While trying to set up authentication with mod_auth_vas, we are seeing the following error:
[mod_auth_vas] do_gss_spnego_accept: VAS_ERR_INTERNAL: Internal error\n First call to gss_accept_sec_context() failed, minor_status = 0, result = 589824, display_status = "A token was invalid", Mechanism-Specific error text: "unknown mech-code 0 for mech unknown"
To correct the issue, an entry for the correct address the site is being accessed by needs to be added to the HTTP keytab (e.g. /etc/opt/quest/vas/HTTP.keytab). Also, the service account in AD needs an SPN to match. If the system is load balanced, there should be a shared account that represents the load balanced environment and the SPN can be added there.
---
MAV and all One Identity open source projects are supported through One Identity GitHub issues and the One Identity Community. For assistance with any One Identity GitHub project, please raise a new Issue on the One Identity GitHub project page. You may also visit the One Identity Community to ask questions. Requests for assistance made through official One Identity Support will be referred back to GitHub and the One Identity Community forums where those requests can benefit all users.
Main MAV GitHub page:
https://github.com/OneIdentity/mod_auth_vas
Latest MAV Packages:
https://github.com/OneIdentity/mod_auth_vas/releases
Open a MAV Issue:
https://github.com/OneIdentity/mod_auth_vas/issues
MAV Wiki:
https://github.com/OneIdentity/mod_auth_vas/wiki
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center