On Thu, Oct 30, 2008 at 10:47 AM, yuval wrote:
> Hi
>
>
>
> I try to authenticate web server clients on Linux apache.
>
>
>
> I have keytab from win2003 and kinit pass OK.
>
>
>
> Klist show valid principal.
>
> [Expert@fluid]# klist
>
> Ticket cache: FILE:/tmp/krb5cc_0
>
> Default principal:
> HTTP/fluid.w2003ex.qa.checkpoint.com@W2003EX.QA.CHECKPO INT.COM
>
>
>
> Valid starting Expires Service principal
>
> 10/30/08 14:50:28 10/31/08 00:50:46
> krbtgt/W2003EX.QA.CHECKPOINT.COM@W2003EX.QA.CHECKPOINT.CO M
>
> renew until 10/31/08 14:50:28
>
>
>
>
>
> Kerberos 4 ticket cache: /tmp/tkt0
>
> klist: You have no tickets cached
>
>
>
>
>
> but I got gss error "No principal in keytab matches desired name"


What is the URL you are using the address bar of the browser? The
hostname in the URL must match the hostname in the principal name in
the keytab file exactly. For example, if you use an IP address to
visit the website, you will get the aforementioned error.

List the contents of the keytab file with ktutil.

Are you sure the keytab file is being successfully ready by Apache?

Mike