kerberos service (httpd using mod_auth_kerb) in DMZ

Achim Grolms kerberosml at grolmsnet.de
Mon Nov 14 16:21:33 EST 2005


On Monday 14 November 2005 21:44, FM wrote:
> Thank you, I'll use HTTP as service name
> there a PXI firewall but for now all ports are open from the server to
> kerberos server and there is non nat.

OK, I asked for HTTP-protocol-level proxies.

> Do I also need a princ host/... ? For now I just have the HTTP/

You only need the HTTP/ principal.
Have you used

kvno + klist -e

"To verify if keytype, kvno and principalname match
each other on clientside and in keytabfile."

as described in my first email?

Have you added the
.dmz.lexum.pri KERBEROS.DOMAIN

entry as described in my first email?


More information about the Kerberos mailing list