Kerberos with Apache not working

I'm currently trying to configure Kerberos on our Apache and unfortunately I can't get any further. The website (Typo3) on the apache is accessed internally and externally with sub.domain.com The local domain is intern.local

I created the keytab file like this:

ktpass -princ HTTP/[email protected] -mapuser [email protected] -pass P@55w0rd -crypto ALL -ptype KRB5_NT_PRINCIPAL -out C:\temp\kerbkey.keytab

The krb5.conf file looks like this:

[libdefaults]
        default_realm = INTERN.LOCAL

        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true

[realms]
        INTERN.LOCAL = {
                kdc = dc01.intern.local
                admin_server = dc01.intern.local
                default_domain = intern.local
        }

[domain_realm]
        .sub.domain.com = INTERN.LOCAL
        sub.domain.com = INTERN.LOCAL
        intern.local = INTERN.LOCAL
        .intern.local = INTERN.LOCAL

the Apache vhost looks like this:

<VirtualHost *:443>
    ServerName sub.domain.com
    ServerAdmin [email protected]
    DocumentRoot /var/www/page

    <Directory /var/www/page>
     AllowOverride All
    </Directory>

    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/wildcart-zert.crt
    SSLCertificateKeyFile /etc/apache2/ssl/wildcart-key.key

<IfModule !mod_auth_gssapi.c>
    LoadModule auth_kerb_module /usr/lib/apache2/modules/mod_auth_gssapi.so
</IfModule>

LimitRequestFieldSize 32768
  <Location "/">
 AuthName [email protected]
 AuthType GSSAPI
 GssapiBasicAuth On
 GssapiCredStore keytab:/etc/apache2/krb5/kerbkey.keytab
 Require valid-user
  </Location>

    ErrorLog ${APACHE_LOG_DIR}/page-ssl_error.log
    CustomLog ${APACHE_LOG_DIR}/page-ssl_access.log combined
</VirtualHost>

The problem now is, if I activate the vhost config like this, then when I call up the page https://sub.domain.com, I always get a browser popup to enter the username and password. And no matter what I type here, I can't get to the web page and just get the error:

Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

Apache/2.4.41 (Ubuntu) Server at sub.domain.com Port 443

apache error log show this entries:

[auth_gssapi:error] [pid 1632875] [client x.x.x.x:65394] GSS ERROR In Negotiate Auth: gss_accept_sec_context() failed: [An unsupported mechanism was requested (Unknown error)]

Chrome browser need the url to be in the local internet list: control panel->ineternet options->security->local internet->Sites.

As you didn't say anything about browser, hope it could help you

apache error log show this entries:

wrong login credential:

[auth_gssapi:error] [pid 945597] [client x.x.x.x:60415] GSS ERROR In Basic Auth: gss_acquire_cred_with_password() failed: [Unspecified GSS failure.  Minor code may provide more information (Preauthentication failed)]

correct login credential:

[auth_gssapi:error] [pid 945593] [client x.x.x.x:63197] GSS ERROR gss_init_sec_context(): [Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)]