Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Problems with kerberos and forest domain
Operating Systems AIX Problems with kerberos and forest domain Post 302873887 by 3junior on Wednesday 13th of November 2013 11:36:45 AM
Old 11-13-2013
Problems with kerberos and forest domain
Hi,

I have a simple Apache setup that works fine when I create a keytab on a domain level authentication works fine. When I create a keytab at the forest level authentication does not work. I get the following error message. Does anyone know what I am doing wrong here? I validated there is the SPN is unique on the AD side.

Code:
[Wed Nov 13 10:55:49 2013] [debug] src/mod_auth_kerb.c(1707): [client x] Client didn't delegate us their credential
[Wed Nov 13 10:55:49 2013] [debug] src/mod_auth_kerb.c(1735): [client x] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.

 

7 More Discussions You Might Find Interesting

1. Cybersecurity

Kerberos security

I have installed Kerberos security in my UNIX system but I need to disable because of an application conflict with Kerberos. So Anybody ca tell me how can I disable it? Thank you (1 Reply)
Discussion started by: dansanmex
1 Replies

2. Solaris

kerberos security

i m new 2 unix world can some body explain me abt kerberos pls explain in detail..! (2 Replies)
Discussion started by: sriram.s
2 Replies

3. AIX

SSH and Kerberos

I have 2 servers (lft1 and lft3) running AIX 5.3 ML 5. Both are installed with krb5.client.rte 1.4.0.4 and openssh.base.server 4.3.0.5300. I have configured some of the users on both servers to authenticate against our Windows 2003 Active Directory. From my PC, I can use telnet to login... (1 Reply)
Discussion started by: asch337
1 Replies

4. Programming

Kerberos Authentication c/c++

I am in the process of developing a application that needs to be able to authenticate users details with a kerberos server, which is proving to be rather difficult. There seems to be a lack of good information on how to do this using the MIT kerberos api. Can anyone point me in the right... (0 Replies)
Discussion started by: mshindo
0 Replies

5. Windows & DOS: Issues & Discussions

How to: Linux BOX in Windows Domain (w/out joining the domain)

Dear Expert, i have linux box that is running in the windows domain, BUT did not being a member of the domain. as I am not the System Administrator so I have no control on the server in the network, such as modify dns entry , add the linux box in AD and domain record and so on that relevant. ... (2 Replies)
Discussion started by: regmaster
2 Replies

6. AIX

Problems with Kerberos and realms

I'm fairly new to UNIX-land, and one of my first assigned tasks was to try to set up Kerberos authentication on an unused partition. Hopefully everything makes sense, but please let me know if any clarification is needed with any of it. AIX 7.1, and while I found various docs on the subject, a... (11 Replies)
Discussion started by: PassLine
11 Replies

7. OS X (Apple)

OSX and Kerberos

Our Network Security folks have mandated that we "Kerberize" our systems to allow them to perform an authenticated scan. This consists of instructions to change /etc/pam.d/sshd from: # sshd: auth account password session auth optional pam_krb5.so use_kcminit auth optional ... (0 Replies)
Discussion started by: jnojr
0 Replies

LEARN ABOUT FREEBSD

krb5_rd_req_out_get_server

Heimdal Kerberos 5 authentication functions(3)		      HeimdalKerberos5library		    Heimdal Kerberos 5 authentication functions(3)

NAME

       Heimdal Kerberos 5 authentication functions -

   Functions
       KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_ctx_alloc (krb5_context context, krb5_rd_req_in_ctx *ctx)
       KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_keytab (krb5_context context, krb5_rd_req_in_ctx in, krb5_keytab keytab)
       KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_pac_check (krb5_context context, krb5_rd_req_in_ctx in, krb5_boolean
	   flag)
       KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_server (krb5_context context, krb5_rd_req_out_ctx out, krb5_principal
	   *principal)
       KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_out_ctx_free (krb5_context context, krb5_rd_req_out_ctx ctx)
       KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_ctx (krb5_context context, krb5_auth_context *auth_context, const krb5_data
	   *inbuf, krb5_const_principal server, krb5_rd_req_in_ctx inctx, krb5_rd_req_out_ctx *outctx)

Detailed Description
Function Documentation
   KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_ctx (krb5_context context, krb5_auth_context * auth_context, const krb5_data *
       inbuf, krb5_const_principal server, krb5_rd_req_in_ctx inctx, krb5_rd_req_out_ctx * outctx)
       The core server function that verify application authentication requests from clients.

       Parameters:
	   context Keberos 5 context.
	   auth_context the authentication context, can be NULL, then default values for the authentication context will used.
	   inbuf the (AP-REQ) authentication buffer
	   server the server with authenticate as, if NULL the function will try to find any available credential in the keytab that will verify
	   the reply. The function will prefer the server the server client specified in the AP-REQ, but if there is no mach, it will try all
	   keytab entries for a match. This have serious performance issues for larger keytabs.
	   inctx control the behavior of the function, if NULL, the default behavior is used.
	   outctx the return outctx, free with krb5_rd_req_out_ctx_free().

       Returns:
	   Kerberos 5 error code, see krb5_get_error_message().

   KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_ctx_alloc (krb5_context context, krb5_rd_req_in_ctx * ctx)
       Allocate a krb5_rd_req_in_ctx as an input parameter to krb5_rd_req_ctx(). The caller should free the context with krb5_rd_req_in_ctx_free()
       when done with the context.

       Parameters:
	   context Keberos 5 context.
	   ctx in ctx to krb5_rd_req_ctx().

       Returns:
	   Kerberos 5 error code, see krb5_get_error_message().

   KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_keytab (krb5_context context, krb5_rd_req_in_ctx in, krb5_keytab keytab)
       Set the keytab that krb5_rd_req_ctx() will use.

       Parameters:
	   context Keberos 5 context.
	   in in ctx to krb5_rd_req_ctx().
	   keytab keytab that krb5_rd_req_ctx() will use, only copy the pointer, so the caller must free they keytab after
	   krb5_rd_req_in_ctx_free() is called.

       Returns:
	   Kerberos 5 error code, see krb5_get_error_message().

   KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_pac_check (krb5_context context, krb5_rd_req_in_ctx in, krb5_boolean flag)
       Set if krb5_rq_red() is going to check the Windows PAC or not

       Parameters:
	   context Keberos 5 context.
	   in krb5_rd_req_in_ctx to check the option on.
	   flag flag to select if to check the pac (TRUE) or not (FALSE).

       Returns:
	   Kerberos 5 error code, see krb5_get_error_message().

   KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_out_ctx_free (krb5_context context, krb5_rd_req_out_ctx ctx)
       Free the krb5_rd_req_out_ctx.

       Parameters:
	   context Keberos 5 context.
	   ctx krb5_rd_req_out_ctx context to free.

   KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_server (krb5_context context, krb5_rd_req_out_ctx out, krb5_principal *
       principal)
       Get the principal that was used in the request from the client. Might not match whats in the ticket if krb5_rd_req_ctx() searched in the
       keytab for a matching key.

       Parameters:
	   context a Kerberos 5 context.
	   out a krb5_rd_req_out_ctx from krb5_rd_req_ctx().
	   principal return principal, free with krb5_free_principal().

Version 1.5.2							    11 Jan 2012 		    Heimdal Kerberos 5 authentication functions(3)
All times are GMT -4. The time now is 11:13 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy