[modauthkerb-help] [modauthkerb - Help] Unsupported key table format version number??
Brought to you by:
kouril
Menu
▾
▴
[modauthkerb-help] [modauthkerb - Help] Unsupported key table format version number??
|
From: <no...@so...> - 2002-12-09 21:34:29
|
Read and respond to this message at: https://sourceforge.net/forum/message.php?msg_id=1788031 By: gschuster Hello all, I'm trying to get Apache on a FreeBSD machine to authenticate to a Windows 2000 Active Directory server with Kerberos using mod_auth_kerb, but I'm having some problems. Here is my version info: FreeBSD 4.5 Apache 1.3.24_3 krb5-1.2.6 (MIT Kerberos) mod_auth_kerb 4.12_1 I installed mod_auth_kerb from the FreeBSD ports tree. When I attempt to access the protected directory with IE, it prompts for a username and password as it should, and if I supply an invalid username or password, authentication fails as it should. But if I supply the correct credentials, I get an Internal Server Error from Apache. Checking the error log reveals the following: [Fri Dec 6 10:23:27 2002] [error] access to /private/ failed for 10.101.54.2, reason: krb5_rd_req(): Unsupported key table format version number (-1765328171) Here is the directory entry from my http.conf file: <Directory "/usr/local/www/data/private"> AuthType KerberosV5 AuthName "Kerberos Login" AllowOverride AuthConfig KrbAuthRealm DEV.LOCAL Krb5Keytab /usr/local/etc/apache/keytab/www.keytab require valid-user </Directory> Here is the ktpass command I issued on the AD server to generate the keytab file, which I then copied to the BSD machine: C:\>ktpass -princ www/bsd...@DE... -mapuser dev04www -pass password -out www.keytab Both the keytab file and its enclosing folders are readable by all users. If I remove the keytab file, I get the same behavior. If I remove the directory containing the keytab file, I get a No such file or Directory error. Here is my krb5.conf file: [logging] default = FILE:/var/log/krb5.log [libdefaults] default_realm = DEV.LOCAL # dns_lookup_realm = true # dns_lookup_kdc = true default_tgs_enctypes = des-cbc-crc default_tkt_enctypes = des-cbc-crc [realms] DEV.LOCAL = { kdc = devad.dev.local:88 kpasswd_server = devad.dev.local:464 admin_server = devad.dev.local default_domain = dev.local } [domain_realm] .dev.local = DEV.LOCAL dev.local = DEV.LOCAL I'd greatly appreciate any help anyone can give, this has been driving us nuts for some time now. Thanks! Greg ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge and visit: https://sourceforge.net/forum/monitor.php?forum_id=171554 |
