Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 3rd January 2012, 11:23
bdesmet bdesmet is offline
Junior Member
 
Join Date: Jan 2012
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default Single sign on between apache2 , kerberos and AD 2003

I'm trying to get a Single Sign On system working, but I keep on hitting the same error. Here is a part of the logs:

Code:
 [Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1667): [client 10.29.0.153] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
    [Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1667): [client 10.29.0.153] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
    [Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1277): [client 10.29.0.153] Acquiring creds for HTTP/cognos.predika.be@PREDIKA.BE
    [Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1424): [client 10.29.0.153] Verifying client data using KRB5 GSS-API
    [Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1440): [client 10.29.0.153] Client didn't delegate us their credential
    [Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1468): [client 10.29.0.153] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.
    [Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1138): [client 10.29.0.153] GSS-API major_status:00090000, minor_status:00000000
    [Tue Dec 27 14:34:23 2011] [error] [client 10.29.0.153] gss_accept_sec_context() failed: Invalid token was supplied (, No error)
login via basic auth

Code:
[Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(1667): [client 10.29.0.153] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
    [Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(1025): [client 10.29.0.153] Using HTTP/cognos.predika.be@PREDIKA.BE as server principal for password verification
    [Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(714): [client 10.29.0.153] Trying to get TGT for user cognos03@PREDIKA.BE
    [Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(1110): [client 10.29.0.153] kerb_authenticate_user_krb5pwd ret=0 user=cognos03@PREDIKA.BE authtype=Basic
    [Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(1667): [client 10.29.0.153] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
    [Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(1605): [client 10.29.0.153] matched previous auth request
my krdb5 config file:
Code:
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = PREDIKA.BE
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 PREDIKA.BE = {
  kdc = PREDIKA.BE
 }

[domain_realm]
 .predika.be = PREDIKA.BE
 predika.be = PREDIKA.BE

[logging]
	kdc = FILE:/var/log/kerberos/krb5kdc.log
	admin_server = FILE:/var/log/kerberos/kadmin.log
	default = FILE:/var/log/kerberos/krb5lib.log
the apache config:
Code:
<IfModule mod_auth_kerb.c>
	    AuthType Kerberos
	    AuthName "Kerberos Login"

            KrbMethodNegotiate    on
            KrbVerifyKDC          off
            KrbSaveCredentials    off
            KrbMethodK5Passwd     on

            KrbServiceName        HTTP/cognos.predika.be@PREDIKA.BE
            KrbAuthRealms         PREDIKA.BE
            Krb5Keytab            /etc/krb5.keytab
	    
            require  valid-user
	</IfModule>
I'm totally confused. Maybe someone has seen the problem before, or can see an error in my configuration?

Last edited by bdesmet; 3rd January 2012 at 11:31.
Reply With Quote
Sponsored Links
Reply

Bookmarks

Tags
activedirectory, apache, kerberos, linux, sso

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 18:01.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.