问题:
gss_display_name()失败:无法读取所需的输入参数:提供了无效的名称(未知错误)
郦磊
我正试图在Apache 2.2.15-30(CentOs 6.5)上设置Kerberos身份验证,并且面临一个无法调试或解决的问题。我可以在KDC日志中看到TGS请求,Firefox发送了正确的授权:协商头,但Apache中出现了问题,我得到了HTTP 500。
Jul 02 20:59:03 infa.domain.local krb5kdc[1847](info): TGS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.218.201: ISSUE: authtime 1404320175, etypes {rep=23 tkt=23 ses=23}, Administrator@DOMAIN.LOCAL for HTTP/infa.domain.local@DOMAIN.LOCAL
[Wed Jul 02 20:59:01 2014] [debug] src/mod_auth_kerb.c(1940): [client 192.168.218.1] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1940): [client 192.168.218.1] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1279): [client 192.168.218.1] Acquiring creds for HTTP/infa.domain.local
[Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1692): [client 192.168.218.1] Verifying client data using KRB5 GSS-API
[Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1708): [client 192.168.218.1] Client didn't delegate us their credential
[Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1727): [client 192.168.218.1] GSS-API token of length 941 bytes will be sent back
[Wed Jul 02 20:59:03 2014] [debug] src/mod_auth_kerb.c(1139): [client 192.168.218.1] GSS-API major_status:01020000, minor_status:00000000
[Wed Jul 02 20:59:03 2014] [error] [client 192.168.218.1] gss_display_name() failed: A required input parameter could not be read: An invalid name was supplied (, Unknown error)
GET http://infa.domain.local/server-status HTTP/1.1
Host: infa.domain.local
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cache-Control: max-age=0
HTTP/1.1 401 Authorization Required
Date: Wed, 02 Jul 2014 19:32:39 GMT
Server: Apache/2.2.15 (CentOS)
WWW-Authenticate: Negotiate
Content-Length: 484
Connection: close
Content-Type: text/html; charset=iso-8859-1
Proxy-Support: Session-Based-Authentication
GET http://infa.domain.local/server-status HTTP/1.1
Host: infa.domain.local
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cache-Control: max-age=0
Authorization: Negotiate YIID5QYGKwYBBQUCoIID2TCCA9WgCjAIBgYrBgEFAgWiggPFBIIDwWCCA70GBisGAQUCBQUBMBChDgQMRE9NQUlOLkxPQ0FMbIIDnTCCA5mhAwIBBaIDAgEMo4IDFzCCAxMwggIvoQMCAQGiggImBIICIm6CAh4wggIaoAMCAQ WhAwIBDqIHAwUAAAAAAKOCAU9hggFLMIIBR6ADAgEFoQ4bDERPTUFJTi5MT0NBTKIhMB+gAwIBAqEYMBYbBmtyYnRndBsMRE9NQUlOLkxPQ0FMo4IBCzCCAQegAwIBEqEDAgEBooH6BIH3jDiOe80e8vCv7Tmsd+t0spncJWnD