search

dmansfield / passport-negotiate

Negotiate (kerberos) authentication strategy for Passport.
12 stars 12 forks source link

Unspecified GSS failure in authenticate_gss_server_step(gss_accept_sec_context) #6

Open gentlebells opened 6 years ago

gentlebells commented 6 years ago

Hi I am trying to authenticate with passport-negotiate in Ubuntu. And KDC server is running on Windows AD and I've got the following error. I have read several posts and have tried many things, but it was difficult to find the cause of the error. Is there anything I need to check further? Thanks, Jo

Platform: Ubuntu 14.04 LTS KDC: Windows 2008


Error: authenticate_gss_server_step(gss_accept_sec_context): An unsupported mechanism was requested: Unknown error
   at Error (native)



passport.use('login', new NegotiateStrategy({
        servicePrincipalName: 'HTTP@test-host.testserver.com',
        verbose: true
  }, function (principal, done) {
    console.log('***************');
    console.log(principal);
    console.log(arguments);
    done(null, principal);
  }));



$ klist -k /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
  22 HTTP/test-host.testserver.com@TESTSERVER.COM

$ ls -al /etc/krb5.keytab
-rwxrwxrwx 1 root root 99 Nov 10 17:08 /etc/krb5.keytab
ophers commented 2 years ago

I don't think you need to specify 'servicePrincipalName' and if you do, shouldn't it be identical to the one in your keytab?