我试图让单点登录系统正常工作,但我不断遇到同样的错误。
这是日志的一部分:
单点登录失败
[2011 年 12 月 27 日星期二 14:34:23] [调试] src/mod_auth_kerb.c(1667): [客户端 10.29.0.153] kerb_authenticate_user 使用用户 (NULL) 和 auth_type Kerberos 输入
[Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1667): [client 10.29.0.153] kerb_authenticate_user 使用 user (NULL) 和 auth_type Kerberos 输入
[Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1277): [client 10.29.0.153] 获取 HTTP/[电子邮件受保护]
[Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1424): [client 10.29.0.153] 使用 KRB5 GSS-API 验证客户端数据
[Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1440): [client 10.29.0.153] 客户端没有将他们的凭据委托给我们
[Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1468): [client 10.29.0.153] 警告:收到的令牌似乎是 NTLM,Kerberos 模块不支持它。检查您的 IE 配置。
[2011 年 12 月 27 日星期二 14:34:23] [调试] src/mod_auth_kerb.c(1138): [客户端 10.29.0.153] GSS-API Major_status:00090000,minor_status:00000000
[2011 年 12 月 27 日星期二 14:34:23] [错误] [客户端 10.29.0.153] gss_accept_sec_context() 失败:提供了无效令牌(无错误)
通过基本身份验证登录
[2011 年 12 月 27 日星期二 14:34:31] [调试] src/mod_auth_kerb.c(1667): [客户端 10.29.0.153] kerb_authenticate_user 使用用户 (NULL) 和 auth_type Kerberos 输入
[2011 年 12 月 27 日星期二 14:34:31] [调试] src/mod_auth_kerb.c(1025): [客户端 10.29.0.153] 使用 HTTP/[电子邮件受保护] 作为密码验证的服务器主体
[Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(714): [client 10.29.0.153] 尝试为用户获取 TGT [电子邮件受保护]
[2011 年 12 月 27 日星期二 14:34:31] [调试] src/mod_auth_kerb.c(1110): [客户端 10.29.0.153] kerb_authenticate_user_krb5pwd ret=0 [电子邮件受保护] authtype=Basic
[Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(1667): [client 10.29.0.153] kerb_authenticate_user 使用 user (NULL) 和 auth_type Kerberos 输入
[Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(1605): [client 10.29.0.153] 与之前的身份验证请求匹配
有谁明白这意味着什么以及我应该如何修复它?
I'm trying to get a Single Sign On system working, but I keep on hitting the same error.
Here is a part of the logs:
single sign on failure
[Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1667): [client 10.29.0.153] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1667): [client 10.29.0.153] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1277): [client 10.29.0.153] Acquiring creds for HTTP/[email protected]
[Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1424): [client 10.29.0.153] Verifying client data using KRB5 GSS-API
[Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1440): [client 10.29.0.153] Client didn't delegate us their credential
[Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1468): [client 10.29.0.153] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.
[Tue Dec 27 14:34:23 2011] [debug] src/mod_auth_kerb.c(1138): [client 10.29.0.153] GSS-API major_status:00090000, minor_status:00000000
[Tue Dec 27 14:34:23 2011] [error] [client 10.29.0.153] gss_accept_sec_context() failed: Invalid token was supplied (, No error)
login via basic auth
[Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(1667): [client 10.29.0.153] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(1025): [client 10.29.0.153] Using HTTP/[email protected] as server principal for password verification
[Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(714): [client 10.29.0.153] Trying to get TGT for user [email protected]
[Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(1110): [client 10.29.0.153] kerb_authenticate_user_krb5pwd ret=0 [email protected] authtype=Basic
[Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(1667): [client 10.29.0.153] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Tue Dec 27 14:34:31 2011] [debug] src/mod_auth_kerb.c(1605): [client 10.29.0.153] matched previous auth request
Does anyone understand what this means and how I should fix it?
发布评论