mod_auth_kerb failing when kinit works - Apache

Marc Boorshtein wrote:
> Hello,
>
> I've setup mod_auth_kerb on a fedora core 4 system on which kinit runs
> perfectly. When I try to log onto a web server with the error:
>
> [Thu Feb 09 11:07:13 2006] [error] [client 10.2.97.82]
> gss_import_name() failed: An invalid name was supplied (Cannot
> determine realm for numeric host address)
>
> What does this error mean?
>
> Thanks
> Marc
>
>
Kerberos only works with hosts that have known hostnames (either through
DNS or /etc/hosts). Your client's hostname was unknown.

--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=...486&dat=121642

Le Jeudi 9 Février 2006 19:35, Howard Chu a écrit :
> Marc Boorshtein wrote:
> > Hello,
> >
> > I've setup mod_auth_kerb on a fedora core 4 system on which kinit runs
> > perfectly. When I try to log onto a web server with the error:
> >
> > [Thu Feb 09 11:07:13 2006] [error] [client 10.2.97.82]
> > gss_import_name() failed: An invalid name was supplied (Cannot
> > determine realm for numeric host address)
> >
> > What does this error mean?
> >
> > Thanks
> > Marc
>
> Kerberos only works with hosts that have known hostnames (either through
> DNS or /etc/hosts). Your client's hostname was unknown.
>
> --

DNS is the most common source of errors in a Kerberos setup.

Beware not to use /etc/hosts it will not work all the time, notably for
reverse DNS lookups. It must work both ways.

--
Stephane Konstantaropoulos <skonstant@sgul.ac.uk>
St George's University of London

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBD7GcBsZFoeToEeG4RAqUvAJ9JNxkZSrdcx1Lw2ziNcEhTH1RYYgCcDr7g
I9cC7B4Sl/J984bPb9PMsb4=
=nU9G
-----END PGP SIGNATURE-----

/etc/hosts is OK. You just have to put the right stuff in it:

1.2.3.4 machine.wherever.com machine

Put the FQDN first so the reverse lookup gives you the same answer as
DNS.

On Feb 10, 2006, at 2:12 AM, Stéphane Konstantaropoulos wrote:

> Le Jeudi 9 Février 2006 19:35, Howard Chu a écrit :
>> Marc Boorshtein wrote:
>>> Hello,
>>>
>>> I've setup mod_auth_kerb on a fedora core 4 system on which kinit
>>> runs
>>> perfectly. When I try to log onto a web server with the error:
>>>
>>> [Thu Feb 09 11:07:13 2006] [error] [client 10.2.97.82]
>>> gss_import_name() failed: An invalid name was supplied (Cannot
>>> determine realm for numeric host address)
>>>
>>> What does this error mean?
>>>
>>> Thanks
>>> Marc
>>
>> Kerberos only works with hosts that have known hostnames (either
>> through
>> DNS or /etc/hosts). Your client's hostname was unknown.
>>
>> --
>
> DNS is the most common source of errors in a Kerberos setup.
>
> Beware not to use /etc/hosts it will not work all the time, notably
> for
> reverse DNS lookups. It must work both ways.
>
> --
> Stephane Konstantaropoulos <skonstant@sgul.ac.uk>
> St George's University of London



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=...#0486&dat1642

I actually gave up, because all I wanted was to authenticate against
an AD server with a uid/pwd, so I ended up using LDAP.

Marc

On 2/17/06, Henry B. Hotz <hotz@jpl.nasa.gov> wrote:
> /etc/hosts is OK. You just have to put the right stuff in it:
>
> 1.2.3.4 machine.wherever.com machine
>
> Put the FQDN first so the reverse lookup gives you the same answer as
> DNS.
>
> On Feb 10, 2006, at 2:12 AM, Stéphane Konstantaropoulos wrote:
>
> > Le Jeudi 9 Février 2006 19:35, Howard Chu a écrit :
> >> Marc Boorshtein wrote:
> >>> Hello,
> >>>
> >>> I've setup mod_auth_kerb on a fedora core 4 system on which kinit
> >>> runs
> >>> perfectly. When I try to log onto a web server with the error:
> >>>
> >>> [Thu Feb 09 11:07:13 2006] [error] [client 10.2.97.82]
> >>> gss_import_name() failed: An invalid name was supplied (Cannot
> >>> determine realm for numeric host address)
> >>>
> >>> What does this error mean?
> >>>
> >>> Thanks
> >>> Marc
> >>
> >> Kerberos only works with hosts that have known hostnames (either
> >> through
> >> DNS or /etc/hosts). Your client's hostname was unknown.
> >>
> >> --
> >
> > DNS is the most common source of errors in a Kerberos setup.
> >
> > Beware not to use /etc/hosts it will not work all the time, notably
> > for
> > reverse DNS lookups. It must work both ways.
> >
> > --
> > Stephane Konstantaropoulos <skonstant@sgul.ac.uk>
> > St George's University of London
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmdl...#0486&dat1642
> _______________________________________________
> modauthkerb-help mailing list
> modauthkerb-help@lists.sourceforge.net
> https://lists.sourceforge.net/lists/...dauthkerb-help
>


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=...#0486&dat1642