[solved] Using Apache with mod_auth_kerb
rra at stanford.edu
Tue Dec 2 19:20:50 EST 2008
Ansgar Burchardt <ansgar at 2008.43-1.org> writes:
> I have found the problem: Firefox seems to require that the Kerberos
> service principal matches the domain name entered in the address bar,
> while Konqueror was satisfied with the service principal matching the
> host name of the server.
> I added another service principal "HTTP/www.example.com" (only had
> "HTTP/server.example.com" before) and put "KrbServiceName Any" in the
> Apache configuration and everything works now.
Yeah, common problem (and why KrbServiceName any is there).
> The krb5.conf only has the default_realm, all other options can be
> obtained via DNS here. This makes using Kerberos from home much easier
> to set up.
Note that domain to realm mappings via TXT records aren't enabled by
default for MIT Kerberos because it has security implications.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos