Old 15th April 2011, 12:29
alex123 alex123 is offline
Junior Member
Join Date: Nov 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Kerberos

I am trying to set up Kerberos authentication for a website hosted on Apache 2 on Debian linux.

I have installed the apache module libapache2-mod-auth-kerb but I am getting the following error in apache:

[Thu Apr 14 16:53:49 2011] [error] [client] gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information (, Key table file '/etc/krb5.keytab' not found)

How do I go about creating the keytab file it is looking for?

What is it suppose to contain?

From what I have read I am suppose to use the `ktpass` tool to create it but this command does not work on my server it says `command not found`.

Reply With Quote
Sponsored Links
Old 16th April 2011, 08:47
tusshar tusshar is offline
Junior Member
Join Date: May 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Post Try This

To begin setting up a KDC, ensure that your /etc/rc.conf file contains the correct settings to act as a KDC (you may need to adjust paths to reflect your own system):

Next we will set up your Kerberos config file, /etc/krb5.conf:
default_realm = EXAMPLE.ORG
kdc = kerberos.example.org
admin_server = kerberos.example.org
.example.org = EXAMPLE.ORG
Note that this /etc/krb5.conf file implies that your KDC will have the fully-qualified hostname of kerberos.example.org. You will need to add a CNAME (alias) entry to your zone file
to accomplish this if your KDC has a different hostname.
default_realm = EXAMPLE.ORG
_kerberos._udp IN SRV 01 00 88 kerberos.example.org.
_kerberos._tcp IN SRV 01 00 88 kerberos.example.org.
_kpasswd._udp IN SRV 01 00 464 kerberos.example.org.
_kerberos-adm._tcp IN SRV 01 00 749 kerberos.example.org.

After installing the /etc/krb5.conf file, you can use kadmin from the Kerberos server. The add --random-key command will let you add the server's host principal,
and the ext command will allow you to extract the server's host principal to its own keytab.For example:
# kadmin
kadmin> add --random-key host/myserver.example.org
Max ticket life [unlimited]:
Max renewable life [unlimited]:
Attributes []:
kadmin> ext host/myserver.example.org
kadmin> exit

The rc.conf must also be modified to contain the following configuration:
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rsync auto login and schedule sync dalitso HOWTO-Related Questions 5 20th March 2011 18:40
Ubuntu 9.04 Samba Server Integrated With Active Directory brandonedmunds HOWTO-Related Questions 0 8th September 2009 17:32
Help with Kerberos / Active Directory jmaldrich Installation/Configuration 0 23rd February 2009 18:55
proftpd 500 AUTH and KERBEROS error ?? soroccoheaven Server Operation 2 25th September 2007 21:49
ISPConfig and Kerberos brian8568 Installation/Configuration 1 27th December 2006 21:26

All times are GMT +2. The time now is 08:50.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.