apache virtual hosts and keytabs

Thomas LaPorte thomas.laporte at dreamworks.com
Mon Sep 27 10:36:03 EDT 2010


What we ended up doing was creating virtual IP addresses for each
virtual host. It was the only way we could get it to work correctly
because, as I recall, it was the only way to get the server to reply
with the same hostname as that which the client had requested.

This was our experience, though bear in mind that we initially did
this setup several years ago, so things *may* have changed.

- Tom

Thomas A. La Porte
DreamWorks Animation

On Sep 27, 2010, at 6:58 AM, Nikolay Shopik <shopik at inblock.ru> wrote:

> Hi,
>
> I wounder how correctly generate keytabs for virtual hosts in Apache?
> From what I read, most cases suggest create keytab for HTTP/hostname
> where is hostname is actual hostname of machine not virtual hostname.
> Error logs show these messages:
> gss_accept_sec_context() failed: Unspecified GSS failure.  Minor code
> may provide more information (, )
>
> I've tried to generate keytab for virtual hostname only, this is of
> course not work.
> gss_acquire_cred() failed: Unspecified GSS failure.  Minor code may
> provide more information (, Key table entry not found)
> if I change hostname to match virtualhost everything start working just
> fine.
>
> So what configuration I need to make virtual hosts to work with Kerberos?
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos



More information about the Kerberos mailing list