I have configured apache2 and mod_auth_kerb. I setted up my .htaccess in such way
# cat .htaccess
AuthType Kerberos
AuthName "Domain login"
KrbAuthRealms DOMAIN.COM
KrbMethodK5Passwd on
Krb5KeyTab /etc/httpd/httpd.keytab
require valid-user
When I open the page in IE, I get following error in apache logs:
gss_accept_sec_context() failed: Miscellaneous failure (, Key version number for principal in key table is incorrect)
Then I can set password and login via Basic Auth and it is totally ok. But I can't authenticate by ticket.
# klist -k /etc/httpd/httpd.keytab
Keytab name: FILE:/etc/httpd/httpd.keytab
KVNO Principal
---- --------------------------------------------------------------------------
6 host/portal.domain.com@DOMAIN.COM
6 host/portal.domain.com@DOMAIN.COM
6 host/portal.domain.com@DOMAIN.COM
6 host/portal@DOMAIN.COM
6 host/portal@DOMAIN.COM
6 host/portal@DOMAIN.COM
6 PORTAL$@DOMAIN.COM
6 PORTAL$@DOMAIN.COM
6 PORTAL$@DOMAIN.COM
6 HTTP/portal.domain.com@DOMAIN.COM
6 HTTP/portal.domain.com@DOMAIN.COM
6 HTTP/portal.domain.com@DOMAIN.COM
6 HTTP/portal@DOMAIN.COM
6 HTTP/portal@DOMAIN.COM
6 HTTP/portal@DOMAIN.COM
What should I do with KVNO? What wrong with it?
P.S. KDC is KDC inside ActiveDirectory (windows 2003 server). My server platform is SUSE Linux 10:
# cat /proc/version
Linux version 2.6.16.60-0.21-smp (geeko@buemphasized textildhost) (gcc version 4.1.2 20070115 (SUSE Linux)) #1 SMP Tue May 6 12:41:02 UTC 2008
mod_auth_kerb is latest (5.4-4.15). Kerberos lib isn't:
# zypper search krb
Restoring system sources...
Parsing metadata for SUSE Linux Enterprise Server 10 SP3...
S | Catalog | Type | Name | Version | Arch
--+-------------------------------------+---------+--------------------+----------------+-------
i | SUSE Linux Enterprise Server 10 SP3 | package | krb5 | 1.4.3-19.43.27 | x86_64
i | SUSE Linux Enterprise Server 10 SP3 | package | krb5-apps-clients | 1.4.3-19.43.27 | x86_64
i | SUSE Linux Enterprise Server 10 SP3 | package | krb5-apps-servers | 1.4.3-19.43.27 | x86_64
i | SUSE Linux Enterprise Server 10 SP3 | package | krb5-client | 1.4.3-19.43.27 | x86_64
i | SUSE Linux Enterprise Server 10 SP3 | package | krb5-devel | 1.4.3-19.43.27 | x86_64
i | SUSE Linux Enterprise Server 10 SP3 | package | krb5-server | 1.4.3-19.43.27 | x86_64