Re: [squid-users] squid_kerb_auth.... Key Version number?

From: Mrvka Andreas <mrv_at_tuv.at>
Date: Tue, 22 Sep 2009 08:48:28 +0200

Hello,

on the next day, I also get my "Key Version number"-problem on the same domain

What is the best way to keep the versions in sync?
I already erased the computer account and did msktutil again.
I believe that for a short time the versions were correct (said klist and
kvno) but during tests with squid they differed.!?

I only use one KDC Win2k8 (configured in krb5.conf).

Does anybody has a clue?

Thanks
Andrew

Am Dienstag, 22. September 2009 00:33:13 schrieb Mrvka Andreas:
> Hi list,
>
> does anybody know what to do againg different key version numbers using
> squid_kerb_auth?
>
> I created HTTP.keytab from the msktutil and works great.
> In fact in this domain where squid lives this internet explorers has no
> problem using squid_kerb_auth.
>
> On other domains I get
> "Unspecified GSS failure. Minor code may provide more information. Key
> version number for principal in key table is incorrect"
>
> Via "klist -ke" and "kvno HTTP/fqdn" I am able to can compare these keys
> and they differ.
>
> "kinit -R" doesn't work...: "KDC can't fulfill requested option while
> renewing credentials"
>
> Can anybody shine me a light?
>
> Thanks you very much.
> Andrew
>
Received on Tue Sep 22 2009 - 06:48:36 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 22 2009 - 12:00:02 MDT