虚拟主机已经configuration了这些选项;
AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd Off KrbAuthRealms EXAMPLE.COM KrbAuthoritative On KrbServiceName HTTP/[email protected] Krb5KeyTab /path/to/krb/site.keytab require valid-user site.keytab是apache可读的,包含一个有效的主体;
root@pa2# klist -k /path/to/krb/site.keytab Keytab name: FILE:/path/to/krb/site.keytab KVNO Principal ---- -------------------------------------------------------------------------- 13 HTTP/[email protected] (des-cbc-crc) 13 HTTP/[email protected] (des-cbc-md5) 13 HTTP/[email protected] (arcfour-hmac) 13 HTTP/[email protected] (aes256-cts-hmac-sha1-96) 13 HTTP/[email protected] (aes128-cts-hmac-sha1-96) root@pa2# kvno -k /path/to/krb/site.keytab HTTP/[email protected] HTTP/[email protected]: kvno = 13, keytab entry valid
但是,当我尝试访问该网站,我得到这个错误在Apache错误日志;
[Mon Mar 21 10:30:37.846616 2016] [auth_kerb:error] [pid 11217] [client ...:60195] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, Cannot find key for HTTP/[email protected] kvno 5 in keytab)
目前的kvno确实不是5。
在客户端Windows计算机上发出klist purge解决了kvno问题。