kerberos service (httpd using mod_auth_kerb) in DMZ

Mon Nov 14 12:48:08 EST 2005

Hello,

I'm trying to use mod_auth_kerb to authenticate users with kerberos. But 
when I try to authenticat myself http error_log show :
[error] [client 192.168.4.171] krb5_verify_init_creds() failed: Key 
table entry not found

I already use mod_ath_kerb with success bun only from LAN to LAN (same 
setup), now I'd like to move this server to the DMZ

My network :
LAN : 192.168.4.x/24 (DNS = lan.pri)
DMZ : 192.168.3.x/24 (DNS=dmz.pri)

Kerberos is in my LAN : kerberos.lan.pri
http server is in the DMZ : nagios.dmz.pri

In Kerberos I created : http/nagios.dmz.lexum.pri and exported to a keytab.

httpd config :
      AuthName        "Nagios Kerberos Login"
      KrbAuthRealms   KERBEROS.DOMAIN
      Krb5Keytab      "/etc/httpd/conf/httpd.keytab"
      AuthGroupFile   "/etc/httpd/conf/auth-nagios"
      require         valid-user
      KrbServiceName  "http"

krb5.conf :
[realms]
 KERBEROS.DOMAIN = {
  kdc = kerberos.lan.pri:88
  admin_server = kerberos.lan.pri:749
  default_domain = kerberos.domain
 }

[domain_realm]
.lan.pri = KERBEROS.DOMAIN
 lan.pri  = KERBEROS.DOMAIN
 .dmz.pri = KERBEROS.DOMAIN
 dmz.pri  = KERBEROS.DOMAIN

thanks !!