Principal for Apache httpd vhost

Richard E. Silverman res at
Mon May 11 14:34:05 EDT 2009

>>>>> "Frank" == Frank Gruellich <frank.gruellich at> writes:

    Frank> Hi, I have a Linux server which is named goofy (as in the
    Frank> output of hostname command) with full qualified hostname
    Frank> (as indicated by hostname -f on the server
    Frank> itself).  DNS has an A record pointing from
    Frank> to, including reverse lookup (dig confirms this,
    Frank> even at other machines).  This server runs an Apache httpd with
    Frank> several vhosts configured, one of them  This
    Frank> is configured to use mod_auth_kerb for authentication.  A CNAME
    Frank> is pointing to

    Frank> Which principal do I add to the KDC database and export to
    Frank> mod_auth_kerb's keytab?  Howtos suggest to use the full
    Frank> qualified hostname, eg. HTTP/ at EXAMPLE.COM.
    Frank> However, browsers have different opinions about that.
    Frank> Firefox/Seamonkey (I guess all Gecko based browsers) on Linux
    Frank> use HTTP/ at EXAMPLE.COM.  Safari on Apples Mac
    Frank> OSX requests HTTP/ at EXAMPLE.COM from KDC.
    Frank> Firefox on Mac OSX behaves like the Linux version.  I don't
    Frank> have more browsers available right now, but I will test others.

    Frank> What is the correct behavior and configuration?  Thanks for
    Frank> your help.

try setting dns_fallback=yes in /Library/Preferences/

    Frank> Kind regards, -- Navteq (DE) GmbH Frank Gruellich Map24 Systems
    Frank> and Networks

    Frank> Duesseldorfer Strasse 40a 65760 Eschborn Germany

    Frank> Phone: +49 6196 77756-414 Fax: +49 6196 77756-100

    Frank> USt-ID-No.: DE 197947163 Managing Directors: Thomas Golob,
    Frank> Alexander Wiegand, Hans Pieter Gieszen, Martin Robert Stockman

  Richard Silverman
  res at

More information about the Kerberos mailing list