apache virtual hosts and keytabs
Russ Allbery
rra at stanford.edu
Thu Sep 30 03:43:44 EDT 2010
Nikolay Shopik <shopik at inblock.ru> writes:
> On 30.09.2010 1:23, Russ Allbery wrote:
>> In practice, you need to add HTTP/* principals for both names to the
>> Apache keytab if they differ, and then configure mod_auth_kerb to
>> accept any credential that's available in the keytab. Last time we did
>> testing, Firefox did one thing and IE did the opposite thing, so you'll
>> have substantial numbers of users in both camps.
> So if my hostname is machine.example.com and virtual hostname
> virtual.example.com I have to add both in keytab?
Yup.
> I did try that didn't help me either.
Works for us. Be sure that you've set KrbServiceName to any in the
mod_auth_kerb configuration (and you're using a new enough mod_auth_kerb
that this is supported).
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list