[libdefaults]
default_realm = EXAMPLE.ORG
_kerberos._udp IN SRV 01 00 88 kerberos.example.org.
_kerberos._tcp IN SRV 01 00 88 kerberos.example.org.
_kpasswd._udp IN SRV 01 00 464 kerberos.example.org.
_kerberos-adm._tcp IN SRV 01 00 749 kerberos.example.org.
_kerberos IN TXT EXAMPLE.ORG

After installing the /etc/krb5.conf file, you can use kadmin from the Kerberos server. The add --random-key command will let you add the server's host principal,
and the ext command will allow you to extract the server's host principal to its own keytab.For example:
# kadmin
kadmin> add --random-key host/myserver.example.org
Max ticket life [unlimited]:
Max renewable life [unlimited]:
Attributes []:
kadmin> ext host/myserver.example.org
kadmin> exit


The rc.conf must also be modified to contain the following configuration:
kerberos5_server="/usr/local/sbin/krb5kdc"
kadmind5_server="/usr/local/sbin/kadmind"
kerberos5_server_enable="YES"
kadmind5_server_enable="YES
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rsync auto login and schedule sync dalitso HOWTO-Related Questions 5 20th March 2011 17:40
Ubuntu 9.04 Samba Server Integrated With Active Directory brandonedmunds HOWTO-Related Questions 0 8th September 2009 16:32
Help with Kerberos / Active Directory jmaldrich Installation/Configuration 0 23rd February 2009 17:55
proftpd 500 AUTH and KERBEROS error ?? soroccoheaven Server Operation 2 25th September 2007 20:49
ISPConfig and Kerberos brian8568 Installation/Configuration 1 27th December 2006 20:26


All times are GMT +2. The time now is 02:06.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.