Topic
  • 5 replies
  • Latest Post - ‏2014-12-29T22:19:57Z by RanjithKoppu
SystemAdmin
SystemAdmin
9855 Posts

Pinned topic WebSEAL, SPNEGO and keytab problem

‏2010-01-04T11:46:12Z |
The problem is that after I’ve configured SPNEGO/Kerberos and try to start WebSEAL I receive following error:

HPDST0130E The security service function gss_acquire_cred returned the error 'No principal in keytab matches desired name'
...
DPWWA2410E Initialization of Kerberos authentication for server principal 'HTTP@idptesti.xyz.fi' failed.

My webseald.conf looks as follows:
spnego-krb-service-name = HTTP@idptesti.xyz.fi
spnego-krb-keytab-file = /var/pdweb/keytab-palvelin/palvelin _HTTP.keytab

I already ran kinit with a keytab without any problem. What am I doing wrong here? Could it have something to do with domains/hosts? My AD domain is ABC.ROOT and the host name of the WebSEAL is 'palvelin'. The name idptesti.xyz.fi is used as point-of-contact for TFIM; the name is configured into /etc/hosts.
Updated on 2010-11-25T11:02:09Z at 2010-11-25T11:02:09Z by Giri_Daks
  • SystemAdmin
    SystemAdmin
    9855 Posts

    Re: WebSEAL, SPNEGO and keytab problem

    ‏2010-01-07T13:49:04Z  
    Problem solved. I had to add idptesti.xyz.fi under domain_realm stanza and into /etc/hosts file.
  • bakup
    bakup
    1 Post

    Re: WebSEAL, SPNEGO and keytab problem

    ‏2010-07-30T16:47:41Z  
    Problem solved. I had to add idptesti.xyz.fi under domain_realm stanza and into /etc/hosts file.
    i add to host and ping is ok,but rut failed

    2010-07-30-22:05:20.088+08:00I----- 0x38CF0156 webseald WARNING wwa server config.cpp 1828 0x00000001
    DPWWA0342W The configuration data for this WebSEAL instance has been logged in '/var/pdweb/log/config_data__default-webseald-soaserverb_boot1.log'
    2010-07-30-22:05:20.412+08:00I----- 0x30923082 webseald ERROR bst general amstli.c 2191 0x00000001
    HPDST0130E The security service function gss_acquire_cred returned the error 'Miscellaneous failure' (code 0x000d0000/851968).
    2010-07-30-22:05:20.413+08:00I----- 0x30923082 webseald ERROR bst general amstli.c 2209 0x00000001
    HPDST0130E The security service function gss_acquire_cred returned the error 'No principal in keytab matches desired name' (code 0x1cff2901/486484225).
    2010-07-30-22:05:20.413+08:00I----- 0x13212064 webseald ERROR ias general ivpam.c 613 0x00000001
    HPDIA0100E An internal error has occurred.
    2010-07-30-22:05:20.413+08:00I----- 0x13212064 webseald WARNING ias general pdauthn.cpp 1773 0x00000001
    HPDIA0100E An internal error has occurred.
    2010-07-30-22:05:20.413+08:00I----- 0x38CF096A webseald ERROR wwa spnego authn-spnego.cpp 381 0x00000001
    DPWWA2410E Initialization of Kerberos authentication for server principal 'HTTP@soaserverb.gs.tobacco.gov.cn' failed.
    2010-07-30-22:05:20.419+08:00I----- 0x38AD50A4 webseald WARNING wiv general IVServer.cpp 1007 0x00000001
    DPWIV0164W Could not start background process
    what is it
  • Giri_Daks
    Giri_Daks
    99 Posts

    Re: WebSEAL, SPNEGO and keytab problem

    ‏2010-11-25T11:02:09Z  
    • bakup
    • ‏2010-07-30T16:47:41Z
    i add to host and ping is ok,but rut failed

