[modauthkerb] Create keytab with multiple servicePrincipalNames
Brought to you by:
kouril
Menu
▾
▴
[modauthkerb] Create keytab with multiple servicePrincipalNames
|
From: Jakob O. <ja...@gm...> - 2014-01-07 19:17:50
|
Hello, this is my first post to the mailing-list, so i hope i'm doing it the right way. We have the following setup: KDC = Windows 2003R2 Kerberos enabled server: Ubuntu - Apache 2.4 Clients: Windows 7 - IE 8 The solution has been up running, but today i needed to add another spn to the AD user, used when the keytab was created. I create my keytab with this windows command: ktpass -princ HTTP/ser...@DO...F -mapuser us...@do...f-pass password -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out krb5.keytab But after i added another SPN and created a new keytab, i see this error in my apache error.log: [Tue Jan 07 16:53:24.378749 2014] [auth_kerb:debug] [pid 11253] src/mod_auth_kerb.c(1121): [client IP:PORT] GSS-API major_status:000d0000, minor_status:96c73ae6 [Tue Jan 07 16:53:24.378809 2014] [auth_kerb:error] [pid 11253] [client IP:PORT] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, Key version number for principal in key table is incorrect) So my question is: What do i do about this error? How do i debug any further? Normally i dont have klist, ktutil, kadmin etc installed on the ubuntu server. But today i installed the krb-user package and when calling kvno HTTP/servername.domain.tld i see the same kvno, as the ktpass is writing when creating the keytab. Any help is appreciated. -- Jakob Damgaard Olsen Tlf: 24613112 |
