Principal for Apache httpd vhost
Richard E. Silverman
res at qoxp.net
Mon May 11 14:34:05 EDT 2009
>>>>> "Frank" == Frank Gruellich <frank.gruellich at navteq.com> writes:
Frank> Hi, I have a Linux server which is named goofy (as in the
Frank> output of hostname command) with full qualified hostname
Frank> goofy.example.com (as indicated by hostname -f on the server
Frank> itself). DNS has an A record pointing from goofy.example.com
Frank> to 191.168.0.123, including reverse lookup (dig confirms this,
Frank> even at other machines). This server runs an Apache httpd with
Frank> several vhosts configured, one of them www.example.com. This
Frank> is configured to use mod_auth_kerb for authentication. A CNAME
Frank> www.example.com is pointing to goofy.example.com.
Frank> Which principal do I add to the KDC database and export to
Frank> mod_auth_kerb's keytab? Howtos suggest to use the full
Frank> qualified hostname, eg. HTTP/goofy.example.com at EXAMPLE.COM.
Frank> However, browsers have different opinions about that.
Frank> Firefox/Seamonkey (I guess all Gecko based browsers) on Linux
Frank> use HTTP/goofy.example.com at EXAMPLE.COM. Safari on Apples Mac
Frank> OSX requests HTTP/www.example.com at EXAMPLE.COM from KDC.
Frank> Firefox on Mac OSX behaves like the Linux version. I don't
Frank> have more browsers available right now, but I will test others.
Frank> What is the correct behavior and configuration? Thanks for
Frank> your help.
try setting dns_fallback=yes in /Library/Preferences/edu.mit.Kerberos
Frank> Kind regards, -- Navteq (DE) GmbH Frank Gruellich Map24 Systems
Frank> and Networks
Frank> Duesseldorfer Strasse 40a 65760 Eschborn Germany
Frank> Phone: +49 6196 77756-414 Fax: +49 6196 77756-100
Frank> USt-ID-No.: DE 197947163 Managing Directors: Thomas Golob,
Frank> Alexander Wiegand, Hans Pieter Gieszen, Martin Robert Stockman
--
Richard Silverman
res at qoxp.net
More information about the Kerberos
mailing list