You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Sanjay Kumar Sahu <sa...@gmail.com> on 2018/10/22 14:39:35 UTC
[users@httpd] Issue with Apache/Kerberos authentication
HI,
I want to create a new thread in Apache for following issue. Please create.
Currently we are facing Kerberos authentication issue in our RHEL7 server
running with Apache/2.4 upon changing Keytab with Crypto type=AES256.
Previously it's Crypto type=all. Please check following with the details.
We are using mod_auth_kerb on Red Hat Enterprise Linux for our application
MediaWiki 1.30.0 running in Apache/2.4
And we never face such issue related to kerberos authentication since we
used the keytab with following cipher algorithm in the encryption method.
(des-cbc-crc)
(des-cbc-md5)
(aes256-cts-hmac-sha1-96)
(aes128-cts-hmac-sha1-96)
Later, the DES crypto type is catagoried in weak crypto type and it's
denied to use in Produciton for security reason.
And we are asked to use the keytab using Advanced Encryption Standard (AES)
Cryptography with either of types (AES128 or AES265) for following cipher
algorithm.
(aes256-cts-hmac-sha1-96)
(aes128-cts-hmac-sha1-96)
But, unfortunately neither of the keytab encrypted with AES Crypto (AES128
or AES265) are working under Apache/2.4 and throws following error in HTTPD
server Error_log.
Error_log
-----------------
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may
provide more information (, No key table entry found for the SPN)
Please let us know if there is any solution to resolve for the issue.
--
*Thanks & Regards,*
*Sanjay Kumar Sahu*
Re: [users@httpd] Issue with Apache/Kerberos authentication
Posted by Yann Ylavic <yl...@gmail.com>.
Hi,
none in the modules provided by the httpd project (AFAICT), and I've
not heard of any (other) third-party modules either, sorry.
Some users might chime in, though...
Regards,
Yann.
On Thu, Oct 25, 2018 at 3:23 PM Sanjay Kumar Sahu
<sa...@gmail.com> wrote:
>
> Hi Yann,
> Could you please let me know which module is now supported by HTTPD to work with kerberos/SSO?
>
> thanks,
>
> On Mon, Oct 22, 2018, 20:38 Yann Ylavic <yl...@gmail.com> wrote:
>>
>> Hi,
>>
>> On Mon, Oct 22, 2018 at 4:39 PM Sanjay Kumar Sahu
>> <sa...@gmail.com> wrote:
>> >
>> > I want to create a new thread in Apache for following issue. Please create.
>>
>> You've just done it by sending this new message to the list (as
>> opposed to replying to an existing one).
>>
>> >
>> > Currently we are facing Kerberos authentication issue in our RHEL7 server running with Apache/2.4 upon changing Keytab with Crypto type=AES256. Previously it's Crypto type=all. Please check following with the details.
>>
>> Sorry I can't help with your issue, some user(s) on this list (with
>> mod_auth_kerb skills) might but please note that this modules is not
>> maintained by httpd, so you possibly want to ask on the relevant
>> support/users channel for this module.
>>
>> Regards,
>> Yann.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Issue with Apache/Kerberos authentication
Posted by Sanjay Kumar Sahu <sa...@gmail.com>.
Hi Yann,
Could you please let me know which module is now supported by HTTPD to work
with kerberos/SSO?
thanks,
On Mon, Oct 22, 2018, 20:38 Yann Ylavic <yl...@gmail.com> wrote:
> Hi,
>
> On Mon, Oct 22, 2018 at 4:39 PM Sanjay Kumar Sahu
> <sa...@gmail.com> wrote:
> >
> > I want to create a new thread in Apache for following issue. Please
> create.
>
> You've just done it by sending this new message to the list (as
> opposed to replying to an existing one).
>
> >
> > Currently we are facing Kerberos authentication issue in our RHEL7
> server running with Apache/2.4 upon changing Keytab with Crypto
> type=AES256. Previously it's Crypto type=all. Please check following with
> the details.
>
> Sorry I can't help with your issue, some user(s) on this list (with
> mod_auth_kerb skills) might but please note that this modules is not
> maintained by httpd, so you possibly want to ask on the relevant
> support/users channel for this module.
>
> Regards,
> Yann.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Issue with Apache/Kerberos authentication
Posted by Yann Ylavic <yl...@gmail.com>.
Hi,
On Mon, Oct 22, 2018 at 4:39 PM Sanjay Kumar Sahu
<sa...@gmail.com> wrote:
>
> I want to create a new thread in Apache for following issue. Please create.
You've just done it by sending this new message to the list (as
opposed to replying to an existing one).
>
> Currently we are facing Kerberos authentication issue in our RHEL7 server running with Apache/2.4 upon changing Keytab with Crypto type=AES256. Previously it's Crypto type=all. Please check following with the details.
Sorry I can't help with your issue, some user(s) on this list (with
mod_auth_kerb skills) might but please note that this modules is not
maintained by httpd, so you possibly want to ask on the relevant
support/users channel for this module.
Regards,
Yann.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org