[modauthkerb] gss_display_name() failed: A required input parameter could not be read: An invalid n
Brought to you by:
kouril
Menu
▾
▴
[modauthkerb] gss_display_name() failed: A required input parameter could not be read: An invalid name was supplied (, Unknown error)
|
From: Martin S. <th...@ma...> - 2014-07-02 20:49:29
|
Hi all, I'm trying to setup Kerberos authentication on Apache 2.2.15-30 (CentOs 6.5), and am facing an issue that I'm not able to debug or solve. Please find my error_log below: [Wed Jul 02 20:59:01 2014] [debug] src/mod_auth_kerb.c(1940): [client 192.168.218.1] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1940): [client 192.168.218.1] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1279): [client 192.168.218.1] Acquiring creds for HTTP/infa.domain.local [Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1692): [client 192.168.218.1] Verifying client data using KRB5 GSS-API [Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1708): [client 192.168.218.1] Client didn't delegate us their credential [Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1727): [client 192.168.218.1] GSS-API token of length 941 bytes will be sent back [Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1139): [client 192.168.218.1] GSS-API major_status:01020000, minor_status:00000000 [Wed Jul 02 20:59:03 2014] [error] [client 192.168.218.1] gss_display_name() failed: A required input parameter could not be read: An invalid name was supplied (, Unknown error) Please find the http dump below: GET http://infa.domain.local/server-status HTTP/1.1 Host: infa.domain.local User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Cache-Control: max-age=0 HTTP/1.1 401 Authorization Required Date: Wed, 02 Jul 2014 19:32:39 GMT Server: Apache/2.2.15 (CentOS) WWW-Authenticate: Negotiate Content-Length: 484 Connection: close Content-Type: text/html; charset=iso-8859-1 Proxy-Support: Session-Based-Authentication GET http://infa.domain.local/server-status HTTP/1.1 Host: infa.domain.local User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Cache-Control: max-age=0 Authorization: Negotiate YIID5QYGKwYBBQUCoIID2TCCA9WgCjAIBgYrBgEFAgWiggPFBIIDwWCCA70GBisGAQUCBQUBMBChDgQMRE9NQUlOLkxPQ0FMbIIDnTCCA5mhAwIBBaIDAgEMo4IDFzCCAxMwggIvoQMCAQGiggImBIICIm6CAh4wggIaoAMCAQ WhAwIBDqIHAwUAAAAAAKOCAU9hggFLMIIBR6ADAgEFoQ4bDERPTUFJTi5MT0NBTKIhMB+gAwIBAqEYMBYbBmtyYnRndBsMRE9NQUlOLkxPQ0FMo4IBCzCCAQegAwIBEqEDAgEBooH6BIH3jDiOe80e8vCv7Tmsd+t0spncJWnD v99vLDpi5PYc1Gj8vGH7xJxnz4dsr6WavFLmgYCRnvrF+Y+lU/QVF/AUNiqIG7ifGAJGD4IKHzcyYfNo9BLlNBGBckLdIhC3o2G8VfHWxv+Zo6DNfZUJsIVfoN2bls2C8K9K2pv/qd/FHR96+3JpCkRSb2tKqh2VQBA2mplvJML38nvHQkp5Y0rHQ ecbc0bHns1ddh/RLIlPcwdy8r7xDx7m5QUWH3gI6nSEhrcd/sIKoRJ88ezcMfqumXq2UxvBdBJAH86q9r9r/t74jXpyDFlRgF/Z6OLMwMdus2AkBNrbiaSBsTCBrqADAgEXooGmBIGj4DUpIRQjvddUEpp7sft5UjlnOPOCia9BSyxYBszOihLHr2D 2B6mL6fmqx7IcAVfVzV66B/gqQ4roAh0z4YKensKtqIAG7au2RsXtYNAjEgUFgh7dEE7kACUFoVB2VUK2mtjuHabbwMZ4gprrRIgDeFqROIhxWasVgxhak6dXQAKGEyvVlGoeLTJTPER5s2tcDRkoVTLFO0hBJxarNI/GTk1e1jCB3aEEAgIAi