    2010-07-30-22:05:20.088+08:00I----- 0x38CF0156 webseald WARNING wwa server config.cpp 1828 0x00000001
    DPWWA0342W The configuration data for this WebSEAL instance has been logged in '/var/pdweb/log/config_data__default-webseald-soaserverb_boot1.log'
    2010-07-30-22:05:20.412+08:00I----- 0x30923082 webseald ERROR bst general amstli.c 2191 0x00000001
    HPDST0130E The security service function gss_acquire_cred returned the error 'Miscellaneous failure' (code 0x000d0000/851968).
    2010-07-30-22:05:20.413+08:00I----- 0x30923082 webseald ERROR bst general amstli.c 2209 0x00000001
    HPDST0130E The security service function gss_acquire_cred returned the error 'No principal in keytab matches desired name' (code 0x1cff2901/486484225).
    2010-07-30-22:05:20.413+08:00I----- 0x13212064 webseald ERROR ias general ivpam.c 613 0x00000001
    HPDIA0100E An internal error has occurred.
    2010-07-30-22:05:20.413+08:00I----- 0x13212064 webseald WARNING ias general pdauthn.cpp 1773 0x00000001
    HPDIA0100E An internal error has occurred.
    2010-07-30-22:05:20.413+08:00I----- 0x38CF096A webseald ERROR wwa spnego authn-spnego.cpp 381 0x00000001
    DPWWA2410E Initialization of Kerberos authentication for server principal 'HTTP@soaserverb.gs.tobacco.gov.cn' failed.
    2010-07-30-22:05:20.419+08:00I----- 0x38AD50A4 webseald WARNING wiv general IVServer.cpp 1007 0x00000001
    DPWIV0164W Could not start background process
    what is it
    I am also facing the similar error, but i can start the webseal if i try to restart after some time..
    Is there any permanent fix for this issue?
  • pkh
    pkh
    10 Posts

    Re: WebSEAL, SPNEGO and keytab problem

    ‏2013-10-03T07:18:24Z  
    • bakup
    • ‏2010-07-30T16:47:41Z
    i add to host and ping is ok,but rut failed

    2010-07-30-22:05:20.088+08:00I----- 0x38CF0156 webseald WARNING wwa server config.cpp 1828 0x00000001
    DPWWA0342W The configuration data for this WebSEAL instance has been logged in '/var/pdweb/log/config_data__default-webseald-soaserverb_boot1.log'
    2010-07-30-22:05:20.412+08:00I----- 0x30923082 webseald ERROR bst general amstli.c 2191 0x00000001
    HPDST0130E The security service function gss_acquire_cred returned the error 'Miscellaneous failure' (code 0x000d0000/851968).
    2010-07-30-22:05:20.413+08:00I----- 0x30923082 webseald ERROR bst general amstli.c 2209 0x00000001
    HPDST0130E The security service function gss_acquire_cred returned the error 'No principal in keytab matches desired name' (code 0x1cff2901/486484225).
    2010-07-30-22:05:20.413+08:00I----- 0x13212064 webseald ERROR ias general ivpam.c 613 0x00000001
    HPDIA0100E An internal error has occurred.
    2010-07-30-22:05:20.413+08:00I----- 0x13212064 webseald WARNING ias general pdauthn.cpp 1773 0x00000001
    HPDIA0100E An internal error has occurred.
    2010-07-30-22:05:20.413+08:00I----- 0x38CF096A webseald ERROR wwa spnego authn-spnego.cpp 381 0x00000001
    DPWWA2410E Initialization of Kerberos authentication for server principal 'HTTP@soaserverb.gs.tobacco.gov.cn' failed.
    2010-07-30-22:05:20.419+08:00I----- 0x38AD50A4 webseald WARNING wiv general IVServer.cpp 1007 0x00000001
    DPWIV0164W Could not start background process
    what is it

    Dear All,

    I am facing the same issue while enabling SPNEGO with TAM 6.0 WebSEAL. I would really appreciate if anybody can suggest a solution here

     

