apache virtual hosts and keytabs
Thomas LaPorte
thomas.laporte at dreamworks.com
Mon Sep 27 10:36:03 EDT 2010
What we ended up doing was creating virtual IP addresses for each
virtual host. It was the only way we could get it to work correctly
because, as I recall, it was the only way to get the server to reply
with the same hostname as that which the client had requested.
This was our experience, though bear in mind that we initially did
this setup several years ago, so things *may* have changed.
- Tom
Thomas A. La Porte
DreamWorks Animation
On Sep 27, 2010, at 6:58 AM, Nikolay Shopik <shopik at inblock.ru> wrote:
> Hi,
>
> I wounder how correctly generate keytabs for virtual hosts in Apache?
> From what I read, most cases suggest create keytab for HTTP/hostname
> where is hostname is actual hostname of machine not virtual hostname.
> Error logs show these messages:
> gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
> may provide more information (, )
>
> I've tried to generate keytab for virtual hostname only, this is of
> course not work.
> gss_acquire_cred() failed: Unspecified GSS failure. Minor code may
> provide more information (, Key table entry not found)
> if I change hostname to match virtualhost everything start working just
> fine.
>
> So what configuration I need to make virtual hosts to work with Kerberos?
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list