We're running CA Access Gateway (SPS), and when our browser reach the Kerberos Authentication Scheme, the Agent cannot authenticate the user because it cannot get the token for [email protected] :
Failed to create delegated GSSAPI token on behalf of HTTP/[email protected] for [email protected]: Minor Status=100005, Major tatus=851968, Message=Unknown code FF 165
How can we solve this issue?
The issue was caused as user was accessing kerberos authentication using a virtual host, which is defined on a domain (.myotherdomain.local) different of the kerberos domain (.internal.local). The kerberos domain requested should match the one defined in the krb5.ini file.
In order to solve this issue you have to define and use the kerberos authentication on the same domain (.internal.local) as defined in the krb5.ini file.