    2013-10-03-11:10:57.649+05:30I----- 0x38CF0156 webseald WARNING wwa server config.cpp 1936 0x00000001
    DPWWA0342W   The configuration data for this WebSEAL instance has been logged in '/logs/DPW/logs/config_data__dsso-ucc-webseald-CNDAFXCSAPZP33.log'
    2013-10-03-11:12:17.931+05:30I----- 0x38CF0969 webseald WARNING wwa spnego authn-spnego.cpp 303 0x00000001
    DPWWA2409W   Reverse lookup for host 'easyaccessucc' returned an alternate host name 'easyaccessucc.AIRTELUCC.COM'.  This might prevent SPNEGO authentication fr
    om functioning properly.
    2013-10-03-11:12:58.057+05:30I----- 0x30923082 webseald ERROR bst general amstli.c 2191 0x00000001
    HPDST0130E   The security service function gss_acquire_cred returned the error 'Miscellaneous failure' (code 0x000d0000/851968).
    2013-10-03-11:12:58.057+05:30I----- 0x30923082 webseald ERROR bst general amstli.c 2209 0x00000001
    HPDST0130E   The security service function gss_acquire_cred returned the error 'No principal in keytab matches desired name' (code 0x1cff2901/486484225).
    2013-10-03-11:12:58.058+05:30I----- 0x13212064 webseald ERROR ias general ivpam.c 613 0x00000001
    HPDIA0100E   An internal error has occurred.
    2013-10-03-11:12:58.058+05:30I----- 0x13212064 webseald WARNING ias general pdauthn.cpp 1800 0x00000001
    HPDIA0100E   An internal error has occurred.
    2013-10-03-11:12:58.058+05:30I----- 0x38CF096A webseald ERROR wwa spnego authn-spnego.cpp 383 0x00000001
    DPWWA2410E   Initialization of Kerberos authentication for server principal 'HTTP@easyaccessucc' failed.
    2013-10-03-11:12:58.064+05:30I----- 0x38AD50A4 webseald WARNING wiv general IVServer.cpp 1034 0x00000001
    DPWIV0164W   Could not start background process
    ~
     

  • RanjithKoppu
    RanjithKoppu
    5 Posts

    Re: WebSEAL, SPNEGO and keytab problem

    ‏2014-12-29T22:19:57Z  
    • pkh
    • ‏2013-10-03T07:18:24Z

    Dear All,

    I am facing the same issue while enabling SPNEGO with TAM 6.0 WebSEAL. I would really appreciate if anybody can suggest a solution here

     

    2013-10-03-11:10:57.649+05:30I----- 0x38CF0156 webseald WARNING wwa server config.cpp 1936 0x00000001
    DPWWA0342W   The configuration data for this WebSEAL instance has been logged in '/logs/DPW/logs/config_data__dsso-ucc-webseald-CNDAFXCSAPZP33.log'
    2013-10-03-11:12:17.931+05:30I----- 0x38CF0969 webseald WARNING wwa spnego authn-spnego.cpp 303 0x00000001
    DPWWA2409W   Reverse lookup for host 'easyaccessucc' returned an alternate host name 'easyaccessucc.AIRTELUCC.COM'.  This might prevent SPNEGO authentication fr
    om functioning properly.
    2013-10-03-11:12:58.057+05:30I----- 0x30923082 webseald ERROR bst general amstli.c 2191 0x00000001
    HPDST0130E   The security service function gss_acquire_cred returned the error 'Miscellaneous failure' (code 0x000d0000/851968).
    2013-10-03-11:12:58.057+05:30I----- 0x30923082 webseald ERROR bst general amstli.c 2209 0x00000001
    HPDST0130E   The security service function gss_acquire_cred returned the error 'No principal in keytab matches desired name' (code 0x1cff2901/486484225).
    2013-10-03-11:12:58.058+05:30I----- 0x13212064 webseald ERROR ias general ivpam.c 613 0x00000001
    HPDIA0100E   An internal error has occurred.
    2013-10-03-11:12:58.058+05:30I----- 0x13212064 webseald WARNING ias general pdauthn.cpp 1800 0x00000001
    HPDIA0100E   An internal error has occurred.
    2013-10-03-11:12:58.058+05:30I----- 0x38CF096A webseald ERROR wwa spnego authn-spnego.cpp 383 0x00000001
    DPWWA2410E   Initialization of Kerberos authentication for server principal 'HTTP@easyaccessucc' failed.
    2013-10-03-11:12:58.064+05:30I----- 0x38AD50A4 webseald WARNING wiv general IVServer.cpp 1034 0x00000001
    DPWIV0164W   Could not start background process
    ~
     

    Hello,

    I also have a similar problem due to which my production environment is down. Can any one please suggest me with a resolution ?

    Regards,

    RK