I am using mod_auth_kerb in apache2 to perform single sign on against an Active Directory domain controller (server 2008) using a web browser.
It works fine on XP sp3 clients (using both IE7 and Firefox), but it fails on Vista clients. The browser is sending a negotiate header, but the authentication fails on the webserver with the following error in the apache error_log:
~~~
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (Unknown code krb5 181)
~~~
I tried installing a fresh copy of Vista on a new machine, as well as allowing NTLM (v1). No dice.
I have had no luck determining the meaning of the error message either.
I'm looking for a solution to the problem (that is, a way to get SSO working with Vista), but an accurate explanation of the error message would be extremely helpful as well. (How can I fix it when I don't know what's wrong?)
Here is the error_log output with debug level logging enabled:
~~~~~
[Mon Dec 01 10:50:00 2008] [debug] src/mod_auth_kerb.c(1432):
[client x.x.x.x] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Mon Dec 01 10:50:00 2008] [debug] src/mod_auth_kerb.c(1432):
[client x.x.x.x] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Mon Dec 01 10:50:00 2008] [debug] src/mod_auth_kerb.c(1147):
[client x.x.x.x] Acquiring creds for HTTP@server1
[Mon Dec 01 10:50:00 2008] [debug] src/mod_auth_kerb.c(1266):
[client x.x.x.x] Verifying client data using KRB5 GSS-API
[Mon Dec 01 10:50:00 2008] [debug] src/mod_auth_kerb.c(1282):
[client x.x.x.x] Verification returned code 851968
[Mon Dec 01 10:50:00 2008] [error] [client x.x.x.x] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (Unknown code krb5 181)
~~~~~
Thanks so much!
Start Free Trial
