[modauthkerb] gss_display_name() failed: A required input parameter could not be read: An invalid n

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi all,
I'm trying to setup Kerberos authentication on Apache 2.2.15-30 (CentOs
6.5), and am facing an issue that I'm not able to debug or solve. Please
find my error_log below:

  [Wed Jul 02 20:59:01 2014] [debug] src/mod_auth_kerb.c(1940): [client
192.168.218.1] kerb_authenticate_user entered with user (NULL) and
auth_type Kerberos
  [Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1940): [client
192.168.218.1] kerb_authenticate_user entered with user (NULL) and
auth_type Kerberos
  [Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1279): [client
192.168.218.1] Acquiring creds for HTTP/infa.domain.local
  [Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1692): [client
192.168.218.1] Verifying client data using KRB5 GSS-API
  [Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1708): [client
192.168.218.1] Client didn't delegate us their credential
  [Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1727): [client
192.168.218.1] GSS-API token of length 941 bytes will be sent back
  [Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1139): [client
192.168.218.1] GSS-API major_status:01020000, minor_status:00000000
  [Wed Jul 02 20:59:03 2014] [error] [client 192.168.218.1]
gss_display_name() failed: A required input parameter could not be read: An
invalid name was supplied (, Unknown error)

Please find the http dump below:

  GET http://infa.domain.local/server-status HTTP/1.1
  Host: infa.domain.local
  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101
Firefox/30.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  Connection: keep-alive
  Cache-Control: max-age=0

  HTTP/1.1 401 Authorization Required
  Date: Wed, 02 Jul 2014 19:32:39 GMT
  Server: Apache/2.2.15 (CentOS)
  WWW-Authenticate: Negotiate
  Content-Length: 484
  Connection: close
  Content-Type: text/html; charset=iso-8859-1
  Proxy-Support: Session-Based-Authentication

  GET http://infa.domain.local/server-status HTTP/1.1
  Host: infa.domain.local
  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101
Firefox/30.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  Connection: keep-alive
  Cache-Control: max-age=0
  Authorization: Negotiate
 YIID5QYGKwYBBQUCoIID2TCCA9WgCjAIBgYrBgEFAgWiggPFBIIDwWCCA70GBisGAQUCBQUBMBChDgQMRE9NQUlOLkxPQ0FMbIIDnTCCA5mhAwIBBaIDAgEMo4IDFzCCAxMwggIvoQMCAQGiggImBIICIm6CAh4wggIaoAMCAQ
 WhAwIBDqIHAwUAAAAAAKOCAU9hggFLMIIBR6ADAgEFoQ4bDERPTUFJTi5MT0NBTKIhMB+gAwIBAqEYMBYbBmtyYnRndBsMRE9NQUlOLkxPQ0FMo4IBCzCCAQegAwIBEqEDAgEBooH6BIH3jDiOe80e8vCv7Tmsd+t0spncJWnD
 v99vLDpi5PYc1Gj8vGH7xJxnz4dsr6WavFLmgYCRnvrF+Y+lU/QVF/AUNiqIG7ifGAJGD4IKHzcyYfNo9BLlNBGBckLdIhC3o2G8VfHWxv+Zo6DNfZUJsIVfoN2bls2C8K9K2pv/qd/FHR96+3JpCkRSb2tKqh2VQBA2mplvJML38nvHQkp5Y0rHQ
 ecbc0bHns1ddh/RLIlPcwdy8r7xDx7m5QUWH3gI6nSEhrcd/sIKoRJ88ezcMfqumXq2UxvBdBJAH86q9r9r/t74jXpyDFlRgF/Z6OLMwMdus2AkBNrbiaSBsTCBrqADAgEXooGmBIGj4DUpIRQjvddUEpp7sft5UjlnOPOCia9BSyxYBszOihLHr2D
 2B6mL6fmqx7IcAVfVzV66B/gqQ4roAh0z4YKensKtqIAG7au2RsXtYNAjEgUFgh7dEE7kACUFoVB2VUK2mtjuHabbwMZ4gprrRIgDeFqROIhxWasVgxhak6dXQAKGEyvVlGoeLTJTPER5s2tcDRkoVTLFO0hBJxarNI/GTk1e1jCB3aEEAgIAi
 KKB1ASB0aCBzjCBy6EcMBqgBAIC/3ahEgQQSjwHqwdg2yuvh3nbGzDVuqKBqjCBp6ADAgEXooGfBIGccNThLwiDzyz8cJYPfI6hU505ydEQdRt6N036ZZ98Y49YfV+WWpCgXxhmL/8zhilAC2mQi5cvE5XOJOzGrWHnzl6AO1KfJQKjvogV
 zrFhdoPMVssGnBkrD40fsIA2uPJ2e0OeKRC/tOizUg8tVIdhkoivnh69Q1BDAx3JFjx3txRtDoSZHz6x4mlBSs72xFIlIkA7yhXH+nmml4yfpHIwcKAHAwUAUIEAAKIOGwxET01BSU4uTE9DQUyjJDAioAMCAQOhGzAZGwRIVFRQGxFpbmZh
 LmRvbWFpbi5sb2NhbKURGA8yMDE0MDcwMzAyNTYxNlqnBgIEU7ReW6gUMBICARICARECARACARcCARkCARo=

