[Pkg-team] [illumos-userland - Bug #1827] mod_auth_gss
illumos project
devnull at illumos.org
Fri Feb 17 16:45:31 UTC 2012
Issue #1827 has been updated by Bayard Bell.
Project changed from OpenIndiana Distribution to illumos-userland
Target version deleted (oi_151_stable)
----------------------------------------
Bug #1827: mod_auth_gss
https://www.illumos.org/issues/1827
Author: Stefano Germini
Status: New
Priority: Normal
Assignee: OI PKG
Category:
Target version:
Difficulty: Medium
Tags: mod_auth_gss
I'm getting problems running apache22 with mod_auth_gss enabled on oi_151a.
Same configuration with latest version of OpenSolaris was fine.
Environment:
* Active Directory 2008sp2 with multiple DCs;
* krb5.conf OK (i can use kinit to get tickets AND *generated keytabs on a DC are OK when used with glassfish with spnego auth*);
* httpd.conf OK (same configuration on OpenSolaris was OK);
* resolv.conf & nsswitch.conf OK.
When browsing the server with IE, the kerberos ticket cache on my host (windows 7) contains tickect for the service principal I generated, so I think it's all ok, but I get an error page:
""Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.""
and apache server logs on error_log:
[Tue Nov 29 12:33:49 2011] [error] [client 10.10.17.9] gss_accept_sec_context() failed: Invalid token was supplied (Unknown error)
Is this a bug? mmmmmm
Note: i can even join AD with CIFS, so I think krb5.conf is really ok!
PS: excuse me for my poor english!
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://www.illumos.org/my/account
More information about the Pkg-team
mailing list