Kerberos and Apache Virtual Hosted Websites
Scott Moseman
scmoseman at gmail.com
Fri Jan 14 12:33:12 EST 2005
Host and Http keytabs created on the Windows server.
The keytabs moved to the Red Hat machine and imported
into the /etc/krb5.keytab file.
"klist -ke /etc/krb5.keytab" reports these 2 keytabs:
3 host/host.domain.com at DOMAIN.COM (DES cbc mode with RSA-MD5)
3 HTTP/vhost.domain.com at DOMAIN.COM (DES cbc mode with RSA-MD5)
kinit on both the Host and Http keytabs work just fine.
Setup an Apache website to authenticate using the HTTP.
Here is the htaccess file for the website:
AuthType Kerberos
KrbAuthRealms DOMAIN.COM
Krb5Keytab /usr/local/apache/conf/http.keytab
KrbMethodNegotiate on
KrbMethodK5Passwd on
require valid-user
When I attempt to access the website, vhost.domain.com,
I get this error message in the Apache error logs:
gss_acquire_cred() failed: Miscellaneous failure
(No principal in keytab matches desired name)
How can I further trouble shoot this Kerberos problem?
When I use kerbtray on my PC, it shows the correct name
for the Kerberos ticket (vhost.domain.com). Any help?
Thanks,
Scott
More information about the Kerberos
mailing list