https://community.hpe.com/t5/operating-system-linux/kerberos-autentication-in-win-domain-using-mod-auth-kerb/m-p/3849714#M24866 Hi,<BR />I have problem with configuring kerberos authetication within windows domain using apache module mod_auth_kerb.<BR />At the beginning there was only one domain - the web server and users were in one domain AD.X.CZ<BR /><BR />there is listing of /etc/krb5.conf:<BR />[libdefaults]<BR /> ticket_lifetime = 24000<BR /> default_realm = AD.X.CZ<BR /> dns_lookup_realm = false<BR /> dns_lookup_kdc = false<BR /><BR />[realms]<BR /> AD.X.CZ = {<BR /> kdc = NTAD.x.cz:88<BR /> admin_server = NTAD.x.cz:749<BR /> default_domain = x.cz<BR /> }<BR /><BR />[domain_realm]<BR /> .x.cz = AD.X.CZ<BR /> x.cz = AD.X.CZ<BR /><BR />and listing of httpd.conf:<BR /><DIRECTORY><BR /> AuthType Kerberos<BR /> AuthName "Bla bla..."<BR /> KrbAuthRealms AD.X.CZ<BR /> KrbServiceName HTTP<BR /> KrbVerifyKDC off<BR /> Krb5Keytab /bla/bla/private/http.keytab<BR /> KrbMethodNegotiate off<BR /> KrbMethodK5Passwd on<BR /> KrbSaveCredentials off<BR /> KrbAuthoritative on<BR /> require valid-user<BR /></DIRECTORY> <BR /><BR />But now I need to allow access for users from another trusted domain (lets say AD.Y.CZ).<BR />I add to krb5.conf another realm and the same realm to KrbAuthRealms directive, but there are only failed logins in logs on win KDC. <BR /><BR />The attempts for authentication are for Y_domain_user@AD.X.CZ, but the Y_domain_user user is from domain Y, so error message "failed: Client not found in Kerberos database" appers in log.<BR /><BR />Where is the basic problem in my configuration?<BR />Any advice is really welcome.<BR /> Thu, 24 Aug 2006 06:10:19 GMT Josef Forman 2006-08-24T06:10:19Z https://community.hpe.com/t5/operating-system-linux/kerberos-autentication-in-win-domain-using-mod-auth-kerb/m-p/3849714#M24866 Hi,<BR />I have problem with configuring kerberos authetication within windows domain using apache module mod_auth_kerb.<BR />At the beginning there was only one domain - the web server and users were in one domain AD.X.CZ<BR /><BR />there is listing of /etc/krb5.conf:<BR />[libdefaults]<BR /> ticket_lifetime = 24000<BR /> default_realm = AD.X.CZ<BR /> dns_lookup_realm = false<BR /> dns_lookup_kdc = false<BR /><BR />[realms]<BR /> AD.X.CZ = {<BR /> kdc = NTAD.x.cz:88<BR /> admin_server = NTAD.x.cz:749<BR /> default_domain = x.cz<BR /> }<BR /><BR />[domain_realm]<BR /> .x.cz = AD.X.CZ<BR /> x.cz = AD.X.CZ<BR /><BR />and listing of httpd.conf:<BR /><DIRECTORY><BR /> AuthType Kerberos<BR /> AuthName "Bla bla..."<BR /> KrbAuthRealms AD.X.CZ<BR /> KrbServiceName HTTP<BR /> KrbVerifyKDC off<BR /> Krb5Keytab /bla/bla/private/http.keytab<BR /> KrbMethodNegotiate off<BR /> KrbMethodK5Passwd on<BR /> KrbSaveCredentials off<BR /> KrbAuthoritative on<BR /> require valid-user<BR /></DIRECTORY> <BR /><BR />But now I need to allow access for users from another trusted domain (lets say AD.Y.CZ).<BR />I add to krb5.conf another realm and the same realm to KrbAuthRealms directive, but there are only failed logins in logs on win KDC. <BR /><BR />The attempts for authentication are for Y_domain_user@AD.X.CZ, but the Y_domain_user user is from domain Y, so error message "failed: Client not found in Kerberos database" appers in log.<BR /><BR />Where is the basic problem in my configuration?<BR />Any advice is really welcome.<BR /> Thu, 24 Aug 2006 06:10:19 GMT https://community.hpe.com/t5/operating-system-linux/kerberos-autentication-in-win-domain-using-mod-auth-kerb/m-p/3849714#M24866 Josef Forman 2006-08-24T06:10:19Z