我全新安装了 apache 2.4。我想使用 kerberos 身份验证。我编译并安装了 mod_auth_kerb 模块。这是我的配置
<location "/restriced/">
SSLRequireSSL
AuthName "Kerberos login"
AuthType Kerberos
KrbMethodNegotiate On
KrbMethodK5Passwd Off
KrbVerifyKDC Off
KrbServiceName HTTPS
KrbAuthRealms ******.***
Krb5KeyTab /etc/krb5.keytab
KrbLocalUserMapping On
require valid-user
</location>
当我尝试访问“受限”位置时出现此错误:
[Mon Sep 30 10:21:18.782978 2013] [authz_core:debug] [pid 2219:tid 140278178531072] mod_authz_core.c(802): [client xx.xx.xx.xx:61773] **AH01626: authorization result of Require valid-user : denied (no authenticated user yet)**
[Mon Sep 30 10:21:18.783004 2013] [authz_core:debug] [pid 2219:tid 140278178531072] mod_authz_core.c(802): [client xx.xx.xx.xx:61773] **AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)**
[Mon Sep 30 10:21:18.783042 2013] [auth_kerb:debug] [pid 2219:tid 140278178531072] src/mod_auth_kerb.c(1643): [client xx.xx.xx.xx:61773] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Mon Sep 30 10:21:18.783099 2013] [auth_kerb:debug] [pid 2219:tid 140278178531072] src/mod_auth_kerb.c(1255): [client xx.xx.xx.xx:61773] Acquiring creds for HTTPS@**********.***
[Mon Sep 30 10:21:18.786080 2013] [auth_kerb:debug] [pid 2219:tid 140278178531072] src/mod_auth_kerb.c(1116): [client xx.xx.xx.xx:61773] GSS-API major_status:000d0000, minor_status:000186a4
[Mon Sep 30 10:21:18.786127 2013] [auth_kerb:error] [pid 2219:tid 140278178531072] [client xx.xx.xx.xx:61773] gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information (, )
谢谢你的帮助。
答案1
消息“minor_status:000186a4”表示 apache 无法读取密钥文件。
最可能的原因是该文件获得了错误的权限,或者格式不正确。