kerberos service (httpd using mod_auth_kerb) in DMZ
Achim Grolms
kerberosml at grolmsnet.de
Mon Nov 14 16:21:33 EST 2005
On Monday 14 November 2005 21:44, FM wrote:
> Thank you, I'll use HTTP as service name
> there a PXI firewall but for now all ports are open from the server to
> kerberos server and there is non nat.
OK, I asked for HTTP-protocol-level proxies.
> Do I also need a princ host/... ? For now I just have the HTTP/
You only need the HTTP/ principal.
Have you used
kvno + klist -e
"To verify if keytype, kvno and principalname match
each other on clientside and in keytabfile."
as described in my first email?
Have you added the
.dmz.lexum.pri KERBEROS.DOMAIN
entry as described in my first email?
More information about the Kerberos
mailing list