v99vLDpi5PYc1Gj8vGH7xJxnz4dsr6WavFLmgYCRnvrF+Y+lU/QVF/AUNiqIG7ifGAJGD4IKHzcyYfNo9BLlNBGBckLdIhC3o2G8VfHWxv+Zo6DNfZUJsIVfoN2bls2C8K9K2pv/qd/FHR96+3JpCkRSb2tKqh2VQBA2mplvJML38nvHQkp5Y0rHQ ecbc0bHns1ddh/RLIlPcwdy8r7xDx7m5QUWH3gI6nSEhrcd/sIKoRJ88ezcMfqumXq2UxvBdBJAH86q9r9r/t74jXpyDFlRgF/Z6OLMwMdus2AkBNrbiaSBsTCBrqADAgEXooGmBIGj4DUpIRQjvddUEpp7sft5UjlnOPOCia9BSyxYBszOihLHr2D 2B6mL6fmqx7IcAVfVzV66B/gqQ4roAh0z4YKensKtqIAG7au2RsXtYNAjEgUFgh7dEE7kACUFoVB2VUK2mtjuHabbwMZ4gprrRIgDeFqROIhxWasVgxhak6dXQAKGEyvVlGoeLTJTPER5s2tcDRkoVTLFO0hBJxarNI/GTk1e1jCB3aEEAgIAi KKB1ASB0aCBzjCBy6EcMBqgBAIC/3ahEgQQSjwHqwdg2yuvh3nbGzDVuqKBqjCBp6ADAgEXooGfBIGccNThLwiDzyz8cJYPfI6hU505ydEQdRt6N036ZZ98Y49YfV+WWpCgXxhmL/8zhilAC2mQi5cvE5XOJOzGrWHnzl6AO1KfJQKjvogV zrFhdoPMVssGnBkrD40fsIA2uPJ2e0OeKRC/tOizUg8tVIdhkoivnh69Q1BDAx3JFjx3txRtDoSZHz6x4mlBSs72xFIlIkA7yhXH+nmml4yfpHIwcKAHAwUAUIEAAKIOGwxET01BSU4uTE9DQUyjJDAioAMCAQOhGzAZGwRIVFRQGxFpbmZh LmRvbWFpbi5sb2NhbKURGA8yMDE0MDcwMzAyNTYxNlqnBgIEU7ReW6gUMBICARICARECARACARcCARkCARo=
HTTP/1.1 500 Internal Server Error
Date: Wed, 02 Jul 2014 19:32:42 GMT
Server: Apache/2.2.15 (CentOS)
WWW-Authenticate: Negotiate oYIDqTCCA6WgAwoBAaEIBgYrBgEFAgWiggOSBIIDjgUBMBChDgQMRE9NQUlOLkxPQ0FMbYIDdjCCA3KgAwIBBaEDAgENooHVMIHSMIHPoQQCAgCIooHGBIHDoIHAMIG9oIG6MIG3oAMCAReiga8Egawhq77nnFYKOC2elIoQEMv 3HoPncmPLVp6/yr+HtLIuoyAsAUdbvyXars5ixGdPlg1IaceQQ3ThVvvsRthV86O4M2l55LfhlfIINZr7xQks3EKTAEA1OfsggBXdmShHV/29W2iLaQP60BvBlYCOGePMyMKp8jcgdNUQ6jLqq6No0Qk7Kro8IIjESMmVR3BAndbUfpDNYqO+IxY am/pl96xCQgu4iNznoglrYBf7ow4bDERPTUFJTi5MT0NBTKQaMBigAwIBAaERMA8bDUFkbWluaXN0cmF0b3KlggFjYYIBXzCCAVugAwIBBaEOGwxET01BSU4uTE9DQUyiJDAioAMCAQOhGzAZGwRIVFRQGxFpbmZhLmRvbWFpbi5sb 2NhbKOCARwwggEYoAMCARehAwIBAaKCAQoEggEGyeo+gzn7hHLgwIGfZiT3kfiua+yD1d0EDhyoAmctFzukkw7xqdyMZn+gfDna6O0WI7TC6Yv2pQqg1Ph76SZ11ZQu4xXn4FBPu3G9LwbPUxN9+cohhCTPmAX6SLyNu7n9UAKLsccjb kLq8HJjUgzfLus6AqUeerqjc3eSyr+r1onfQSL9JCNtpOUWtuxGIThTQfOXEYVlVyjMi37bnAFPMrxPERL/7m3vYm3x60HBu5KHy7xfbab8jftIsr33Z/2nnMxNi5LjqVBail4BpZiuRCMmko566KSLKWRSpvr6x/YUR5TPmhXjO3YGdi2VucDn6QW t81q2dQSYvAQnbuHDL84IQUY126aB+jCB96ADAgEXooHvBIHsmFwxE55S5Gi5VkPG0cS11MHsQvllqJAIxGMkzakyyYCfMKCpHFfyIf/2bIGPvSyCCWOqFxnMOA1a/c2d3eUk6Yr+H5c8PDFePxVbKijvZRVRVJ1pAifpm9kUoKcGMo0SH 9m0H4yu94/ESE7QbEcx7pQac1Udq894rgF7OmnQXZZ6mX2VUrIb0xHxaaj9oR8+zC8vGWyyqVSZhtURxQ8Anr+MifqWKPP2QpWFohptl/zl8bYmMqs1nEH3TIe1wvtOgeqGh6KumbC4rc9IVCN8rx+3XCVr/2BM27nURT21MUzwU1tbpQM LSqT0gFE=
