libapache2-mod-auth-kerb and multi-homed hosts
Jaap Winius
jwinius at umrk.nl
Tue Aug 12 10:20:08 EDT 2014
Hi folks,
My site has a number of multi-homed Apache web servers for which I can't
get Kerberos authentication to work properly.
Until recently, using ssh with Kerberos authentication to connect to
these same hosts was also a problem, until I set GSSAPIStrictAcceptorCheck
to 'off' in sshd_config and added lots of host keys to the system keytab
to match the reverse lookup names of the machine's various interfaces.
Can the same thing somehow be achieved with libapache2-mod-auth-kerb
v5.4-2 (for Debian wheezy), or should I submit a feature-request?
Right now my configuration looks like:
AuthType Kerberos
KrbAuthRealms EXAMPLE.COM
KrbServiceName Any
Krb5Keytab /etc/apache2/krb5-apache.keytab
KrbLocalUserMapping On
AuthName "Example login"
Like with the ssh solution, I've added http keys to this keytab to match
all of the machine's interfaces, but in this case the result is still
negative.
Any ideas?
Thanks,
Jaap
More information about the Kerberos
mailing list