KKB1ASB0aCBzjCBy6EcMBqgBAIC/3ahEgQQSjwHqwdg2yuvh3nbGzDVuqKBqjCBp6ADAgEXooGfBIGccNThLwiDzyz8cJYPfI6hU505ydEQdRt6N036ZZ98Y49YfV+WWpCgXxhmL/8zhilAC2mQi5cvE5XOJOzGrWHnzl6AO1KfJQKjvogV zrFhdoPMVssGnBkrD40fsIA2uPJ2e0OeKRC/tOizUg8tVIdhkoivnh69Q1BDAx3JFjx3txRtDoSZHz6x4mlBSs72xFIlIkA7yhXH+nmml4yfpHIwcKAHAwUAUIEAAKIOGwxET01BSU4uTE9DQUyjJDAioAMCAQOhGzAZGwRIVFRQGxFpbmZh LmRvbWFpbi5sb2NhbKURGA8yMDE0MDcwMzAyNTYxNlqnBgIEU7ReW6gUMBICARICARECARACARcCARkCARo= HTTP/1.1 500 Internal Server Error Date: Wed, 02 Jul 2014 19:32:42 GMT Server: Apache/2.2.15 (CentOS) WWW-Authenticate: Negotiate oYIDqTCCA6WgAwoBAaEIBgYrBgEFAgWiggOSBIIDjgUBMBChDgQMRE9NQUlOLkxPQ0FMbYIDdjCCA3KgAwIBBaEDAgENooHVMIHSMIHPoQQCAgCIooHGBIHDoIHAMIG9oIG6MIG3oAMCAReiga8Egawhq77nnFYKOC2elIoQEMv 3HoPncmPLVp6/yr+HtLIuoyAsAUdbvyXars5ixGdPlg1IaceQQ3ThVvvsRthV86O4M2l55LfhlfIINZr7xQks3EKTAEA1OfsggBXdmShHV/29W2iLaQP60BvBlYCOGePMyMKp8jcgdNUQ6jLqq6No0Qk7Kro8IIjESMmVR3BAndbUfpDNYqO+IxY am/pl96xCQgu4iNznoglrYBf7ow4bDERPTUFJTi5MT0NBTKQaMBigAwIBAaERMA8bDUFkbWluaXN0cmF0b3KlggFjYYIBXzCCAVugAwIBBaEOGwxET01BSU4uTE9DQUyiJDAioAMCAQOhGzAZGwRIVFRQGxFpbmZhLmRvbWFpbi5sb 2NhbKOCARwwggEYoAMCARehAwIBAaKCAQoEggEGyeo+gzn7hHLgwIGfZiT3kfiua+yD1d0EDhyoAmctFzukkw7xqdyMZn+gfDna6O0WI7TC6Yv2pQqg1Ph76SZ11ZQu4xXn4FBPu3G9LwbPUxN9+cohhCTPmAX6SLyNu7n9UAKLsccjb kLq8HJjUgzfLus6AqUeerqjc3eSyr+r1onfQSL9JCNtpOUWtuxGIThTQfOXEYVlVyjMi37bnAFPMrxPERL/7m3vYm3x60HBu5KHy7xfbab8jftIsr33Z/2nnMxNi5LjqVBail4BpZiuRCMmko566KSLKWRSpvr6x/YUR5TPmhXjO3YGdi2VucDn6QW t81q2dQSYvAQnbuHDL84IQUY126aB+jCB96ADAgEXooHvBIHsmFwxE55S5Gi5VkPG0cS11MHsQvllqJAIxGMkzakyyYCfMKCpHFfyIf/2bIGPvSyCCWOqFxnMOA1a/c2d3eUk6Yr+H5c8PDFePxVbKijvZRVRVJ1pAifpm9kUoKcGMo0SH 9m0H4yu94/ESE7QbEcx7pQac1Udq894rgF7OmnQXZZ6mX2VUrIb0xHxaaj9oR8+zC8vGWyyqVSZhtURxQ8Anr+MifqWKPP2QpWFohptl/zl8bYmMqs1nEH3TIe1wvtOgeqGh6KumbC4rc9IVCN8rx+3XCVr/2BM27nURT21MUzwU1tbpQM LSqT0gFE= Content-Length: 617 Connection: close Content-Type: text/html; charset=iso-8859-1 Please find relevant configuration files below: kdc.conf [kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 [realms] DOMAIN.LOCAL = { #master_key_type = aes256-cts acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab forwardable = true proxiable = true supported_enctypes = rc4-hmac:normal } auth_kerb.conf LoadModule auth_kerb_module modules/mod_auth_kerb.so <Location /server-status> #SSLRequireSSL AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd Off KrbAuthRealms DOMAIN.LOCAL Krb5KeyTab /etc/httpd/conf/http.keytab KrbServiceName HTTP/infa.domain.local require valid-user </Location> klist -e -k /etc/httpd/conf/http.keytab Keytab name: FILE:/etc/httpd/conf/http.keytab KVNO Principal ---- -------------------------------------------------------------------------- 0 HTTP/inf...@DO... (arcfour-hmac) Does anyone have an idea of what the problem might be? I'd be very thankful for any comments. Thank you, Martin |
