[31028] in Kerberos
Principal for Apache httpd vhost
daemon@ATHENA.MIT.EDU (Frank Gruellich)
Tue Apr 28 13:07:16 2009
Message-ID: <49F73708.5080004@navteq.com>
Date: Tue, 28 Apr 2009 19:04:08 +0200
From: Frank Gruellich <frank.gruellich@navteq.com>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="===============0143572270=="
Errors-To: kerberos-bounces@mit.edu
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============0143572270==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="------------enig25ED0B128CAA6A9200EC69C6"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig25ED0B128CAA6A9200EC69C6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Hi,
I have a Linux server which is named goofy (as in the output of hostname
command) with full qualified hostname goofy.example.com (as indicated by
hostname -f on the server itself). DNS has an A record pointing from
goofy.example.com to 191.168.0.123, including reverse lookup (dig
confirms this, even at other machines). This server runs an Apache
httpd with several vhosts configured, one of them www.example.com. This
is configured to use mod_auth_kerb for authentication. A CNAME
www.example.com is pointing to goofy.example.com.
Which principal do I add to the KDC database and export to
mod_auth_kerb's keytab? Howtos suggest to use the full qualified
hostname, eg. HTTP/goofy.example.com@EXAMPLE.COM. However, browsers
have different opinions about that. Firefox/Seamonkey (I guess all
Gecko based browsers) on Linux use HTTP/goofy.example.com@EXAMPLE.COM.
Safari on Apples Mac OSX requests HTTP/www.example.com@EXAMPLE.COM from
KDC. Firefox on Mac OSX behaves like the Linux version. I don't have
more browsers available right now, but I will test others.
What is the correct behavior and configuration? Thanks for your help.
Kind regards,
--=20
Navteq (DE) GmbH
Frank Gruellich
Map24 Systems and Networks
Duesseldorfer Strasse 40a
65760 Eschborn
Germany
Phone: +49 6196 77756-414
Fax: +49 6196 77756-100
USt-ID-No.: DE 197947163
Managing Directors: Thomas Golob, Alexander Wiegand,
Hans Pieter Gieszen, Martin Robert Stockman
--------------enig25ED0B128CAA6A9200EC69C6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkn3NwsACgkQ4xUL4cIn5BbQBwCfffcyI98vqLZkxoTeKvMUwnuL
HLkAmwTLA15CvBumEeBTw/C+14FEAGTM
=MlDZ
-----END PGP SIGNATURE-----
--------------enig25ED0B128CAA6A9200EC69C6--
--===============0143572270==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0143572270==--
