Intermittent 5xx errors using GSSAPI for console authentication
Issue
-
In our AWS infrastructure we have two broker nodes hiding behind a loadbalancer. We are using HTTPD with mod_auth_kerb for authentication. Here's our current configuration [0]. Originally we had KrbNegotiate enabled (highlighted line in pastebin), this would allows ones' kerberos ticket to pass through to the brokers via their web browser (if configured with delegation to @REDHAT.COM).
-
The console logs showed something telling: httpd errors related to gss_
calls (as in GSSAPI).
[Wed Jun 19 22:35:11 2013] [error] [client 127.0.0.1] gss_display_name() failed: A required input parameter could not be read: An invalid name was supplied (, Unknown error)
Environment
- OpenShift Enterprise 1.1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.