Databases
StackOverflow2013
Postsdbo
POapache-mod_auth_kerb; kerb_authenticate_user entered with user (NULL) and auth_type Kerberos; Client didn't delegate us their credential
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POapache-mod_auth_kerb; kerb_authenticate_user entered with user (NULL) and auth_type Kerberos; Client didn't delegate us their credential
    primarykey
    data
    text
    <p>I am trying to setup Integrated Windows authentication with kerberos using ActiveDirectory in windows server 2008 and everything works well and I am able to get kerberos tickets on successful login. I am facing problem in forwarding this ticket to server where Apache is configured. When forwading ticket KRB5CCNAME is not set in Apache/PHP environment variables.</p> <p>My kerberos configuration file(krb5.conf) is</p> <pre><code>[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DIVAMI.COM default_keytab_file = /etc/krb5.keytab dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] DIVAMI.COM = { kdc = meluha.divami.com:88 admin_server = meluha.divami.com:749 default_domain = divami.com } [domain_realm] meluha.divami.com = DIVAMI.COM divami.com = DIVAMI.COM </code></pre> <p>Apache mod_auth_kerb configuration file(auth_kerb) is</p> <pre><code>&lt;Location /perfmon&gt; AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd Off KrbAuthRealms DIVAMI.COM Krb5KeyTab /etc/httpd/conf.d/apache.keytab KrbSaveCredentials On KrbServiceName HTTP/greenplum.divami.com require valid-user ErrorDocument 404 "No favicon" &lt;/Location&gt; </code></pre> <p>Browser configuration </p> <p>Firefox</p> <pre><code>Set network.negotiate-auth.delegation-uris to greenplum.divami.com. Set network.negotiate-auth.trusted-uris to greenplum.divami.com </code></pre> <p>IE</p> <pre><code> In Internet Explorer, select Tools &gt; Internet Options. In the Local Internet (Advanced) dialog box, enter all relative domain names that will be used on the intranet (e.g. greenplum.divami.com). </code></pre> <p>When I set KrbMethodK5Passwd On,then browser prompt for kerberos username and password on giving valid credentials ticket is generated and it's cached location is set in Apache/PHP environment variable KRB5CCNAME. Using this variable KRB5CCNAME we can use kerberos ticket that is forwaded as credential for authentication.</p> <p>I am getting following error message when KrbMethodK5Passwd Off.</p> <pre><code>[Wed Sep 25 18:48:11 2013] [debug] src/mod_auth_kerb.c(1939): [client 10.81.17.156] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Wed Sep 25 18:48:11 2013] [debug] src/mod_auth_kerb.c(1939): [client 10.81.17.156] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Wed Sep 25 18:48:11 2013] [debug] src/mod_auth_kerb.c(1278): [client 10.81.17.156] Acquiring creds for HTTP/greenplum.divami.com [Wed Sep 25 18:48:11 2013] [debug] src/mod_auth_kerb.c(1691): [client 10.81.17.156] Verifying client data using KRB5 GSS-API [Wed Sep 25 18:48:11 2013] [debug] src/mod_auth_kerb.c(1707): [client 10.81.17.156] Client didn't delegate us their credential [Wed Sep 25 18:48:11 2013] [debug] src/mod_auth_kerb.c(1726): [client 10.81.17.156] GSS-API token of length 180 bytes will be sent back plum.divami.com/perfmon/login.php [Wed Sep 25 18:48:11 2013] [debug] src/mod_auth_kerb.c(1691): [client 10.81.17.156] Verifying client data using KRB5 GSS-API , referer:http://greenplum.divami.com/perfmon/login.php </code></pre> <p>I have no idea whether browser fails in picking kerberos ticket or browser picks the ticket but unable to set cached location in KRB5CCNAME. please help me in solving this issue.</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. POapache-mod_auth_kerb; kerb_authenticate_user entered with user (NULL) and auth_type Kerberos; Client didn't delegate us their credential
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POapache-mod_auth_kerb; kerb_authenticate_user entered with user (NULL) and auth_type Kerberos; Client didn't delegate us their credential
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POapache-mod_auth_kerb; kerb_authenticate_user entered with user (NULL) and auth_type Kerberos; Client didn't delegate us their credential
      1. USSivakumar
      1. VTFavorite
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload