git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[users@httpd] Issue with Apache/Kerberos authentication


HI,

I want to create a new thread in Apache for following issue. Please create.


Currently we are facing Kerberos authentication issue in our RHEL7 server running with Apache/2.4 upon changing Keytab with Crypto type=AES256. Previously it's Crypto type=all. Please check following with the details.
We are using mod_auth_kerb on Red Hat Enterprise Linux  for our application MediaWiki 1.30.0 running in Apache/2.4
And we never face such issue related to kerberos authentication since we used the keytab with following cipher algorithm in the encryption method.
(des-cbc-crc)
(des-cbc-md5)
(aes256-cts-hmac-sha1-96)
(aes128-cts-hmac-sha1-96)
Later, the DES crypto type is catagoried in weak crypto type and it's denied to use in Produciton for security reason.
And we are asked to use the keytab using Advanced Encryption Standard (AES) Cryptography with either of types (AES128 or AES265) for following cipher algorithm.
(aes256-cts-hmac-sha1-96)
(aes128-cts-hmac-sha1-96)
But, unfortunately neither of the keytab encrypted with AES Crypto (AES128 or AES265) are working under Apache/2.4 and throws following error in HTTPD server Error_log.

Error_log
-----------------
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, No key table entry found for the SPN)
Please let us know if there is any solution to resolve for the issue.

--
Thanks & Regards,
 

Sanjay Kumar Sahu