  HTTP/1.1 500 Internal Server Error
  Date: Wed, 02 Jul 2014 19:32:42 GMT
  Server: Apache/2.2.15 (CentOS)
  WWW-Authenticate: Negotiate
 oYIDqTCCA6WgAwoBAaEIBgYrBgEFAgWiggOSBIIDjgUBMBChDgQMRE9NQUlOLkxPQ0FMbYIDdjCCA3KgAwIBBaEDAgENooHVMIHSMIHPoQQCAgCIooHGBIHDoIHAMIG9oIG6MIG3oAMCAReiga8Egawhq77nnFYKOC2elIoQEMv
 3HoPncmPLVp6/yr+HtLIuoyAsAUdbvyXars5ixGdPlg1IaceQQ3ThVvvsRthV86O4M2l55LfhlfIINZr7xQks3EKTAEA1OfsggBXdmShHV/29W2iLaQP60BvBlYCOGePMyMKp8jcgdNUQ6jLqq6No0Qk7Kro8IIjESMmVR3BAndbUfpDNYqO+IxY
 am/pl96xCQgu4iNznoglrYBf7ow4bDERPTUFJTi5MT0NBTKQaMBigAwIBAaERMA8bDUFkbWluaXN0cmF0b3KlggFjYYIBXzCCAVugAwIBBaEOGwxET01BSU4uTE9DQUyiJDAioAMCAQOhGzAZGwRIVFRQGxFpbmZhLmRvbWFpbi5sb
 2NhbKOCARwwggEYoAMCARehAwIBAaKCAQoEggEGyeo+gzn7hHLgwIGfZiT3kfiua+yD1d0EDhyoAmctFzukkw7xqdyMZn+gfDna6O0WI7TC6Yv2pQqg1Ph76SZ11ZQu4xXn4FBPu3G9LwbPUxN9+cohhCTPmAX6SLyNu7n9UAKLsccjb
 kLq8HJjUgzfLus6AqUeerqjc3eSyr+r1onfQSL9JCNtpOUWtuxGIThTQfOXEYVlVyjMi37bnAFPMrxPERL/7m3vYm3x60HBu5KHy7xfbab8jftIsr33Z/2nnMxNi5LjqVBail4BpZiuRCMmko566KSLKWRSpvr6x/YUR5TPmhXjO3YGdi2VucDn6QW
 t81q2dQSYvAQnbuHDL84IQUY126aB+jCB96ADAgEXooHvBIHsmFwxE55S5Gi5VkPG0cS11MHsQvllqJAIxGMkzakyyYCfMKCpHFfyIf/2bIGPvSyCCWOqFxnMOA1a/c2d3eUk6Yr+H5c8PDFePxVbKijvZRVRVJ1pAifpm9kUoKcGMo0SH
 9m0H4yu94/ESE7QbEcx7pQac1Udq894rgF7OmnQXZZ6mX2VUrIb0xHxaaj9oR8+zC8vGWyyqVSZhtURxQ8Anr+MifqWKPP2QpWFohptl/zl8bYmMqs1nEH3TIe1wvtOgeqGh6KumbC4rc9IVCN8rx+3XCVr/2BM27nURT21MUzwU1tbpQM
 LSqT0gFE=
  Content-Length: 617
  Connection: close
  Content-Type: text/html; charset=iso-8859-1

Please find relevant configuration files below:

kdc.conf

  [kdcdefaults]
   kdc_ports = 88
   kdc_tcp_ports = 88

  [realms]
   DOMAIN.LOCAL = {
    #master_key_type = aes256-cts
    acl_file = /var/kerberos/krb5kdc/kadm5.acl
    dict_file = /usr/share/dict/words
    admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
    forwardable = true
    proxiable = true
    supported_enctypes = rc4-hmac:normal
   }

auth_kerb.conf

  LoadModule auth_kerb_module modules/mod_auth_kerb.so

  <Location /server-status>
    #SSLRequireSSL
    AuthType Kerberos
    AuthName "Kerberos Login"
    KrbMethodNegotiate On
    KrbMethodK5Passwd Off
    KrbAuthRealms DOMAIN.LOCAL
    Krb5KeyTab /etc/httpd/conf/http.keytab
    KrbServiceName HTTP/infa.domain.local
    require valid-user
  </Location>

klist -e -k /etc/httpd/conf/http.keytab
  Keytab name: FILE:/etc/httpd/conf/http.keytab
  KVNO Principal
  ----
--------------------------------------------------------------------------
     0 HTTP/infa.domain.local@DOMAIN.LOCAL (arcfour-hmac)

Does anyone have an idea of what the problem might be? I'd be very thankful
for any comments.

Thank you,
Martin

[modauthkerb] gss_display_name() failed: A required input parameter could not be read: An invalid n

[modauthkerb] gss_display_name() failed: A required input parameter could not be read: An invalid name was supplied (, Unknown error)