Content-Length: 617
Connection: close
Content-Type: text/html; charset=iso-8859-1
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
DOMAIN.LOCAL = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
forwardable = true
proxiable = true
supported_enctypes = rc4-hmac:normal
}
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
proxiable = true
default_tgs_enctypes = rc4-hmac
default_tkt_enctypes = rc4-hmac
[realms]
DOMAIN.LOCAL = {
kdc = infa.domain.local:88
admin_server = infa.domain.local:749
}
[domain_realm]
.domain.local = DOMAIN.LOCAL
domain.local = DOMAIN.LOCAL
LoadModule auth_kerb_module modules/mod_auth_kerb.so
<Location /server-status>
#SSLRequireSSL
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd Off
KrbAuthRealms DOMAIN.LOCAL
Krb5KeyTab /etc/httpd/conf/http.keytab
KrbServiceName HTTP/infa.domain.local
require valid-user
</Location>
Keytab name: FILE:/etc/httpd/conf/http.keytab
KVNO Principal
---- --------------------------------------------------------------------------
0 HTTP/infa.domain.local@DOMAIN.LOCAL (arcfour-hmac)
有人知道问题出在哪里吗?如果有任何评论,我将不胜感激。
谢谢你马丁
共有1个答案
安经纶
当客户的时钟偏差太大时,我得到了这个确切的信息。设置时钟(并启用ntp:-)使其工作。
类似资料:
-
问题内容: 我经常碰巧处理可以是数组或null变量的数据,并用这些数据提供一些数据。 当为foreach提供非数组数据时,会收到警告: 警告:[…]中为foreach()提供了无效的参数 假设无法重构该函数以始终返回数组(向后兼容性,不可用的源代码,无论其他原因),我想知道哪种方法最有效,最有效的避免了这些警告: 转换为数组 初始化为数组 包裹有 其他(请建议) 问题答案: 我个人认为这是最干净的
-
问题内容: 从那以后,我们了解到,从db2jcc.jar(UNIVERSAL)的db2jcc4.jar(JCC)进行更改可以解决我们开发环境中的问题。问题是不起作用的是较新的一个。如果没有充分的理由,我们不想向后退。但是我不理解以上链接中的查询在新驱动程序中无效的原因。 我们知道那是列…如果我们通过强制使用空格将其从结果中删除,则一切正常(除非我们不获取数据)。该查询在其他环境中运行良好。 我看到
-
问题内容: 我正在尝试使用以下命令在我的AVD上运行react native应用程序: 但出现以下错误: .babelrc: package.json: 我正在使用Windows,node.js v 8.11.3&react native v 0.55.4 我已经尝试了互联网上推荐的所有东西(特别是github),但还是没有运气。如果有人可以提供帮助,我们深表感谢。 问题答案: 这是错误 设置版本
-
问题内容: 我有这张桌子: 我使用这样的查询,但出现错误: 我想显示这样的表: 如何实现呢? 问题答案: 我想在您的查询的问题是, 是的,你是想选择一个空的()。 您必须解决方法: 更改为(2010,2012 ..将被视为字符串,我不知道是否可以) 放:
-
我不熟悉量角器测试。似乎缺少getWebelement。我的保护者的版本是3.0。0.其他属性正常(如单击、评估…) 或者 (c:\Users\xxx\AppData\Roaming\npm\node\u modules\dragor\lib\element.js:754:36)位于c:\Users\xxx\AppData\Roaming\npm\node\u modules\dragor\nod
-
嗨,我有多个数据库表('dearchs,suppliers,histories'),并试图在dearches索引上显示与dearches相关的供应商数据(在dearchs表supplier_id中用作外键),但它显示错误:为foreach()提供的参数无效 注意只有经销商在索引上显示,我使用资源路由 索引代码: 控制器代码: 根据https://laravel.com/docs/5.8/eloqu