I don't know if this is helpful but the service provider gave me a list with the installed patches on the Windows Server:
Q147222 KB890046 - Update KB893756 - Update KB896358 - Update KB896422 - Update KB896424 - Update KB896428 - Update KB898715 - Update KB899587 - Update KB899588 - Update KB899589 - Update KB899591 - Update KB900725 - Update KB901017 - Update KB901214 - Update KB902400 - Update KB904706 - Update KB905414 - Update KB908519 - Update KB908531 - Update KB910437 - Update KB911562 - Update KB911567 - Update KB911927 - Update KB912812 - Update KB912919 - Update KB913446 - Update On 8/23/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > HI List, > I'm having problems with the authentication through mod_auth_kerb. > The used solution had worked forfour months without any problems. Ever > since 16 Aug 2007 that solution hasn't been functional. > > Nothing has been changed in our system (Apache 2.0.55 with mod_auth_kerb). > The service provider who administrates the ADS confirmed that there were no > changes made or any patches installed. The same applies to clients who are > administrated by an external service provider; no changes resp. installation > of patches were supposed to be done. However, I cannot confirm the external > service provider's statements. > > The following error messages appear in the VHost's apache error log: > --<apache error log>-- > [Wed Aug 22 15:17:04 2007] [debug] src/mod_auth_kerb.c(1485): [client > 127.0.0.2] kerb_authenticate_user entered with user (NULL) and > auth_type Kerberos, referer: http://intern.customer.com/index.html > [Wed Aug 22 15:17:26 2007] [debug] src/mod_auth_kerb.c(1485): [client > 127.0.0.2] kerb_authenticate_user entered with user (NULL) and > auth_type Kerberos, referer: http://intern.customer.com/index.html > [Wed Aug 22 15:17:42 2007] [debug] src/mod_auth_kerb.c(1485): [client > 127.0.0.2] kerb_authenticate_user entered with user (NULL) and > auth_type Kerberos, referer: http://intern.customer.com/index.html > [Wed Aug 22 15:17:42 2007] [debug] src/mod_auth_kerb.c(1172): [client > 127.0.0.2] Acquiring creds for [EMAIL PROTECTED], referer: > http://intern.customer.com/index.html > [Wed Aug 22 15:17:42 2007] [debug] src/mod_auth_kerb.c(1316): [client > 127.0.0.2] Verifying client data using KRB5 GSS-API, referer: > http://intern.customer.com/index.html > [Wed Aug 22 15:17:42 2007] [debug] src/mod_auth_kerb.c(1332): [client > 127.0.0.2] Verification returned code 589824, referer: > http://intern.customer.com/index.html > [Wed Aug 22 15:17:42 2007] [debug] src/mod_auth_kerb.c(1359): [client > 127.0.0.2] Warning: received token seems to be NTLM, which isn't > supported by the Kerberos module. Check your IE configuration., > referer: http://intern.customer.com/index.html > --</apache error log>-- > > > I get the following message when requesting the Kerberos commands: > [EMAIL PROTECTED]:/opt/krb5/bin]$ ./klist -e -f -a -nTicket cache: > FILE:/tmp/krb5cc_2022Default principal: > HTTP/[EMAIL PROTECTED] > > Valid starting Expires Service principal > 08/22/07 17:07:36 08/23/07 03:08:07 krbtgt/[EMAIL PROTECTED] > renew until 08/23/07 17:07:36, Flags: RIA > Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 > Addresses: (none) > > [EMAIL PROTECTED]:/opt/krb5/bin]# ./kvno HTTP/[EMAIL PROTECTED] > kvno: Server not found in Kerberos database while getting credentials > for HTTP/[EMAIL PROTECTED] > > After consultation with the service provider, a new keytab file has > already been exported and transfered to the Apache System. > > ktpass -princ HTTP/intern.customer.com > -mapuser [EMAIL PROTECTED] > -crypto DES-CBC-MD5 > -ptype KRB_NT_PRINCIPAL > -mapop set +desonly > -pass ******** > -out c:\temp\keytab > > -rw-r--r-- 1 httpd httpd 77 Aug 23 10:16 intern.keytab > > Do you have any advice what else to check or even a solution proposal? > > Thanks for your help, > > Thorsten > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
